Email account has been hacked.

[phil p]

Hi,
My email account has been hacked over the last few days and I’m getting mails to send money to crypto accounts and bitcoin accounts, also emails from Amazon saying purchases are on the way, which are fake, and it’s really annoying.

Is there anything i can do to sort this out?

Im with Talktalk but I haven’t contacted them as yet.

Any ideas or help would be appreciated.

 

[Myfordman]

Look at whatever spam filtering you have and set filters if you have them and move each mail into the spam folder.

You have not been hacked justthat your email address is being spammed

 

[Geoff_S]

I get flurries of this sort of rubbish from time to time. It’s irritating, but I religiously flag them as spam block sender. It takes a while but I have seen a dramatic decrease over time.

I’m with BT.

 

[phil p]

Look at whatever spam filtering you have and set filters if you have them and move each mail into the spam folder.

You have not been hacked justthat your email address is being spammed

Where would I check these settings please?

 

[Blackswanwood]

This may help:

https://community.talktalk.co.uk/t5/Email/Spam-Filter/td-p/2332451
e-mails from Amazon saying purchases are on the way could be a bit more serious than just being spammed. Are the e-mails genuine? If you don't know how to check take a look at the Action Fraud website or watch Scam Britain: What you need to know on ITV Player.

 

[Stigmorgan]

If you don't trust an email don't even open it, often these emails send a report back saying it has been opened so that the sender knows its a valid/in use email account, then they start sending more and more in the hope that you'll take the bait.

 

[Phil Pascoe]

I still get "Your McAfee has expired " and "Phil, you've won a Ninja air fryer, Electric toothbrush etc." "Confirmation needed for delivery of your order" "You qualify for free electricity" and so on. I no longer get offered beautiful Russian/Ukranian women, though.

 

[Mouse007]

If your email has been “hacked” that means someone else is using it, that is they are logging in as you to send emails, place orders and generally do things in your name. If you can log in change your password to be sure.

I suspect you have not been hacked but somehow found your way onto a spam list. That is you are being targeted with spam. This can happen in 2 key ways, either you have given your email address to a dodgy website or someone else who has your email address has actually been hacked and had their address book harvested.

A pain but you must NOT respond to any of these emails. Doing so confirms you have a live email address. Just flag each one as spam, don’t open or read, just send to spam folder. Your email account should learn and start binning them.

Look for the spam icon in your email account, mark (don’t open) each email you think is spam and then hit spam icon.

 

[Phil Pascoe]

If your email has been “hacked” that means someone else is using it, that is they are logging in as you to send emails, place orders and generally do things in your name. If you can log in change your password to be sure.

You can set Sky email (for one) to send a verification code to your phone to log in, which probably helps.

 

[sometimewoodworker]

Hi,
My email account has been hacked over the last few days and I’m getting mails to send money to crypto accounts and bitcoin accounts, also emails from Amazon saying purchases are on the way, which are fake, and it’s really annoying.

Is there anything i can do to sort this out?

Im with Talktalk but I haven’t contacted them as yet.

Any ideas or help would be appreciated.

As has been mentioned your account almost certainly hasn’t been hacked.

There are various things that can be done depending on your technical expertise and the e-mail provider.

If you have an Apple mail account you can use the “Hide My Email” service

If you have a Gmail account you can easily see which person has released your address by creating a different name for every one you contact, the method is a tiny bit technical

If you have your own domain you can create a different address for everyone (I have been doing this for the last 25 years) and then block leaked address, this is the most technical but isn’t very difficult

 

[phil p]

Sorry, I forgot to add when I done the post that the first dodgy emails a received also showed my password that I use for various websites that I purchase things from, which was really concerning.

I think with this just starting coincides with me purchasing some cheap bits and bobs from a popular Chinese website within the last few days so they my have got my details from them, needless to say I have deleted my account.

Can I also say a big thank you for your responses so far, some I admit I don’t fully understand with being a non techie so to speak as I’m a dinosaur from the 1970’s so luckily I don’t do online banking, which under the circumstances would worry me, and the horror shown by other people when I tell them I don’t even own a mobile phone!

 

[Agent_zed]

If you don't trust an email don't even open it, often these emails send a report back saying it has been opened so that the sender knows its a valid/in use email account, then they start sending more and more in the hope that you'll take the bait.

This can only happen if you click on a link or allow images to be opened in the email.

The 'image' is actually more than an image and contains a data string which is sent to the server as part of the request for the image. the database is then updated to say that email is active and the image is returned to your browser.

