I got back from a day out and opened my Hotmail to find several emails from different contacts. Instead of reading the titles of each before opening them I just opened the oldest, read then deleted, meaning the next oldest opened up for reading. One of them opened an obviously fake BBC web page with a bogus article about a miracle slimming cure and another opened a page about Whatsapp. Gti Junior told me to run a virus check on the laptop, which showed nothing, but then I discovered that my Hotmail had sent hundreds of emails to my contacts and lots of others I dont know with a variety of tempting subjects like “You’ll never believe this…” and so on.

I’m changing all my other passwords but can’t understand why this kind of stupidity takes place – do hackers really believe people will be fooled by a fake BBC web page? What is this kind of attack called? It’s not phishing, is it?

People are fooled by these emails and click on all sorts of random links. If you don’t know this then I suspect you don’t do IT support for family members.

No, I’m an old man so computers are still strange and incomprehensible to me.

I’m changing all my other passwords but can’t understand why this kind of stupidity takes place – do hackers really believe people will be fooled by a fake BBC web page?

The thing you have to bear in mind is that the attack itself is basically free – send one thousand or one million emails, the cost is the same. Which means you don’t need a huge return on your effort – as long as 0.001% of the people receiving your emails are stupid or ignorant, that’ll do.

but then I discovered that my Hotmail had sent hundreds of emails to my contacts and lots of others I dont know with a variety of tempting subjects like “You’ll never believe this…” and so on.

There is a possibility that you haven’t been hacked – just that spammers have used your email address on email they’ve sent. It’s ridiculously easy to send an email and make it appears like it came from someone else and near impossible to prevent this. This does not necessarily mean your computer or hotmail account has been compromised – more likely that someone with your email address in their address list has been infected.

I think it’s a lot to do with generations. I’ve grown up with computers and work in IT, I’m always careful with what I put on-line and what I click on.

But even I sometimes see some stuff and for a split second I think it could be kosher.

I once had a lad working with me who was an “IT security” chap….he had turned ethical hacker, but he’d done non ethical stuff in the past….he was a complete pain in the ass, constantly trying to figure out passwords, hack systems, go places he had no right to go to….they are a weird bunch…we like riding our bikes, they like spending hours and hours trying to bypass a system….just because…

if the emails had been spoofed though an open relay then they wouldn’t be showing up in his sent items folder.

It’s also possible to have a trojan on your PC which has harvested the contacts and is being used by an automated network (aka botnet) to send spam. It’s possible for it to have used your Hotmail connection to do it, especially if you have Hotmail set up in you mail software on the PC. Doesn’t even need to hack the account then, it just takes control of your mail software.

As well as a virus scan, Malwarebytes is worth a run.

Anyway, as a security option you can enable two factor authentication with your Microsoft account which makes it much harder to hack the password. It’s a bit more technical as it needs you to verify a first time log in on a device using a text message to your phone, or with an authentication app on the phone.

can’t understand why this kind of stupidity takes place – do hackers really believe people will be fooled by a fake BBC web page?

They are obvious to most people, although some people aren’t very good at critical thinking and can be stupidly easy to fool 🙂

perfect example

I used to have a blog that I put a really large amount of effort into, until it was swamped by “comments” including links to ads for Viagra etc, such that my site got blacklisted by Google and I could never, for one reason or another, undo the damage. It made me wonder what sort of shitty scumbag would destroy a person’s work just for the one in a trillion chance of finding someone who will spend a few dollars on a little blue pill. Maybe someone with a crap life trying to find a way out – well f*ck you, asshole – I hope you rot.

I keep using MacAfee it stops me doing this, gives you a big Stop sign before it allows you to go to the site. Windows security dosent cover all the bases. I up graded to 8.1 and believed what they said and didn’t re install MacAfee. Got hacked the same way. Now with MacAfee I’ve not had the same problem. I’m happy to pay the small amount each month to stay safe

Vast majority aren’t one person deliberately hacking you, but automated networks and viruses just scanning the net for open holes to attack. The real person behind it may have long moved on, if not been locked up or whatever.

Oh, and usual thing you do with McAfee is uninstall it. It’s bloatware, slows your system and arguably not very good at its job but tries to make you hand over money. Free versions of Avast! and AVG are the usual preference for good ones, though I ditched AVG because it was getting a bit bloated. p.s. to remove McAfee properly you need to download their removal tool. The uninstall option leaves a mess behind.

purpleyeti – Member
if the emails had been spoofed though an open relay then they wouldn’t be showing up in his sent items folder.

True – but I don’t think the OP said they were in his sent items – just that he became aware his hotmail had (apparently) sent them.

Normally the first sign you get of this is loads of out of office auto replies / NDRs from spurious addresses. I’d assumed it was the same in this case.

As purplyeti says, if the messages are in sent items then it is a local infection.

+1 for Malwarebytes as a supplement to AV scan.

its working for me and has kept me safe, used AVG before not as good.

do hackers really believe people will be fooled by a fake BBC web page

And yet, you still opened the emails.

I opened the email because, as I explained, I was stupidly just opening and deleting in age sequence rather than reading the subject of each email before opening. Won’t be doing that ever again.

And yes, my “sent” box was full of about 400 emails with a wide variety of subjects that I seemed to have sent out to my contacts and loads of others with dodgy American-sounding names. A few bounced back undelivered, which was what alerted me.

Point is,

The answer to “why” is because at least in part, as you’ve demonstrated, people open them accidentally.

And as Mogrim said, they don’t need a high return. Send out millions, get a small percentage of hits, that’s still a sizeable number. And think about it, if someone bites on a clearly crap spam email, the chances are much higher that they’re gullible enough to be bled for a lot more money.

If stuff is actually in Sent, you should run a malware scan on all your devices and then change your password.

Yep, I’ve run Sophos and changed some passwords.

Thanks all for the advice.

You misunderstand. Run a malware scan.

http://www.malwarebytes.org is a good start.

Is there a malwarebytes for iOS?

You almost certainly wouldn’t need it, but it wouldn’t surprise me in the slightest if someone tried to sell it.