Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

I have a hacker I can't get rid of

Oct 3, 2013 1:24AM PDT

S/he sent out a lot of emails in my name on my Outlook email account. I changed my password but today the hacker is at it again. Seems to be drawing from my file of sent and/or received emails plus contacts, since there are names in the "delivery failure" returns I'm getting that are not in my contact list and there are some that are.

Any suggestions?!? Thanks.

Discussion is locked

- Collapse -
Answer
Hacker
Oct 3, 2013 1:29AM PDT

More info might help, OS, system type, what security software onboard, hook up, server etc.

- Collapse -
Answer
They're likely not hackers
Oct 3, 2013 1:38AM PDT

What happens in these circumstances is that some spammer gets hold of your email address. Then they send out their spam with the "From" field changed to look like it came from you. How does this happen? Any time you forward jokes to a lot of folks or post your email info in a public place, sooner or later it will get into the hands of these sleaze artists.

- Collapse -
(NT) any way to get rid of them?
Oct 3, 2013 1:45AM PDT
- Collapse -
also, just remembered
Oct 3, 2013 1:50AM PDT

When I logged into my outlook account after the spamming had first happened, outlook said that my account had been accessed and asked me to set a new password. Could this happen in the scenario you're describing?

- Collapse -
I also would like to know of any ways to get rid of them
Oct 3, 2013 4:25AM PDT

I'm having the same issue, on a somewhat smaller scale, but I'd like to put an end to it before it gets worse.
In my case, I am apparently sending myself links to non-existent web sites, and a friend who often forwards jokes, articles, etc, has the same problem.

Me: WinXP-SP3, Gmail, Avast antivirus; Friend: Win7 (updates unknown), Comcast email, (antimalware unknown but present)

At the moment this seems to be more an annoyance than a threat, but I don't like to have anything in my pc that doesn't belong there, and it's always possible that this could open the door to other types of attack.

- Collapse -
Re: mails
Oct 3, 2013 4:41AM PDT

The first question: is it really in your PC? Or is it from somewhere else?

A fine and certain way to test that is to turn off your PC for a month or so (use another PC or laptop in the mean time). But it might be easier to have a look at the e-mail headers that track the travel of the mail through cyberspace. They are accessible in common pop3-clients like Thunderbird (I don't know if the web-interface to gmail has that option also, but you can use Thunderbird with "leave mails on server" set to receive a copy).

Kees

- Collapse -
Re: mails - New! - @Kees_B
Oct 3, 2013 3:33PM PDT

I didn't think that Gmail had the option to display headers, but I poked around and found that clicking the little triangle on the "reply" tab of an open email brings a drop-down menu, among whose choices is the entry: "show original". Turns out that's Google-speak for "show header" :o)
So far it appears that my spammy messages originate from, or are somehow connected with, a South African e-commerce site dealing in the ubiquitous "shopping carts" we use when making online purchases.

There is a link in these spam mails that "I" am supposedly sending (to myself), but Avast antivir efficiently blocks me from visiting the link site, so I have no idea what it might be. I of course have the option to ignore Avast's warning and visit anyway, but I've not been that curious, nor do I intend to be.

So far my spam attack seems fairly innocuous, hardly deserving of the word "attack" it's effect seems to be so mild, and from what I can see in the header it seems not to be broadcasting to all my contacts, but just sending from myself to myself. To what purpose, I wonder?

- Collapse -
Answer
Change your password immediately
Oct 3, 2013 1:15PM PDT

Had that happen to me and also have had emails that looked like came from someone in my address book but when looked at the "FROM" the ( ) showed it was a hacker. I was told to change my password to a stronger one, something that had lower case and caps and numbers and symbols. I know of some one who changes hers every month. I believe either you opened something that had the "hack" in it or someone in your address book did and passed it along. I mean, I can't guess the lottery number so how does someone "guess" my password?! I know there are programs that can be run that simple try a gazillion combinations of letters, numbers, etc until it gets it.

