Why Does Thunderbird Think this Message Might Be a Scam?

//
My email program, Thunderbird, thinks your newsletters are a scam. I get an overall message with the email, plus a warning whenever I click on a link. This doesn’t bother me, and no doubt I could fix it by setting something in the client, but it must be happening to others, and I thought you might want to know so you can fix whatever is triggering it.

Unfortunately, this happens to a lot of newsletters and other email.

Needless to say, my newsletter isn’t scam, but seeing as how I do occasionally get this report, I thought it worthwhile to explain exactly what Thunderbird is doing. Other email programs may do something similar.

It’s also a good education on how some scams try to fool you.

The scam warning has always thrown too many false positives for my taste, so I’ll also show you how to turn it off in Thunderbird.

Read moreWhy Does Thunderbird Think this Message Might Be a Scam?

Has a Hacker Really Hacked My Email Account?

//
Today, I received this lovely email. While I think it is complete BS and I certainly have no intention on taking any action on it, it *does* look like it was sent from my account, i.e., it appears that someone can send emails impersonating me. Do you have any advice what I should do about this?

Nothing.

The questionable email message that this person was reporting describes how this person’s account had been hacked, how changing the password wouldn’t help, and that it was being held for ransom to be paid in Bitcoin. And, indeed, it appeared to be “From:” this person’s email address.

Variations of this scam even include a password — a password that you’ve actually used.

Even so, “complete BS” is very accurate.

Though, if there is a password, then there is one thing you should do.

Read moreHas a Hacker Really Hacked My Email Account?

Dealing with Fake “Ask Leo”

A friend of mine recently forwarded me an email he received that looked like it had come from me.

Except, of course, it hadn’t. It was a complete forgery, and not a very good one at that.

I am both slightly honored that I’m worth forging, and quite annoyed that someone actually did.

We’ll look at the message and all the clues it contains that make it a fairly obvious fake, and then generalize those clues to help you separate spam from legitimate email.

Read moreDealing with Fake “Ask Leo”

How to (Accidentally) Give Someone Else Your PayPal Account

Someone tried to give me a PayPal account this morning. Someone in Germany, to be specific. I suspect they weren’t trying to give me their account, but made a mistake when setting it up.

That mistake is surprisingly common. Seeing as how the result would be my owning their PayPal account, I really don’t understand how they could make such a serious mistake. But as I said, it’s common.

It highlights something critical you need to know to keep your accounts safe.

Read moreHow to (Accidentally) Give Someone Else Your PayPal Account

Will a Hacked Website Leak My Email Address?

//
If a website is hacked (e.g. Walmart), can the hackers get my email address even if they cannot crack my password, which is 12 alpha-numeric characters?

It really, and I do mean really, depends on the specific nature of the hack.

But the short answer is yes, it’s very likely your email address will be leaked as part of any significant hack or breach.

And that has nothing to do with the strength of your password.

But what happens next absolutely does.

Read moreWill a Hacked Website Leak My Email Address?

I Enabled Two-Factor Authentication and Now My Email Program Can’t Log In

//
When I turned on the two factor verification, I could no longer use Eudora to download my email!

It’s no surprise, really, but most software (like desktop email programs) has no way to ask for, or enter, a second factor if your account is configured to require one.

If you use such a program, you’re not stuck. In addition to two-factor authentication, the industry has a pseudo-standard solution for just this scenario.

It’s called an application-specific password, or “app password”.

Read moreI Enabled Two-Factor Authentication and Now My Email Program Can’t Log In

Can I Really Get Malware by Just Looking at Email?

New malware appears every day, and it seems like hackers constantly get smarter and craftier.

In the past, asking if your machine could become infected with malware by just reading your email would get laughs from the geeks in the crowd. “Of course not!” they would giggle.

Then came Outlook. Not only could opening an email infect your machine, but for a while, you didn’t even have to be around to have it happen.

And the geeks stopped giggling.

For a while.

Fortunately, today things are different.

Read moreCan I Really Get Malware by Just Looking at Email?

What Should I Do When My Account Is Involved in a Breach?

//

I received 2 notices below concerning my e-mails (Yahoo & Google) being exposed. I  changed passwords on both. Is this common? If it reoccurs what are my options? I have a lot of information stored in e-mail accounts is there a back up application before getting new accounts?

Email Password: Exposed Online (may or may not be readable)
Type of Compromise: Potential breach
Where your data was found: web page
Potential Impacted Site: www.adobe.com

Email Password: Exposed Online (may or may not be readable)
Where your data was found: social media

This has happened to me as well.

