Yowser! This is a really scary thread. I have an email up on my profile and have never had a problem, but maybe I will go take it off. I am not sure what to do.
I do have strong passwords and we are mostly on macs and we use firefox ( along with great firewalls of course.). I do not know if that helps or not.
I hope someone has some answers. It does make one a little nervous about being on ST. I don't hear people talking about this else where.
I feel horrible for the people dealing with this and pray I escape it. If anyone resolves this, please post the answers for all and to prevent any more from getting caught.
Just a FYI, I do not have my email on my ST profile. I think it is more related to having opened a bad email message (not attachment). This verified my email was a legitimate email address. I had Slow Travel members in my contact list which spread it to others who had more Slow Travel members in their list and so on .....
But I am curious, have any MAC users with web based email been victims yet?
Posts: 7059 | Location: Edmonds, WA | Registered: 25 October 2001
As someone stated earlier, it has nothing to do with SlowTrav, other than the fact that some people hit, had other members with slowtrav addresses in their address books, so they received these spam e-mails.
Here are some relatively recent articles on the subject:
One other thing that I did was change my mail style preference from HTML to text.
I think that's a good idea; I keep mine set that way as well. I also have it set not to display images. I have heard that sometimes there is a kind of virus that comes in via images so that just by opening the email and displaying the image it can send info back to the originating server.
If the email comes from someone I know and I want to display the image, I can always click the option to display it just for that message.
- Roz
P.S. I am a Mac user and use both yahoo and gmail, but have not had the email problem (at least not that I know of), except of course receiving some of the fake ones. I would also be interested in knowing whether this is something that can affect both platforms. It seems as if, since it apparently attacks the address book stored on external servers, that the type of operating system should make no difference in this case.
Here are some relatively recent articles on the subject:
Thanks for posting those links....what surprises me is that no one seems to have a firm grasp on exactly what is happening. I got hit again today but this time the offending messages did appear in my Google mail sent mail. Last week, they didn't.
I changed my password in hopes that it will stop the phenomenon...but I am not optimistic.
Me too...from my gmail. Two of the technology sales messages went out to everyone in my contact list last Thursday and Friday. Two more went out to a smaller portion. One of those messages (and only one) showed up in my sent mail. ??? Very strange.
I deleted my entire contact list. Today I added two family members back into the contact list (as a test) and the "Thanks for the donation" message promptly got sent to both.
I'll just keep the contact list empty until someone has a better idea.
Cathy
Posts: 65 | Location: Berkeley, CA | Registered: 01 August 2006
Have you changed your password, Cathy? Yours sounds exactly like mine. When I first saw it I changed my password immediately, and it hasn't happened since.
what surprises me is that no one seems to have a firm grasp on exactly what is happening
Yeah, that is what I find scary. Knock on wood, I do not get much spam on any of my accounts, not even the very public one that I have on my profile here. I have opened some up though, by accident from time to time.
I wonder if it is pure luck on who gets caught and who does not.
I decided to keep my email on the profile, but I did change it to the written out ( at) and ( dot)com style that I have read is a better way to do it so the bots do not get it. I have had it up for over 2 years now without a problem.
I hope I am making the right choice. Since no one seems to know how this is happening for sure, it make it very hard to know how to protect oneself.
I wonder if everyone affected is using IE? Does that make a difference? We are not using that browser any more and hardly use our PC laptop, now that we have 2 macs.
We have a digital existence on the move, so hacked email sounds like a nightmare I do not want to experience.
Originally posted by Chris: Have you changed your password, Cathy? Yours sounds exactly like mine. When I first saw it I changed my password immediately, and it hasn't happened since.
I will immediately. Thanks, Chris.
Cathy
Posts: 65 | Location: Berkeley, CA | Registered: 01 August 2006
WT, I use Firefox and I had a strong password but unfortunately not strong enough. There are a lot of people out there making money breaking into web account - just google hack yahoo or hack hotmail and you'll see them.
I am just trying to wrap my mind around how one can protect oneself with this. I know you are really savvy about computers ( much more than I will ever be) so the fact that it happened to you and others who know what they are doing, makes it more threatening I think.