- Collapse -
change pwd
Oct 4, 2013 9:55AM PDT

this should be done regularly.
hackers can get your list of friends fairly easy - happens a lot. thats how you get a lot
of advertisements .
I sometimes keep the
cpu usage meter running and moved down to the lower right so if I am doing something
else I can see if there is system checks (just a spike) or actual run use (multi connected spikes)
and if so I just unplug the internet wire LOL. wait a while and its not there anymore.

- Collapse -
Answer
Report him to your ISP!
Oct 4, 2013 11:30AM PDT

Report him to your ISP, then ask them what steps you can take to protect yourself from him in the future. I trust you have a good antivirus, and antimalware program. Also make sure you have a good firewall to keep him at bay. Hope this helps.

Regards,
TMV

- Collapse -
Answer
Simple
Oct 4, 2013 3:47PM PDT

If they've been able to read your e-mails, then either they have your login details and password, or they have access to your computer.

If you change your e-mail password entirely and they are still sending messages, AND they send messages to any new contacts (for instance, if you create a new e-mail account on Hotmail and use it to send yourself a message, does the spammer start sending e-mails to the Hotmail account), then they have access to your computer and there are only two ways of getting rid of them:

1. Erase the hard disk and reinstall Windows
2. Stop using Windows and use Linux instead - you won't have to erase the hard disk, as long as you stop booting into Windows.

- Collapse -
Answer
Probably not from your Outlook account
Oct 4, 2013 11:26PM PDT

This sounds more like from address spoofing than an intrusion. It is comparatively easy to change the apparent from address while sending emails from some kind of spam server or botnet. As others have suggested, you can sometimes track this back to point of origin. In this case, it doesn't make a whole lot of difference what you do, all (s)he is doing is insert a character string into the from field in the email message - (s)he can still do this even if you delete your email address from your ISP or whoever hosts your email. What will happen is the emails will still be sent but anyone who responds will get a delivery failure.

But if, as you suggest, the spammer really does have access to your account, then the only thing you can do to stop it is have your address deleted and set up a new one. Changing the password can make it harder but if the spammer is determined enough (s)he will crack your new one sooner of later - after all, (s)he cracked two already!

When you say you use Outlook, is that the Outlook as part of Microsoft Office or Outlook.com (nee Hotmail). Webmail, like Outlook.com, Hotmail, Gmail, Yahoo, etc are somewhat easier to hack. If you are using the Office Outlook, is that off an Exchange Server or just as a client to a webmail or an ISP mail service? If it's to a webmail service, that's the same as Outlook.com. Otherwise, you should talk to your Exchange administrator or your ISP to discuss your options. Changing your email address will almost certainly be part of it.

The spammer is probably picking up your contacts from intercepted messages but if (s)he does have access to your address book, you should protect it with a password and consider encrypting it to prevent further access.

- Collapse -
Answer
Hacker? Maybe, but...
Oct 5, 2013 12:23AM PDT

It is possible that your own machine has been hacked and is being used as a "zombie" or installed a keylogger on your computer, which would record any password change you would make. From the symptoms you describe, this seems unlikely, but you might want to look into ways to fix this problem if you seriously suspect it. Rootkit detectors (many are available as freeware) can detect these but removal can be very complicated.

It is also possible that someone to whom you send mail has had his or her machine hacked, and it is using their machine to send these out with your address (and other stored addresses), gleaned from their email client, spoofing the "From:" field. They may be the zombie, not you.

A more probable source is that someone has broken into your Outlook account, but again this seems unlikely because your password change should have stopped it.

The most likely scenario -- by FAR the most likely scenario -- is that some spammer has gotten hold of your email address and is using an automated program to send out spam with your email address replacing the real sender's address in the "From:" field in the message headers. This is called "spoofing" and any reasonably knowledgeable kid can do it, at least if he or she is such a rat-faced little brat that he would. Very bad guys actually market spamming clients to do it -- these vendors and programmers should be strung up by their thumbs.

You can tell what the real point of origin is by viewing the full headers in email apparently received from you that you did not actually send. It will show you the various servers the piece of mail passed through between the sender and the recipient. If these differ significantly from those used by your REAL sent mail, then it's spoofing. If not, then they have broken into your account.