Help - Search - Members
Full Version: hijacked email address
Kaspersky Lab Forum > English User Forum > Virus-related issues
rhudston
Jan 22 / 11

Hi,

I'm not used to having computer problems so please excuse my lack of knowledge, but I got an email from my own email address advertising viagra from some doctorx site with a .ru extension. I called my email provider and changed my address, but that will be a total pain because there are a lot of people who have my address and I don't want to spend an eternity trying to notify them all (especially all the places that send e-statements and such). I'd like to revert to my old email address as soon as possible (a quick check on email address hijacking seemed to indicate that my address probably won't be used for long, and I suspect it will be used for even a shorter time now that I have disabled it), but I really don't know how my address was hijacked and what I should really be doing about it or preventing it from happening again. My Kaspersky account is up to date and a recent full scan showed nothing malicious, but maybe there is a setting I should be using to prevent these kind of problems (?).

Many thanks,
Randy
Lucian Bara
hello
You should not worry. Email display addresses can be forged to make the mail look as if it originated from your account. There's even an how to do on wiki-how ( http://www.wikihow.com/Forge-Email )

I get tons of such spam mail, if you look at the mail headers you should see that it doesn't come from your email provider's smtp server, but in fact from some strange domain.
To view the header of a mail right click in the email list and select view header, there should be a field like:

Received: from [xx.xxx.xx.xx] (<some name> [xx.xx.xx.xx])
rhudston
Jan 22 / 11

Interesting - many thanks for your reply. Here's what popped up under the headers (I blanked out my hijacked user name in my email address). Can I assume that there really wouldn't be any problem with going back to my old address in a couple of days? I don't suppose there is some simple way of getting some revenge?

Randy


Return-Path: <**********@ns.sympatico.ca>
Received: from torspm05.toronto.rmgopenwave.com ([190.235.55.25]) by tormta03.toronto.rmgopenwave.com (InterMail vM.8.00.01.00 201-2244-105-20090324) with ESMTP id <20110121150043.BFKY18007.tormta03.toronto.rmgopenwave.com@torspm05.toronto.rm
gopenwave.com> for <**********@ns.sympatico.ca>; Fri, 21 Jan 2011 10:00:43 -0500
Received: from [190.235.55.25] by torspm05.toronto.rmgopenwave.com with ESMTP id <20110121150043.KHLA18662.torspm05.toronto.rmgopenwave.com@[190.235.55.25]> for <**********@ns.sympatico.ca>; Fri, 21 Jan 2011 10:00:43 -0500
Received: from CAFETERIA (localhost [127.0.0.1]) by CAFETERIA (8.13.4/8.13.4) with SMTP id 907Ae00c4e2383a for <**********@ns.sympatico.ca>; Fri, 21 Jan 2011 09:57:43 -0500 (envelope-from **********@ns.sympatico.ca)
Message-ID: <2011121957.AE0BDAE370FB1BCE82DC3@CAFETERIA>
Subject: Hey **********
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.