My email program, Thunderbird, thinks your newsletters are a scam. I get an overall message with the email, plus a warning whenever I click on a link. This doesn’t bother me, and no doubt I could fix it by setting something in the client, but it must be happening to others, and I thought you might want to know so you can fix whatever is triggering it.
Unfortunately, this happens to a lot of newsletters and other email.
Needless to say, my newsletter isn’t scam, but seeing as how I do occasionally get this report, I thought it worthwhile to explain exactly what Thunderbird is doing. Other email programs may do something similar.
It’s also a good education on how some scams try to fool you.
The scam warning has always thrown too many false positives for my taste, so I’ll also show you how to turn it off in Thunderbird.
Today, I received this lovely email. While I think it is complete BS and I certainly have no intention on taking any action on it, it *does* look like it was sent from my account, i.e., it appears that someone can send emails impersonating me. Do you have any advice what I should do about this?
The questionable email message that this person was reporting describes how this person’s account had been hacked, how changing the password wouldn’t help, and that it was being held for ransom to be paid in Bitcoin. And, indeed, it appeared to be “From:” this person’s email address.
Variations of this scam even include a password — a password that you’ve actually used.
Even so, “complete BS” is very accurate.
Though, if there is a password, then there is one thing you should do.
It seems like not a day goes by where I don’t get a question from someone that boils down to their email account having been hacked.
Someone, somewhere, has gained access to their account, and is using it to send spam, access other online accounts, hassle contacts, and more. Sometimes passwords are changed, sometimes not. Sometimes traces are left, sometimes not. Sometimes everything in the account is erased — including contacts and saved email — and sometimes not.
I received 2 notices below concerning my e-mails (Yahoo & Google) being exposed. I changed passwords on both. Is this common? If it reoccurs what are my options? I have a lot of information stored in e-mail accounts is there a back up application before getting new accounts?
Email Password: Exposed Online (may or may not be readable)
Type of Compromise: Potential breach
Where your data was found: web page
Potential Impacted Site: www.adobe.com
Email Password: Exposed Online (may or may not be readable)
Where your data was found: social media
This has happened to me as well.
I want to be clear: normally, this does not mean your accounts have actually been hacked.
However, depending on the specifics of the breach, and your own security habits, it could mean your account is at risk.
Your initial response to change passwords was correct.
I have terminated my Yahoo account. There’s a clause in the form that says that after 90 days my user ID can be made available to others. Does that mean that if someone then snaps up my old user name they could start impersonating me? Would he see everyone on my contact list? Would my old contacts see him and think I was back on-line?
Could that person try and impersonate you? Yes.
Will it be easy? Maybe.
Would that person see everyone on your contact list? No.
This actually applies to all the services, not just Yahoo. The “90 days” part might change, but the basics would still apply.
My ex-girlfriend’s sister is hacking my email and phone from Brazil. Who do I contact for legal help since I know who it is?
I get questions like this all the time.
Individuals’ accounts have been hacked and they want to know who did it, or they already believe they know. And with that knowledge they want to do something. Typically, they want to see the offender get punished in some way.
Leo, on the topic of “Can my boss see my mail and instant messages” you wrote, “if using your company’s machine, it’s safe to assume that your boss or IT department could see your emails and instant messages.”
Yes, but there may be an additional cautionary note in my opinion. My son and daughter-in-law are both faculty members at a major university. They have their own privately owned computer at home. However, at home, they use their university faculty email addresses to send and receive email. So, isn’t it true that it’s not who owns the machine but the use of the university’s email system on campus or at home, that opens the door to this kind of access vulnerability?
Actually, it’s both. Or rather, it’s either. And more.
I have a Gmail account that I’ve never used. Because my phone is now a Samsung 3 and interfaces with Gmail, I’m thinking of dropping my Yahoo account. The problem is that when I go into my Gmail account, I find mail from Amazon to a lady in Florida with the same first name as me.
I don’t understand what’s happened. Why, when I enter my name and password, I see emails to her about stuff she’s ordered on Amazon. Her name and address are there as well. When I look in All Mail, I see about 1300 emails, which I plan to delete and start up with Gmail because it’s the browser for my Samsung Galaxy. I don’t know who to ask about these emails from Amazon to this other woman in Florida regarding her purchases. And again, I’ve signed into my Gmail account with my name and password. So, now, I’m afraid to start up a Gmail account and drop off my old email address. Thanks, Leo for any light that you can shed on this problem.
