cancel
Showing results for 
Search instead for 
Did you mean: 

Email server hacked?

Highlighted
bazdvd
Dabbler
Posts: 14
Registered: ‎08-12-2018

Email server hacked?

 I have received email in the past that claims my account has been hacked and to pay money to a bitcoin account etc etc.

I am fully aware this is a scam and i am not in the slightest bit bothered by it.

Since yesterday i have received about 30 or so of these emails that all have exactly the same text yet they are all to different email addresses.

I have a domain that i have had for almost 20 years and each of the email addresses are in the form of someone@mydomain.co.uk.

 

What bothers me is that the addresses they have been sent to are addresses that i have used once or maybe twice in the past as throwaway or temporary addresses rather than my main one.

These have all been used with different companies or individuals and have NEVER been posted on line in a forum etc so could not have been harvested from the web. 

 

The only place i can see these addresses coming form are my email host.

My account gets all mail to anything@mydomain and i have yet to see any random names before the @ in the address only names i have used before. I even had one addressed to my freenetname account and that has only ever been used as an email login name as its my account name.

 

I dont use webmail and all my email is deleted from the server when my email client downloads it.

 

Any thoughts please guys

Baz

29 REPLIES 29
Plusnet Help Team
Plusnet Help Team
Posts: 1,631
Thanks: 272
Fixes: 56
Registered: ‎26-03-2018

Re: Email server hacked?

Hi @bazdvd 

 

Sorry to hear this has happened. 

 

We have had no other people reporting such issues as this to ourselves. 

 

Can you let us know what email address these are coming from? If at all possible, could you also give us the email headers? 

 

Thanks, 

MoR

If this post resolved your issue please click the 'This fixed my problem' button
 MoR
 Plusnet Help Team
bazdvd
Dabbler
Posts: 14
Registered: ‎08-12-2018

Re: Email server hacked?

Heres one of the emails header. the MYDOMAIN. replaces my actual domain, i can PM more details if needed.

 

 

Return-path: <davequote@MYDOMAIN..co.uk>
Envelope-to: davequote@MYDOMAIN.co.uk
Delivery-date: Sat, 08 Dec 2018 20:20:32 +0000
Received: from [212.159.8.109] (helo=avasin13.plus.net)
by inmx13.plus.net with esmtp (PlusNet MXCore v2.00) id 1gVj5U-00073U-Du
for davequote@MYDOMAIN..co.uk; Sat, 08 Dec 2018 20:20:32 +0000
Received: from host-197.49.55.164.tedata.net ([197.49.55.164])
by Plusnet Cloudmark Gateway with ESMTP
id Vj5Rgb1hbAAlUVj5Tg6TCR; Sat, 08 Dec 2018 20:20:32 +0000
X-BV-Spam-Flag: Yes
X-IPAS: Level1
X-CM-Score: 100.00
X-CNFS-Analysis: v=2.3 cv=NvH/jfVJ c=1 sm=1 tr=0 p=wCPXAMyYnib2FFOa:21
p=_FmaPC-C9ZlHk-zD:21 p=TYtocxe6Pi4A:10 a=GKTqbgv0giapbYKtggsOqg==:117
a=GKTqbgv0giapbYKtggsOqg==:17 a=o0uRYRekAAAA:8 a=8nJEP1OIZ-IA:10
a=Wj3ScSDJz0QA:10 a=OoPBpemLQjAA:10 a=fwx1ag4elUECxEG4w1cA:9
a=wPNLvfGTeEIA:10 a=2wx1BQAUtznSfdeKM7xM:22
Message-ID: <D46F720D10C9106FD4C9B6AB72ABD46F@XI9WGA5>
From: <davequote@MYDOMAIN..co.uk>
To: <davequote@MYDOMAIN..co.uk>
Date: 2 Dec 2018 11:23:03 -0900
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2191
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2191
X-CMAE-Envelope: MS4wfPaVFeEsUGV8A+wOKActx6K4rujgY3TFsZKtF8iwbIzxZRJ2gbND7H4lMYfGIr0h8zXW6v4uZqN18HrfdNZ0M8IWt4D6kVWZ6XTjbzTqaEnmAyDo7uOC
YbuSHxviyclwQBTD7xRr3kjm8FshMirN0X2GhKyhOffTl0qXqIZjQEqPFSHUFk3CPhzWq5unoUX66PNJ+CNw18pjCBGrcmZSzbI=
X-pn-pstn: Spam 1
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Security Alert. davequote@fMYDOMAIN.co.uk was compromised. You need change password!

 

harrym1byt
Rising Star
Posts: 261
Thanks: 33
Registered: ‎15-10-2016

Re: Email server hacked?

It has become one of the common threat scams. One threat is they have your password harvested from some insecure, probably long disused web site login, they give your password as evidence. They claim to be able to make use of it to get into your bank details - unless you send a bitcoin payment.

The other similar one says they have access to the camera on your laptop and videoed you when you visited a sex web site. You are told to pay up, or the video will be sent to everyone in your address book within 48 hours.

