Jump to content

Email Account Hacked!

K_M

By K_M
in CPanel and Site Maintenance

 Share

Recommended Posts

K_M Enthusiast

K_M

Posted
Posted

I think my email account is hacked or someone is trying to hack it.

 

I received the following 2 emails:

 

 

 

Dear user of e-mail server "****",

 

Your e-mail account has been temporary disabled because of unauthorized access.

 

For more information see the attached file.

 

For security reasons attached file is password protected. The password is "35466".

 

Have a good day,

The **** team

*****

 

 

Attached file having name: document.zip

 

 

 

 

 

 

The second email is as follows:

 

Dear user of ****,

 

Your e-mail account will be disabled because of improper using in next

three days, if you are still wishing to use it, please, resign your

account information.

 

For more information see the attached file.

 

For security purposes the attached file is password protected. Password is "35466".

 

Sincerely,

The **** team

 

 

Attached file having name: information.zip

 

 

 

 

 

 

I have replaced my original domain's name with the '****' above.

 

 

Both the above emails came from 'staff@****'

 

This is strange because no one knows the password of my email account or control panel. Also, I never created such 'staff@****' email account. I use a 'support@****' email account.

 

Did TCH staff member send such an email?

(Only TCH member may know the password of my account because I submitted several helpdesk tickets in last few months, and did provide my password on the ticket-submit form)

 

 

Please help. Is my account going to be disabled? Is it hacked?

 

It is on server 23.

MikeJ Veteran

MikeJ

Posted
Posted (edited)

First, take a deep breath. :P

 

That is the common format of a virus. It attempts to concern you by making you think something is going on with your account or address in order to get you to open the attachment which is likely a virus or an attempt to collect information for identity theft.

 

The email was most certainly "spoofed" or faked to make it appear like it came from your domain. One unfortunate part of the Internet's current email architecture is that from addresses can easily be faked. If you look at the headers, you can find in the Received lines that the message indeed did originate somewhere else.

 

If it'll help you feel more comfortable, PM me or forward me a copy of the email headers to mikej {at} totalchoicehosting.com (or simply post it in here) and I'll show you the information that shows where the message originated from.

 

Bottom line, though, your email account should still be just fine. Thumbs Up

Edited by TCH-MikeJ
K_M Enthusiast

K_M

Posted
  • Author
Posted

Thanks for your quick reply Mike. I have PMed you the 'message details'.

 

Are you sure, my account isn't hacked? That's because I transact $$ and have sensitive info in my email account.

MikeJ Veteran

MikeJ

Posted
Posted

Dug up the specific details for this particular virus. This particular virus you are receiving email from is called the Beagle or Bagle Virus. If you scroll down to technical detail #9, you'll see the email characteristics which your above examples match one case of. That page also describes the details of how the virus spreads.

 

Getting the email doesn't mean you are infected. It means someone else is infected and the virus on their system sent the mail to you. However, it's a good idea to make sure you have AntiVirus running on your own machine to make sure that you don't in turn get infected and propogate these viruses.

 

I'm responding to your PM now, but this info I felt was good to repeat for the general public.

bellringr Experienced

bellringr

Posted
Posted

You might want to refer to the following threads where others have had the same thing happen:

 

ht*p://www.totalchoicehosting.com/forums/index.php?showtopic=9929&hl=hack

 

ht*p://www.totalchoicehosting.com/forums/index.php?showtopic=9694&hl=spoof

 

It's not uncommon to get spoofed e-mails like that. :P

Deverill Grand Master

Deverill

Posted
Posted

One thing that was a tipoff to me was the password protected attachment. If they had to password the thing because of security reasons then why did they send the password to it in the same email as the attachment?

 

Ok, so I'm a hacker - you just gave me the password to the file bozos.

 

See, it doesn't make sense. These virus guys usually do stupid things like this to scare people or set them off balance so they will open the virus.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...