My mom's email got hacked. What do?
November 12, 2015 10:43 AM Subscribe
In September, my mom's email account sent out a bunch of spam to her address book. She sent out a "disregard that", changed her password, and we thought it was done.
Then a couple of days ago it happened again. She is stressed out and I'm supposed to be the techy one in this family, so what do I tell her?
Mom found out the second time because a bunch of the messages bounced back into her inbox. I got her to check and there isn't anything in her sent mail folder, or any logins from locations that are abnormal. As well, I checked the headers of the email I received (that gmail's spam filter caught) and it looks rather fishy: its coming from a different domain than normal, and has a "Received-SPF: permerror" line. This is about the extent of my knowledge of email security.
My mom is pretty tech/security aware and isn't inclined towards downloading or clicking strange links but probably has password hygiene that's about as bad as most people (in the sense of using the same password forever/for everything), and is probably at least a little bit vulnerable to a sophisticated phishing attack (hell, I think I am probably vulnerable to a sophisticated phishing attack). She logs into this account from her windows (8? I think?) laptop (up to date and regularly scanned with AVG), her android tablet (not sure of the model) and her work-supplied blackberry.
The email account in question is a Bell Sympatico (the ISP) email address. I think right now this goes through msn email on the web but I think she also uses outlook. She is not inclined towards switching to gmail or another provider.
Here are my specific questions:
1. The second set of emails presumably isn't actually coming from her account, instead it's being spoofed, right?
2. But her email would have to have to have been compromised at least once to get her address book, right?
3. What do I tell her to do, technology wise? Is there anything she can do at this point? What about the tablet and cell phone?
4. She is very embarrassed that this happened and thinks that everyone is going to be judging her. I told her that this happens all the time and no one thinks much of it (at least I don't) but the spam is going out to people who are less technically aware (like, my grandparents) and they are sending her concerned emails.
Mom found out the second time because a bunch of the messages bounced back into her inbox. I got her to check and there isn't anything in her sent mail folder, or any logins from locations that are abnormal. As well, I checked the headers of the email I received (that gmail's spam filter caught) and it looks rather fishy: its coming from a different domain than normal, and has a "Received-SPF: permerror" line. This is about the extent of my knowledge of email security.
My mom is pretty tech/security aware and isn't inclined towards downloading or clicking strange links but probably has password hygiene that's about as bad as most people (in the sense of using the same password forever/for everything), and is probably at least a little bit vulnerable to a sophisticated phishing attack (hell, I think I am probably vulnerable to a sophisticated phishing attack). She logs into this account from her windows (8? I think?) laptop (up to date and regularly scanned with AVG), her android tablet (not sure of the model) and her work-supplied blackberry.
The email account in question is a Bell Sympatico (the ISP) email address. I think right now this goes through msn email on the web but I think she also uses outlook. She is not inclined towards switching to gmail or another provider.
Here are my specific questions:
1. The second set of emails presumably isn't actually coming from her account, instead it's being spoofed, right?
2. But her email would have to have to have been compromised at least once to get her address book, right?
3. What do I tell her to do, technology wise? Is there anything she can do at this point? What about the tablet and cell phone?
4. She is very embarrassed that this happened and thinks that everyone is going to be judging her. I told her that this happens all the time and no one thinks much of it (at least I don't) but the spam is going out to people who are less technically aware (like, my grandparents) and they are sending her concerned emails.
Best answer: Yeah, almost certainly #1 is true. The spammers think that recipients in your Mom's email list will be more likely to open something from someone they know.
#2, hard to be sure. I ditched Outlook 10 years ago over the same kind of shenanigans. Problem is so much interconnectedness among the Microsoft programs themselves, so points of entry are numerous.
3. Get off Outlook would be my advice.
4. Forget it. Like you said, happens all the time. An apology and warning is enough for most recipients. You might have to hold your grandparents' hand through this though.
posted by telstar at 11:05 AM on November 12, 2015
#2, hard to be sure. I ditched Outlook 10 years ago over the same kind of shenanigans. Problem is so much interconnectedness among the Microsoft programs themselves, so points of entry are numerous.