I want to be clear: normally, this does not mean your accounts have actually been hacked.

However, depending on the specifics of the breach, and your own security habits, it could mean your account is at risk.

Your initial response to change passwords was correct.

Read moreWhat Should I Do When My Account Is Involved in a Breach?

The Risk of Searching for a Support Phone Number

You’ve been locked out of your outlook.com email account.

Maybe you forgot the password; maybe you were hacked. Your recovery attempts have all failed, and you’re desperate to regain access to your account.

So, you search online for “outlook.com support phone number”, hoping to talk to a real, live person, to get some help directly from the source.

Unbeknownst to you, things are about to go from bad to worse.

Much worse.

Read moreThe Risk of Searching for a Support Phone Number

Why Spammers Love ZIP Files and How You Need to Stay Safe

//
I suppose most folks will be getting unsolicited spam to try to get your details. I’m getting financial questions and attachments with a .zip extension. What is .zip?

The ZIP file is the spammer’s – or rather the phisher’s – best friend.

ZIP files are everywhere, and have a lot of very valid uses. Unfortunately with that ubiquity comes the potential for abuse.

And that’s exactly what spammers like to do.

Read moreWhy Spammers Love ZIP Files and How You Need to Stay Safe

Who do I contact for legal help?

//
My ex-girlfriend’s sister is hacking my email and phone from Brazil. Who do I contact for legal help since I know who it is?

I get questions like this all the time.

Individuals’ accounts have been hacked and they want to know who did it, or they already believe they know. And with that knowledge they want to do something. Typically, they want to see the offender get punished in some way.

Sadly, life on the internet just isn’t that easy.

Read moreWho do I contact for legal help?

Why am I getting Amazon notifications for someone else?

//

I have a Gmail account that I’ve never used. Because my phone is now a Samsung 3 and interfaces with Gmail, I’m thinking of dropping my Yahoo account. The problem is that when I go into my Gmail account, I find mail from Amazon to a lady in Florida with the same first name as me.

I don’t understand what’s happened. Why, when I enter my name and password, I see emails to her about stuff she’s ordered on Amazon. Her name and address are there as well. When I look in All Mail, I see about 1300 emails, which I plan to delete and start up with Gmail because it’s the browser for my Samsung Galaxy. I don’t know who to ask about these emails from Amazon to this other woman in Florida regarding her purchases. And again, I’ve signed into my Gmail account with my name and password. So, now, I’m afraid to start up a Gmail account and drop off my old email address. Thanks, Leo for any light that you can shed on this problem.

I’ve got a pretty good guess as to what’s going on. I also have some ideas and some advice for what you might want to do about it.

Read moreWhy am I getting Amazon notifications for someone else?

How Do I Force My Email Account to Close on Another Device?

//
Hello, Leo. I left my Hotmail account open on another device, meaning I logged in on someone else’s computer and forgot to close out. I think the individual left the page open, possibly viewing my email. They have a Mac. I have a PC. Is it possible to figure out if my Hotmail account is open on another computer? Is there any way of closing it out without having access to the other device? Perhaps by changing the password? Does your account have a timeout and automatically close? It’s imperative that this person not have access

Unfortunately, there are several reasons that you don’t want to log in to your email account on the computer of someone that you don’t actually trust. The possibility of walking away while it’s still logged in is really only just one.

Read moreHow Do I Force My Email Account to Close on Another Device?

Why Do I Need Another Email Address to Access My Account?

//
I can’t login to my account as it keeps saying it wants another email to use as recovery. I do not have one. Do I have to get another account from somewhere in order to use Hotmail now? If so, I’ll start using the new one and get rid of Hotmail. What an inconvenience in that I have no access to my own account!

No, this isn’t some conspiracy to get you to create yet another email address. Heck, the email address technically doesn’t even have to be yours; but it does have to be setup before you need it.

Read moreWhy Do I Need Another Email Address to Access My Account?

Is it worth upgrading to get Windows XP Mode?

//

Since XP support has ended is it still worthwhile my buying Microsoft’s XP mode to upgrade my Windows 7 64-bit Home Premium in order to return back to my favorite Outlook Express? I foolishly paid nearly $200 extra for a PC package containing Outlook having been told it was like Outlook Express but better. I don’t like it and thus my desire to return to Outlook Express.

The short answer is no, you don’t want to do this.

For one thing, you may not need to spend any money to do what you’re asking. More importantly, it’s not something that I recommend you do, at all.

Read moreIs it worth upgrading to get Windows XP Mode?