Best to just ignore and delete them. Those few I have had, have arrived to an old receive only email address the ISP server for which I know was hacked several years ago and lots of personal details copied. I have so far never received a single item of spam etc. on my Plus account address.

 

bazdvd
Dabbler
Posts: 14
Registered: ‎08-12-2018

Re: Email server hacked?

just to be clear i am not bothered by the content of the email.

Its a well documented spam email and i have seen thousands of them over the last 25 years of using the internet and email.

Its ironic that i used to work for several major ISPs in the past and i know that users can get a little upset by this kind of thing.

 

What i am bothered about is how all of a sudden i get lots of emails to specific addresses i have used in the past with my domain. Some of these were used by one person to email me once, some to register with well known sites and others as a throwaway address for obtaining quotes from insurance sites etc.

 

What i cannot understand is how all these obscure addresses have suddenly come to light when i have never noticed any spam to any of these addresses in the past. I have also not had any of these emails sent to random accounts at my domain so they definitely from a list of hacked addresses rather than random words or names.

 

If a few emails to names i had used in the past suddenly got spam i could live with it and just delete it but to see addresses that have not been used for a few years at least suddenly all come at once makes me suspicious.

It does not help to read links like these,

https://www.theregister.co.uk/2015/11/25/plusnet_still_delivering_passwords_plaintext/

https://www.theregister.co.uk/2007/05/15/plusnet_spam_attack_may/

http://www.skyuser.co.uk/forum/general-computing-internet/12445-plusnet-alledgedly-hacked.html

Moderator's note by Mike (Mav): Post released from Spam Filter.

jab1
Hero
Posts: 3,329
Thanks: 1,079
Fixes: 20
Registered: ‎24-02-2012

Re: Email server hacked?

@bazdvd 2 from 2007, 1 from 2015? Any more recent reports?

John
bazdvd
Dabbler
Posts: 14
Registered: ‎08-12-2018

Re: Email server hacked?

why would more recent reports help?

As i have said some of the addresses have not been used since the 2015 link i posted.

The computer and outlook data file was even on a previous pc that is no longer around. the HD was destroyed.

 

 

 

jab1
Hero
Posts: 3,329
Thanks: 1,079
Fixes: 20
Registered: ‎24-02-2012

Re: Email server hacked?

Because there aren't any more recent reports?

John
bazdvd
Dabbler
Posts: 14
Registered: ‎08-12-2018

Re: Email server hacked?

well if there was a more recent report i would not have needed to come here asking if there was a problem lol

For all we know their servers might have been compromised and the info not yet found or released to the public.

 

Rather than try and flaw my logic perhaps you have some idea as to how this has happened?

jab1
Hero
Posts: 3,329
Thanks: 1,079
Fixes: 20
Registered: ‎24-02-2012

Re: Email server hacked?

Maybe, just maybe, some hacker has got hold of some ancient data, and is trying to use it.

 

John
bazdvd
Dabbler
Posts: 14
Registered: ‎08-12-2018

Re: Email server hacked?

thanks

But where could the ancient data have come from?

Either its old data thats just come to light or its come from the mail server.

The computer that these addresses were delivered to has not existed for years and the outlook data file that contained the emails was destroyed at the same time.

jab1
Hero
Posts: 3,329
Thanks: 1,079
Fixes: 20
Registered: ‎24-02-2012

Re: Email server hacked?

I don't know the answer to that, but the spam I received on this subject quoted a password I used on couple of unimportant sites I no longer use, so maybe their servers had been hacked?

John
bazdvd
Dabbler
Posts: 14
Registered: ‎08-12-2018

Re: Email server hacked?

i have had around 30 different emails used to send the same email.

I agree that the first thought would be that a site i had used an email on had been hacked.

This would mean that several larger well known uk companies had been hacked and none had been made public.

This also does not explain how addresses that had been used to receive 1 email from an individual years ago has come to light at the same time.

jab1
Hero
Posts: 3,329
Thanks: 1,079
Fixes: 20
Registered: ‎24-02-2012

Re: Email server hacked?

I agree, but the fact that, in my case, the password they quoted was for somewhere I hadn't visited for at least 12 months, and had unsubscribed from, still kind of makes me think it's an outside job. I can't see that the PN outgoing servers retain the data for that long. Not only that, you use the password to login to the site, not send in an email - only you and the site know the password.

John
bazdvd
Dabbler
Posts: 14
Registered: ‎08-12-2018

Re: Email server hacked?

but your case is not the same as mine is it. you cannot compare the two.

Passwords have not been quoted in the emails i have had.

 

Say i ask you to send me an email to jab1@mydomain.co.uk and then months later ask someone unrelated to you, or your ISP to send an email to unrelated@mydomain.co.uk.

If in 3 years time i see spam appearing to come from both the email addresses i gave you and the other person at the same time how would you explain that?

what is the only common denominator in that scenario.