Most email services will autoblock images until you say they can be downloaded for this reason.

If you do want to ever open a link without being tracked you can often copy the url and amend/delete some of the id tags so it isn't able to associate it with your email.

 

[Mouse007]

also showed my password that I use for various websites that I purchase things from

Sounds like you need to change your password on all those sites then. Using the same password is dangerous, but then having different passwords for every site is impossible to manage. What I do is make each password site specific. For example Password1234@UKW for here, Password1234@BBC for BBC, Password1234@EB for eBay etc where "Password" is something else and "1234" is a memorable number but not my date of birth. You can substitute the @ symbol for something else, for my Which account I use £ instead. For bank accounts I use a completely different "Password".

 

[sometimewoodworker]

Sounds like you need to change your password on all those sites then. Using the same password is dangerous, but then having different passwords for every site is impossible to manage.

Having different passwords for every site is not at all difficult to manage far less impossible.

I have somewhere in the region of 700 an example of the passwords is “B2o9vosWjud!PkFHmven” I’ve been doing this since 2013 using 1Password, I have no idea what the vast majority are as you can easily understand. There are a very very few that I do know they are
1Password,
AppleID
Computer and devices
Wi-Fi
Guest Wi-Fi

 

[Agent_zed]

Write your passwords on a piece of paper. Nobody can hack a piece of paper remotely, and If someone is in your house reading your passwords you have a bigger issue.

 

[andrew_2]

Write your passwords on a piece of paper. Nobody can hack a piece of paper remotely, and If someone is in your house reading your passwords you have a bigger issue.

I think my solution is slightly better. I make up passwords by randomly hitting keys and then saving them on to a removeable USB as text files. The USB is backed up elsewhere because I'm paranoid, but if it's not on the computer, nobody can steal it. I had trouble with passwords and paper with my mum - she kept losing the notebook.

 

[Agent_zed]

I think my solution is slightly better. I make up passwords by randomly hitting keys and then saving them on to a removeable USB as text files. The USB is backed up elsewhere because I'm paranoid, but if it's not on the computer, nobody can steal it. I had trouble with passwords and paper with my mum - she kept losing the notebook.

much of a muchness, I've found more random lost usb sticks than notebooks. But either way, what ever works for you.

Generally speaking...

As long as you have different passwords for each account and where possible use two factor authentication then it'll cover most bases.

And don't ever let anyone remote onto your computer unless you are absolutely sure they are who they say they are. And to be clear Microsoft is not ever going to be remoting onto your computer to help you remove a virus!

 

[paulrbarnard]

I had a convincing phishing email this morning. Sent an account that Amazon don’t know…

 

[TobyT]

If you are on a computer and you do get an email you aren't expecting(*) then you can view the sender information to see who sent it. In Pauls' example above click the arrow next to his name to get the header information. If the email doesn't come from a recognisable company domain(**) then it should be regarded as suspicious. This doesn't work quite as well with mobiles as it harder to view the raw text.

Other things to look out for are poor spelling/grammar, impersonal greetings ("Hello sir"), and urgency ("respond in 24 hours or else", "your parcel is going to be delviered tomorroe")). There are many online sources for more learning, but here is one.

(*) Aren't we all expecting parcels at the moment, which is why they are a popular method of phishing.
(**) If the email is purportedly from Evri, then it should be evri.com, likewise google.com, amazon.com. The domain part should be alone and separated by a period (.) from other bits, so redeliveries-amazon.com is NOT valid (as it uses a hyphen to separate) but redeliveries.amazon.com seems genuine. Make sure that the domain isn't mispelled to look genuine (for example amaz0n.com, or evrii.com). Where your email is displayed as HTML (styled, which is the default for phones and many email readers on PCs) rather than raw text you need to be careful because coding tricks can be used to display something else; hover your mouse over any links to show the true text.

 

[RogerS]

Yup. I got an email from my plumber yesterday. Sounded kosher. Asked me if I shopped on Amazon. He's old skool and so quite feasible he would ask that as I've helped him out IT-wise in the past. Told him I did ..what problem did he have. He replied that he was trying to get an Apple gift token for his daughter etc ...having difficulty....could I help.

I smelt a rat. I replied .."Sure John. But just so I know it's you, what is my address and what is your sons' name ?" No reply. He'd been hacked and his address book harvested.

Watch out for the text message from Amex saying something like "We are confirming that we have sent your new card that you requested to your new address. If you did not request this then please call etc etc urgently.`" That's the start of the scam. It's very good.