How do I prevent Hotmail from locking me out when I travel overseas?

//

Each time I travel overseas, my Hotmail account locks me out because it becomes suspicious of my new location and that someone is someone is trying to hack into it. How do I fix it so that Hotmail will never again lock me out when I’m in a different location than usual?

First, I don’t think that you can change that feature in Hotmail. I honestly don’t know of a way to stop it from locking you out when you travel overseas.

But to be honest, my take is very different. I don’t think you want it to stop.

Read moreHow do I prevent Hotmail from locking me out when I travel overseas?

Why Does this Email Message Ask Me to Enable HTML When It Already Is Enabled?

//
Using Hotmail, now Outlook.com, and my address is “something” @hotmail.com. In the past two days, I’ve received several messages from my bankcard company: the first, an alert that a payment is due soon, and the second, an acknowledgement that payment has been scheduled. Each includes “Please enable HTML in the message text.” I have not done anything to disable HTML. Principally, I don’t know how and secondarily, I’d be afraid to find out the consequences if I did. Previous account-related messages from this company included the link to the card users login page. The current message does not have this link. Thinking that something may have accidentally come unhooked in my Hotmail settings, I looked in options for anything indicating how to enable HTML. Finding nothing, I went on the net and searched “Enable HTML Hotmail” and found Ask Leo! I’ve read through the topics here and searched “Enable HTML Hotmail Outlook” and found no answer. Messages from other sources contains links, none contained a request to enable HTML. Please advise what I’ve done and how can I undo it so I can easily attend to this credit card.

I don’t think you’ve done anything and I don’t think there’s anything to undo.

There are several reasons why this kind of thing can be happening. Most of them boil down to an improperly constructed email message on the part of the sender. In other words, it’s not you, but the sender.

Read moreWhy Does this Email Message Ask Me to Enable HTML When It Already Is Enabled?

Why is mail getting automatically placed in a folder I didn’t create?

//
I’m using Microsoft Office 2010 on Windows 7. A couple of weeks ago, all of my incoming mails started going into a folder called “Loyalty Pays.” At first, I didn’t realize what was happening. All that I knew was that I was not getting my emails. They are still going into this folder. Has someone hacked into my system? Do they have access to my emails? What can I do to rectify this problem?

Yes, my guess is that it’s very likely that someone hacked or compromised your account or that malware ended up on your machine.

Fixing this problem depends on how the email account is configured.

Read moreWhy is mail getting automatically placed in a folder I didn’t create?

If My Email Account is Hacked, What Kinds of Things Should I Check?

//
Leo, in your article about email being hacked and what you need to do, it’s possible that you may have omitted one important problem associated with account hacking: the changed return address. When my Yahoo account was hacked (my own fault, signing in from a fake email), the last thing that I noticed as I restored my account was that they had changed one letter of my name in the return address. If you clicked Reply to any email that I sent out, it went to them and not to my real account address.

Actually, you raise a very interesting and important point. It’s difficult to list all of the things that a hacker could change after they access your account.

Let’s look at a few of the most common things.

Read moreIf My Email Account is Hacked, What Kinds of Things Should I Check?

Can I Rely on the URL Shown in the Browser’s Status Bar Being Accurate?

//
In a recent article, you said to only click links in email when you know the sender AND that they recently sent you a link. Your accompanying discussion and advice is excellent and very helpful. I have a further question for clarification. When I place my pointer over a link in an email or a web page, a URL shows up in the left end of the banner at the bottom of the screen. Can I be certain that this is the address that I will be sent to? In other words, can the bad guys disguise their actual undesirable URL with one that looks okay but still sends me somewhere else that I wouldn’t want to go?

Good question, but the answer is you can’t really trust the URL that appears in the status bar at the bottom of your email program or web browser.

There are several reasons why. Let’s talk about a couple of them.

Read moreCan I Rely on the URL Shown in the Browser’s Status Bar Being Accurate?

Did Someone Log In to Google with My Password?

//
I just got this message in my Google email, “Someone recently tried to use an application to sign into your Google account.” The suspicious sign-in was in China, so apparently Google thought it might not be me and blocked it. What I want to know is did this suspicious sign-in actually use my correct password? Or did they just try to sign-in with random passwords hoping to stumble across the correct one?

I want to start by saying that I haven’t encountered this myself. Maybe I’m lucky.

Nonetheless, this is a very cool feature on Google’s part. Watching out for account theft like that is a very interesting and positive thing and I applaud Google for taking the initiative to understand what may and may not be a legitimate login for an account.

That said, what really happened here?