I know there are a lot of hackers out there, but hoping to keep finding ways to stay out of their way.
I found the link I gave above about about strong passwords useful. You can type in a sample password and it will tell you how strong the password is. The hacked password rated 'strong' but not 'best'. I'm going to redo my passwords and test them first using the tool on the Microsoft site.
Edited to add - The link does not appear to be working right now. ?? Nevermind. Plus now I'm having second thoughts about testing it.
Posts: 7059 | Location: Edmonds, WA | Registered: 25 October 2001
Marta, that link you gave about strong passwords did not work for me. I suspect the page either requires IE or Windows. Here is an article from Wikipedia about strong passwords, in case anyone else has that problem.
One point the article makes is that very strong passwords are sometimes too hard to remember, so people write them down and they can be stolen that way. Someone once gave me a good idea for creating a password that is fairly easy to remember but hard to crack. Take a favorite song or poem, and use the initial of each word in the first one or two lines. Since the best passwords use a combination of upper and lower case letters and numbers, you can try to find a way to mix in numbers and symbols as well. For example (and this is probably not a good one to use because it might be too common): 2bon2bTit? which would translate as To be or not to be, That is the question.
I just changed my password on Google, and when I did so, it told me whether it was a strong one.
Also, I was looking around for something on the web about this problem, and found this article and this one about a google hack. I don't really understand the workings of it, but the bottom line seemed to be that you should not visit another web page while your Gmail account is open because there is a back door into the Gmail account that can be hacked from an "evil" site. I think that problem might now have been fixed by Google, but in case it has already happened, that first article explains how to check your Gmail settings and make sure you don't have something put there by a hacker.
Nope, mine had nothing to do with my address book. The non-delivery messages I got were for sending to addresses of people and domains I know nothing about, it was spamming using my email address as the sender. I'm trying to figure out WHERE in Outlook Express I can set a password. Or maybe it's just futile.
I have a hotmail account which started sending out emails with my address over the weekend, then stopped, then did it again today. I've received a lot of "delivery status notification (failure)" notices in my inbox from addresses on my contact list.
And I am using a Mac.
Hotmail support told me how to filter it for my email account but didn't say what to do to stop the emails from going out in the first place.
This is a quote from MSN hotmail support "someone has forged your email address as the "reply to" or "from" field on a piece of unsolicited email message. This does not require the person to log in to the Windows live ID account."
One thing they did say was to use the "sign out" button at the upper right hand corner when logging out.
they suggested "changing the secret question and answer (aside from your password) regularly to increase privacy of your account".
Will changing a password really put a stop to this?
Posts: 184 | Location: western maine mountains | Registered: 26 February 2005
Originally posted by Barb (and Art): FWIW, I just received a spam email using Jim Zurer's address. there must be a ST connection, Jim and I have no other connection.
Did you and Jim ever send emails to each other? If so, your address could have been hijacked from his account.
Or if his email address is being used without his knowledge to send spam, there is no need for you to have a connection. It could just be that your email is on some spammer's list, and they are using Jim's return address to keep the spam from being tracked to them. It could just be a coincidence that you are both Slow Trav members.
Barb's e-mail is indeed in my Google Mail address book......
The first notice I had of this e-mail snafu was an incoming e-mail from a MSN address purportedly belonging to Diana Strinati Baur with the subject line "RE:long term business relationship!!!". (I am sure that it was not from Diana....)
So there may be some connection to Slow Travel......
I am sure Chris is correct when he says it is not to do with Slow Travel. But what puzzles me is that I have not heard of the problem anywhere else. None of my contacts (who do not know of ST) have the problem. The problem seems to relate to ST members who email each other.
Posts: 332 | Location: Melbourne, Australia | Registered: 16 January 2007
I talked to my son last night and he feels if I post his recommendation, it might be read and then the party will work around it. I'm trying to figure out a way to post this without tipping them off. It's something you can add to your address book. He's not sure that hackers haven't already found a way around it, but he has used it for years, as well as many of his computer buddies. If a hacker can't get past the first address on your list, the invasion will stop.
Sharon J
Posts: 631 | Location: Houston, TX USA | Registered: 01 November 2003
as hackers 
Plus now I'm having second thoughts about testing it.