3. Get off Outlook would be my advice.
4. Forget it. Like you said, happens all the time. An apology and warning is enough for most recipients. You might have to hold your grandparents' hand through this though.
posted by telstar at 11:05 AM on November 12, 2015
Best answer: You can virtually hack-proof your email using two-factor authentication. I know gmail offers it and I believe other free email providers do as well. Maybe she should get off outlook, if possible.
posted by zug at 11:08 AM on November 12, 2015 [1 favorite]
posted by zug at 11:08 AM on November 12, 2015 [1 favorite]
Best answer: 1) It's almost certainly a spoofed from field, also known as a Joe job. I would have guessed this anyway, but the fishy SPF stuff pretty much cinches it up. There is nothing you can do to prevent this.
2) If it's not going to ALL of her address book, it's possible that someone else got hacked, either someone with a similar address book, or someone who was on a thread with your mom with lots of other people CC'd.
3) There is nothing to do about this.
4) It is not her fault and there is nothing she can do about it. She should tell people "apparently some spammers are spoofing my address. I can't do anything to stop them. Sorry! Please don't click on links or open attachments that appear to be from me but don't have any personal context in the same message"
posted by aubilenon at 11:09 AM on November 12, 2015 [3 favorites]
2) If it's not going to ALL of her address book, it's possible that someone else got hacked, either someone with a similar address book, or someone who was on a thread with your mom with lots of other people CC'd.
3) There is nothing to do about this.
4) It is not her fault and there is nothing she can do about it. She should tell people "apparently some spammers are spoofing my address. I can't do anything to stop them. Sorry! Please don't click on links or open attachments that appear to be from me but don't have any personal context in the same message"
posted by aubilenon at 11:09 AM on November 12, 2015 [3 favorites]
Best answer: Does she have to funnel her Bell e-mail through MSN? That seems like it's adding a layer of vulnerability. I'm sure Bell/Sympatico has a webmail interface she can use when she's not on her primary system.
posted by sardonyx at 11:12 AM on November 12, 2015
posted by sardonyx at 11:12 AM on November 12, 2015
Best answer: I am only familiar with Gmail, but is there is a way to connect devices, websites, apps, etc. to her email account? Can you check and make sure nothing is connected? I would check that, double check all the settings for forwarding or shared accounts, and make sure the password is changed and then maybe run some virus and malware scans, just to be safe.
You might just want to switch her Gmail where she can lock it down better. I had to convince my mom to switch to gmail, but now it's a lot easier to troubleshoot for her because we use the same service.
Tell her not to be embarrassed. This happens all the time to people.
posted by AppleTurnover at 11:48 AM on November 12, 2015
You might just want to switch her Gmail where she can lock it down better. I had to convince my mom to switch to gmail, but now it's a lot easier to troubleshoot for her because we use the same service.
Tell her not to be embarrassed. This happens all the time to people.
posted by AppleTurnover at 11:48 AM on November 12, 2015
Best answer: 3.1 turn on two factor authentication, if the account has it.
3.2 Also check that the account isn't forwarding anywhere unexpected
3.3 and that the backup email / sms / phone for password resets is something that's correct, if it's set at all.
4. it can happen to even sophisticated users. routes of attack include very well crafted phishing emails and even malicious software served up automatically from respectable ad networks, no user action / download required.
posted by zippy at 11:27 PM on November 12, 2015
3.2 Also check that the account isn't forwarding anywhere unexpected
3.3 and that the backup email / sms / phone for password resets is something that's correct, if it's set at all.
4. it can happen to even sophisticated users. routes of attack include very well crafted phishing emails and even malicious software served up automatically from respectable ad networks, no user action / download required.
posted by zippy at 11:27 PM on November 12, 2015
This thread is closed to new comments.
Eventually, all these emails will be auto-flagged as spam, and the recipients won't even be aware of them.
posted by eas98 at 10:50 AM on November 12, 2015 [1 favorite]