Read moreDid Someone Log In to Google with My Password?

Just How Secure Is Email, Anyway?

//

My business requires the emailing of some sensitive information on a regular basis. I have spoken with my boss and co-workers about all of us using an encrypted email system, but no one seems to think there is a significant threat or danger out there to require these extra steps in security. Can you offer any data to help me convince them that this is a good idea?

Actually, I don’t have hard data to say one way or the other. The risk varies too much on too many factors to really present data that’ll apply in any specific situation.

But we can definitely look at some of the specific factors.

Read moreJust How Secure Is Email, Anyway?

How Do I Protect My Email Address Book?

//

How do I stop [email being sent as me] or prevent a hacker from getting into my address book?

This was a follow-up question from someone who’d discovered that, as they put it, “Somebody is using my email address book to send spam to my friends.” I had pointed them at Someone’s sending email that looks like it’s from me to my contacts, what can I do?

What’s critical to realize here is that it’s extremely likely that they don’t just have access to your address book; they have access to your entire email account.

And that’s exactly where prevention begins.

Read moreHow Do I Protect My Email Address Book?

My mail account has a virus, how do I get rid of it?

//

My MSN email account has a virus and I can’t seem to get any help via MSN to get rid of it…this is why I feel that I must close it. Do you have suggestions for how I might get help with the infection and keep my account or should I do as you suggest and just stop using it?

I believe you’re heading off in the wrong direction.

Yes, if you want to close your account then absolutely stop using it.

But the question actually shows a very common misunderstanding of what’s probably really going on.

You see … email accounts don’t get viruses.

Read moreMy mail account has a virus, how do I get rid of it?

Hotmail says my password is incorrect, but I know it’s right. What do I do?

//

HI, MY PASSWORD HAS BEEN THE SAME FOR THE LAST 10 YEARS AND SUDDENLY I GET A MESSAGE THAT SAYS PASSWORD INCORRECT,WHAT THE HELL? AFTER A FEW ATTEMPTS IT BLOCKED ALL ATTEMPTS AND THE QUESTION IT ASKS IS NOT WHAT I FILLED IN WHEN I SIGHNED UP.IT ASKS ME FOR MY FIRST DOGS NAME AND I KNOW THAT I DID NOT FILL THAT IN, I DO KNOW WHAT SECRET QUESTION I AM SUPPOSED TO BE ASKED. WHAT DO I DO OR DO I JUST GO TO G MAIL AS MOST OF MY FRIENDS DID WHEN HOTMAIL STARTED WITH THEIR NONSENSE?!?!?

I get this often enough that I want to use this question as an example and provide a summary article for the situation.

This has nothing to do with Hotmail’s “nonsense” at all.

It’s pretty clear what’s happened here, so I’ll point you to a number of my previous articles that all might apply in your situation.

Read moreHotmail says my password is incorrect, but I know it’s right. What do I do?

Would You Please Recover My Password? My Account Has Been Hacked or I’ve Forgotten It

//

  • Someone has hacked my email address and has changed my password, my personal information and my secret question. I can’t log into my own email account! Please help me recover my password. The id that has been hacked is *****. Please rescue me.
  • I am not able to log into my Yahoo account that I’ve been using for the past 10 years. I clicked on the “forgot password” link and filled in all the details. It’s asking me for answer to my secret question – “who’s my friend?” How would I remember who would it be 10 years ago? Please reply and save a soul. I have very important information in my mails.
  • I’ve forgotten my password and the answer to my secret question. PLEASE PLEASE PLEASE can you send my password to *****@*****.com?

No.

There is nothing I can do. I have no way to help you.

Here is what you can do…

Read moreWould You Please Recover My Password? My Account Has Been Hacked or I’ve Forgotten It

How can I trace where email came from?

//

I frequently get questions that boil down to “How can I trace where this email came from?” or “Can I determine the IP address of the sender of an email?”

The answer is both yes and maybe, and it may not do you any good. However there is a lot of interesting information in your email that you normally don’t see, and the trail of mail servers is part of that.

So let’s interpret some email headers.

Read moreHow can I trace where email came from?

Someone has stolen my email account. What can I do to get it back?

//

Someone has stolen my email account. What can I do to get it back?

I’ve actually received a couple of reports like this in recent days. The scenario is this: one day you find that you cannot log into your email account. Then, to make matters worse, you find that someone else has been sending email pretending to be you to people you know.

Sometimes damaging email.

Remedies are few, but you do need to act quickly.

Read moreSomeone has stolen my email account. What can I do to get it back?