I’ve got a pretty good guess as to what’s going on. I also have some ideas and some advice for what you might want to do about it.
Hello, Leo. I left my Hotmail account open on another device, meaning I logged in on someone else’s computer and forgot to close out. I think the individual left the page open, possibly viewing my email. They have a Mac. I have a PC. Is it possible to figure out if my Hotmail account is open on another computer? Is there any way of closing it out without having access to the other device? Perhaps by changing the password? Does your account have a timeout and automatically close? It’s imperative that this person not have access
Unfortunately, there are several reasons that you don’t want to log in to your email account on the computer of someone that you don’t actually trust. The possibility of walking away while it’s still logged in is really only just one.
I can’t login to my account as it keeps saying it wants another email to use as recovery. I do not have one. Do I have to get another account from somewhere in order to use Hotmail now? If so, I’ll start using the new one and get rid of Hotmail. What an inconvenience in that I have no access to my own account!
No, this isn’t some conspiracy to get you to create yet another email address. Heck, the email address technically doesn’t even have to be yours; but it does have to be setup before you need it.
Since XP support has ended is it still worthwhile my buying Microsoft’s XP mode to upgrade my Windows 7 64-bit Home Premium in order to return back to my favorite Outlook Express? I foolishly paid nearly $200 extra for a PC package containing Outlook having been told it was like Outlook Express but better. I don’t like it and thus my desire to return to Outlook Express.
The short answer is no, you don’t want to do this.
For one thing, you may not need to spend any money to do what you’re asking. More importantly, it’s not something that I recommend you do, at all.
Each time I travel overseas, my Hotmail account locks me out because it becomes suspicious of my new location and that someone is someone is trying to hack into it. How do I fix it so that Hotmail will never again lock me out when I’m in a different location than usual?
First, I don’t think that you can change that feature in Hotmail. I honestly don’t know of a way to stop it from locking you out when you travel overseas.
But to be honest, my take is very different. I don’t think you want it to stop.
Using Hotmail, now Outlook.com, and my address is “something” @hotmail.com. In the past two days, I’ve received several messages from my bankcard company: the first, an alert that a payment is due soon, and the second, an acknowledgement that payment has been scheduled. Each includes “Please enable HTML in the message text.” I have not done anything to disable HTML. Principally, I don’t know how and secondarily, I’d be afraid to find out the consequences if I did. Previous account-related messages from this company included the link to the card users login page. The current message does not have this link. Thinking that something may have accidentally come unhooked in my Hotmail settings, I looked in options for anything indicating how to enable HTML. Finding nothing, I went on the net and searched “Enable HTML Hotmail” and found Ask Leo! I’ve read through the topics here and searched “Enable HTML Hotmail Outlook” and found no answer. Messages from other sources contains links, none contained a request to enable HTML. Please advise what I’ve done and how can I undo it so I can easily attend to this credit card.
I don’t think you’ve done anything and I don’t think there’s anything to undo.
There are several reasons why this kind of thing can be happening. Most of them boil down to an improperly constructed email message on the part of the sender. In other words, it’s not you, but the sender.
I’m using Microsoft Office 2010 on Windows 7. A couple of weeks ago, all of my incoming mails started going into a folder called “Loyalty Pays.” At first, I didn’t realize what was happening. All that I knew was that I was not getting my emails. They are still going into this folder. Has someone hacked into my system? Do they have access to my emails? What can I do to rectify this problem?
Yes, my guess is that it’s very likely that someone hacked or compromised your account or that malware ended up on your machine.
Fixing this problem depends on how the email account is configured.
Leo, in your article about email being hacked and what you need to do, it’s possible that you may have omitted one important problem associated with account hacking: the changed return address. When my Yahoo account was hacked (my own fault, signing in from a fake email), the last thing that I noticed as I restored my account was that they had changed one letter of my name in the return address. If you clicked Reply to any email that I sent out, it went to them and not to my real account address.
Actually, you raise a very interesting and important point. It’s difficult to list all of the things that a hacker could change after they access your account.
