Nonsense email hacking?
April 6, 2010 4:08 AM   Subscribe

My email address is firstname.lastname@gmail.com. Over the last few days, almost every email I got was followed by a weird 'delivery status notification (failure)' message...

it was saying that the message had bounced bounced back from 'firstname.lastname@yahoo.co.uk'. It took me about a day to realise I needed check the forwarding rules, and in fact this was a forwarding rule that someone... not me... had set up to forward every mail I received to this yahoo address. Very strange... especially since firstname.lastname@yahoo.co.uk is not an address I have ever registered for or used and it appears to be available, so no one has it or is checking it. If someone was going to hack my email to set this up, wouldn't they set it to forward to an address that exists? And considering thatt I change my email password to new, random sT5!?88fg type passwords every few weeks, how did I get hacked to begin with?

I'm so confused.
posted by Wroksie to Computers & Internet (13 answers total) 1 user marked this as a favorite
 
Maybe you left yourself logged in on a computer and some joker set that up?
posted by molecicco at 4:53 AM on April 6, 2010


It's just spam--probably your email has been spoofed, but there's not much to do about it.
posted by Mngo at 4:55 AM on April 6, 2010 [2 favorites]


Are you saying you looked at Gmail's forwarding rules and actually found a rule that forwarded to yahoo.co.uk?

If so, yeah, hackers are strange. Or maybe your password was obvious and someone else with the same managed to log in thinking it was their account. In either case, change your password ASAP.

If there was no forwarding rule, Mngo's right, it's probably just spammers forging your address.
posted by mmoncur at 5:18 AM on April 6, 2010


FWIW, I have an email address at gmail that is firstnamelastname@gmail.com (no dot between them). Someone else has same firstname.lastname@gmail.com (with the dot) and I often get her email. So, it's possible that there's someone else who has that email address with a small permutation and it's messing with yours.
posted by Mysticalchick at 5:49 AM on April 6, 2010


FWIW, I have an email address at gmail that is firstnamelastname@gmail.com (no dot between them). Someone else has same firstname.lastname@gmail.com (with the dot) and I often get her email.

The two Gmail addresses firstnamelastname@gmail.com and firstname.lastname@gmail.com are the same email address. Gmail ignores any dots in its email addresses, so email sent to:
firstnamelastname@gmail.com
or
firstname.lastname@gmail.com
or
fir.st.n.a.m.ela.s.tnam.e@gmail.com
will all arrive in your inbox because they are all the same address.

The "other person's" email you're getting is sent by people who are entering the wrong To address by mistake. The intended recipient is probably firstnamemiddleinitiallastname@gmail.com or firstnamelastname@hotmail.com or something else similar.
posted by EndsOfInvention at 5:59 AM on April 6, 2010 [4 favorites]


There are quite a few ways that someone could get your password, depending on how you've been using your computer. If you downloaded malicious software without realizing it, the software could have included a keylogger, a program that reports what you type to a third party. Data you transmit over open wifi or even weakly encrypted wifi can be intercepted and saved (although GMail now forces SSL, so that's probably not it).
posted by Vorteks at 6:31 AM on April 6, 2010


EndsOfInvention is right on the gmail dot/nodot thing. I have firstnamelastname and I get email for lastname.firstname@gmail.com because her friends and associates are too stupid to remember that.

But with regard to this situation - scrub the heck out of your forward rules and change the password again just in case. If it was a recent thing maybe they mistyped the email account they created on the Yahoo.co.uk side of things. If that's the case consider yourself lucky. It happened last year to someone I know and created a nightmare because he kept thinking all was fine because they changed passwords. He never even thought to check forwards.
posted by FlamingBore at 6:31 AM on April 6, 2010


The "other person's" email you're getting is sent by people who are entering the wrong To address by mistake.
Read the question people:
Over the last few days, almost every email I got was followed by a weird 'delivery status notification (failure)' message...
So sometimes when I email someone, I'll put two of their email addresses in the TO: line because I'm not sure what address they'll check first.

The only way the poster could be getting the bounce message once after every message is if every single person who emailed him did that with the yahoo.co.uk address. Which is obviously not possible. Besides:
it took me about a day to realise I needed check the forwarding rules, and in fact this was a forwarding rule that someone... not me... had set up to forward every mail I received to this yahoo address.
So someone got into the account and setup the forwarding rule. Why would they do it? No idea. It's very weird. Maybe it was done by some automated process that managed to guess your password, but the setup of the yahoo account failed, thus the bounce messages.

If it had been done by a real person, they probably would have checked to make sure the yahoo address worked. So, it's likely that your emails didn't go out.

Have you ever logged in to your Gmail using a public terminal? If so, someone could have installed a keylogger or something. Or they could have just guessed your password randomly, or got it from another site.

To be extra careful, try wiping your OS and reinstalling, making sure you get anti-virus.
posted by delmoi at 7:06 AM on April 6, 2010


my gmail account was hijacked, and all mail was set to be sent to the same.name at yahoo. it took me a few days to find that out. i have incredibly sensitive stuff in my email. i know i am probably not answering your specific question, but i disabled forwarding in "settings" and encrypted all outgoing and incoming mail by choosing "always use https" for your browser connection in the general settings screen. i opened another account that didn't use my name for all of my sensitive stuff. again, i know it's not your question, but maybe this will help you or somebody reading this thread.
posted by lakersfan1222 at 7:09 AM on April 6, 2010 [1 favorite]


and encrypted all outgoing and incoming mail by choosing "always use https" for your browser connection in the general settings screen

I believe this encrypts your login and transfer between your browser and gmail, but it doesn't actually "encrypt your mail."
posted by haveanicesummer at 9:20 AM on April 6, 2010


Read the question people...
Read the answers, people. That was someone clarifying an incorrect answer to a previous answer. (end of derail, hopefully).
posted by onshi at 12:10 PM on April 6, 2010


If someone was going to hack my email to set this up, wouldn't they set it to forward to an address that exists?
They probably made a typo when setting up the yahoo account.

...how did I get hacked to begin with?
Any number of ways, as others here have suggested.

If I were you I'd do a thorough check of the account for evidence of other activity. Check the sent items and the trash. Here's a list of suggestions (from the GMail Help Forum) for everything to check.
posted by harmless at 3:55 PM on April 6, 2010


This is not due to spoofing, and it is not necessarily of your account having been hacked.

It is most likely the result of an attack through a hole that Google fixed several years ago, so it may have been there for quite a while.

Netcraft: Google Fixes Gmail Cross-site Request Forgery Vulnerability
posted by Nameless at 1:36 PM on April 7, 2010


« Older Battery shelves for a huge DC UPS   |   Small black diamond tattoo means? Newer »
This thread is closed to new comments.