Email hacked?
I have been an Outlook user for many years, most recently Outlook 2016. After switching from a POP3 to an IMAP account about 18 months ago, I experienced ongoing issues with syncing to my webmail and email apps on my other devices. Unable to resolve these sync issues, I installed Thunderbird a few days ago, and love it - the sync issues are gone! However, within an hour of installing Thunderbird and adding an IMAP account, I started receiving emails dated between 2010 and 2013 from a few "friends." On closer inspection, these emails were not from my friends at all - the email addresses attached to my friends' names in the From field were not my friends' addresses, but addresses I'd never heard of. A day later, I received a couple of emails from other "friends", also not from friends' addresses, and this time with zip files attached, with passwords indicated in the body of the email text. Needless to say, I did not open the zip files. I then received a number of legitimate emails from another group of friends, asking me if I had sent them similar emails with attached zip files/passwords, which I had not. Of course, I'm wondering if my email has been hacked, which I find hard to believe given that I had a strong 14-digit password, to which I have now added another 9 digits in a new password. In the meantime, I called my ISP, Rogers in Canada, which uses Yahoo as the service's email provider. They ran some tests, and told me that there is no indication that my account has been hacked on Rogers Yahoo's servers. They tell me there was a breach back in 2009, which may have accounted for some residual emails being left on Yahoo servers which could have now been sent to me, but they admitted this was just conjecture, and they advised me to contact Thunderbird support to see if it's possible that my account has been hacked via Thunderbird's servers. I should also add that 2 similar emails with zipped attachments were sent last night, without my knowledge, to a friend from a Gmail account I have set up in Thunderbird. And, lastly FYI, my Thunderbird connection security settings are set to SSL/TLS for all my accounts. I look forward to any information and advice. Thank you, Les.
All Replies (7)
Do you have an anti-virus software installed on your computer? Receiving emails from unknown emails but knwon names and also known names and "legitimate" emails (even if that person did not sent it) it's called "Email spoofing". If you are well protected by an anti-virus then it should be OK as long as you do not open those archive files or other attachments or do not click on links from such mails. If you, though, open such files attached or click on links then you can be affected and also your computer will start to send fake emails to spread the virus.
Thanks for the quick reply. I have both MalwareBytes (full edition) and Windows Defender installed, both fully updated. And, no, I have not opened any of the attachments or clicked on any hyperlinks in any of the spoofed emails. I'm just curious to know if it's possible that my email has been hacked on the Thunderbird server, using a backdoor on Thunderbird to get to my email on its way to Yahoo. Being a non-techie, I'm not too familiar with the path email takes, but I understood from Rogers support that when using third-party email software such as Thunderbird - as opposed to webmail - incoming and outgoing mail gets sent via the servers of the software you use, in this case Thunderbird. I never had this issue in all the time (25-plus years!) I've been using Outlook, but, as I said in my original post, the IMAP sync issue I've been having with Outlook was driving me crazy. After a few days of using Thunderbird, I like it a lot. Are there any known vulnerabilities with Thunderbird that could be causing my spoofing problem? Do you think from what I've described that my accounts (one Rogers/Yahoo, one Gmail) have been hacked?
Thanks again for your help.
"Email spoofing" by definition is a way to send mails in the name of someone w/o to "hack an email". Off course that it is recommended to change your password every time you see something suspicious just to be on the "safe zone".
Thunderbird (as Outlook or other email clients) is only an interface for your emails. The interface download mails from the server(s) set by you and show you that information in it's interface. Thunderbird app do not send nor save your mails (and personal information) on/to Thunderbird servers - https://www.mozilla.org/en-US/privacy/thunderbird/ and I'm not aware about some vulnerabilities. Almost all the time when I have read some details as the ones mentioned by you was related either with email spoofing either with viruses. If you are protected and if you don't click on any link/download any attachment then you can still receive such emails (or your friends can get an email from "you") if a friend has a virus or someone who know you have/had a virus/breach or if the "owner" of a virus send mails to some random-generated email addresses.
Modified by svlad2009
Thank you for the information.
If you want to be more protected (as emails - not as your computer) you might contact your email service provider to add for your domain (or theirs, if you use their domain) some server email protection if they don't have already: SPF and DKIM. If they do this then you need to be careful what settings you have on outgoing server in TB (to match with the ones mentioned by your email service provider) In this way many servers (as gmail, yahoo, microsoft) will automatically trigger a "spam" action (move to junk/mark as spam or even refuse) when an email from "you" was not actually sent by you.
Also, when you receive strange email from friends don't be shy - before to open any attachment or to click on the links from that email contact those friends to ask them if they've sent it.
Stay safe!
Thanks for this. I'll contact my ISP to discuss further. After doing some online Googling, I'm starting to wonder if this "hack" is a result of the Emotet botnet that is infecting so many computers worldwide. And, yes, I do call my friends when I receive suspicious emails.
Stay safe, too. Best wishes and thanks for all your help.
Delete the emails and then compact the folder to ensure they are fully deleted.
It is possible a nefarious person has obtained your email address and is abusing it. Never post your email address in any public forum as spambots can discover them. I strongly advise you do not forward 'amusing' emails as you never know who might forward them containing your email address. Usually the person gets bored if there is no reponse to their attempts and stops sending emails.
It is also a good idea to create and use a signature that is unique to you, so friends can check whether email is really from you.
If concerned that you might have any malware on computer logging keystrokes etc, start computer in 'SafeMode' and then run Anti-virus/malware programs.