In a recent article, you said to only click links in email when you know the sender AND that they recently sent you a link. Your accompanying discussion and advice is excellent and very helpful. I have a further question for clarification. When I place my pointer over a link in an email or a web page, a URL shows up in the left end of the banner at the bottom of the screen. Can I be certain that this is the address that I will be sent to? In other words, can the bad guys disguise their actual undesirable URL with one that looks okay but still sends me somewhere else that I wouldn’t want to go?
Good question, but the answer is you can’t really trust the URL that appears in the status bar at the bottom of your email program or web browser.
There are several reasons why. Let’s talk about a couple of them.
I just got this message in my Google email, “Someone recently tried to use an application to sign into your Google account.” The suspicious sign-in was in China, so apparently Google thought it might not be me and blocked it. What I want to know is did this suspicious sign-in actually use my correct password? Or did they just try to sign-in with random passwords hoping to stumble across the correct one?
I want to start by saying that I haven’t encountered this myself. Maybe I’m lucky.
Nonetheless, this is a very cool feature on Google’s part. Watching out for account theft like that is a very interesting and positive thing and I applaud Google for taking the initiative to understand what may and may not be a legitimate login for an account.
My business requires the emailing of some sensitive information on a regular basis. I have spoken with my boss and co-workers about all of us using an encrypted email system, but no one seems to think there is a significant threat or danger out there to require these extra steps in security. Can you offer any data to help me convince them that this is a good idea?
Actually, I don’t have hard data to say one way or the other. The risk varies too much on too many factors to really present data that’ll apply in any specific situation.
But we can definitely look at some of the specific factors.
My MSN email account has a virus and I can’t seem to get any help via MSN to get rid of it…this is why I feel that I must close it. Do you have suggestions for how I might get help with the infection and keep my account or should I do as you suggest and just stop using it?
I believe you’re heading off in the wrong direction.
Yes, if you want to close your account then absolutely stop using it.
But the question actually shows a very common misunderstanding of what’s probably really going on.
HI, MY PASSWORD HAS BEEN THE SAME FOR THE LAST 10 YEARS AND SUDDENLY I GET A MESSAGE THAT SAYS PASSWORD INCORRECT,WHAT THE HELL? AFTER A FEW ATTEMPTS IT BLOCKED ALL ATTEMPTS AND THE QUESTION IT ASKS IS NOT WHAT I FILLED IN WHEN I SIGHNED UP.IT ASKS ME FOR MY FIRST DOGS NAME AND I KNOW THAT I DID NOT FILL THAT IN, I DO KNOW WHAT SECRET QUESTION I AM SUPPOSED TO BE ASKED. WHAT DO I DO OR DO I JUST GO TO G MAIL AS MOST OF MY FRIENDS DID WHEN HOTMAIL STARTED WITH THEIR NONSENSE?!?!?
I get this often enough that I want to use this question as an example and provide a summary article for the situation.
This has nothing to do with Hotmail’s “nonsense” at all.
It’s pretty clear what’s happened here, so I’ll point you to a number of my previous articles that all might apply in your situation.
Someone has hacked my email address and has changed my password, my personal information and my secret question. I can’t log into my own email account! Please help me recover my password. The id that has been hacked is *****. Please rescue me.
I am not able to log into my Yahoo account that I’ve been using for the past 10 years. I clicked on the “forgot password” link and filled in all the details. It’s asking me for answer to my secret question – “who’s my friend?” How would I remember who would it be 10 years ago? Please reply and save a soul. I have very important information in my mails.
I’ve forgotten my password and the answer to my secret question. PLEASE PLEASE PLEASE can you send my password to *****@*****.com?
There is nothing I can do. I have no way to help you.
I frequently get questions that boil down to “How can I trace where this email came from?” or “Can I determine the IP address of the sender of an email?”
The answer is both yes and maybe, and it may not do you any good. However there is a lot of interesting information in your email that you normally don’t see, and the trail of mail servers is part of that.
Someone has stolen my email account. What can I do to get it back?
I’ve actually received a couple of reports like this in recent days. The scenario is this: one day you find that you cannot log into your email account. Then, to make matters worse, you find that someone else has been sending email pretending to be you to people you know.