Forum menu
It seems that the email I use for my business has been hijacked / hacked. I keep getting 'Undelivered mail' emails, telling me that emails I've sent could not be delivered. The real address is infoATemersonphotography.co.uk but the sending address is everything from, stsgyeedby@emersonphotography to 1111&&&5$$£@emersonphotography.
So the ones not being delivered must all be to dead addresses - Gawd knows how many are actually getting through to live addys. The subject tends to be things like, "Sexy Katya has updated her profile" and more worryingly, "You have a complaint at the Better Business Forum".
My worry is that genuine people / businesses might think I'm spamming them - obviously not a good thing.
My hosting is 123reg so I've changed my password there, but the emails keep flooding in (used to be a few a month, now nearer 12 a day). I've also changed the password to my template-based website, but all emails are forwarded to my Outlook account. Can't change the address as it's all over my literature.
Anything I can try?
Trojan on your PC?
u-r I get the same but its not hacking.
Its phishing. The phisher generates a made up address at your domain [number]@emersonphotography.co.uk etc then sends a fake undeliverable to it where it gets swept up under a general forward rule to your primary address.
Unfortunately gmail doesnt recognise it as spam, so I have to spam file it myself.
Here's an example of mine:
this bit is an active link, probably to nasty mans place "vds003.din.or.jp"
This is the mail system at host vds003.din.or.jp.I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.The mail system
<aopuizi3938@www.9ravens.com> (expanded from <aopuizi3938@9ravens.com>): User
unknown in virtual alias tableFinal-Recipient: rfc822; aopuizi3938@www.9ravens.com
Original-Recipient: rfc822;aopuizi3938@9ravens.com
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; User unknown in virtual alias table
noname
1K Download
My worry is that genuine people / businesses might think I'm spamming them - obviously not a good thing.
If they're genuine, they'll understand what's happened.
Unfortunately, email addresses are easily spoofed. I could send mails out using your address if I wanted. If that's what's happening then there's nothing you can do to stop it. You might want to look into SPF records, though.
On the upside, it'll probably peter out after a little while, spammers change their addresses often to prevent blockages.
Malware scans and password changes are always a good idea with this sort of thing though, just in case you are the originator. If you could get a copy of an original mail with the headers intact, it may shed some light onto what's going on.
cougar - it's not even that advanced. It's just a domain email catch all phish.
Ah! Yes, good thinking, Batman.
A copy of the alleged NDR would confirm that for sure.
http://singletrackworld.com/forum/topic/new-form-of-phishing
Synchronicity.
I didn't make the connection with 'better business' in the OP. The Better Business Bureau scam emails have been doing the rounds for a few months.
actually just looked at the rest of the spam mail and it is indeed the better business phish at the start of it so it's all linked.
Thanks very much for all that - it's a massive relief to know I haven't actually been hacked. And yes, it does tend to come and go but recently it's been flooding in, which worried me somewhat.
Coincidentally (?), just after I posted the OP, I went off and opened Outlook to copy and paste one of these emails as an example, and for the first time in years, I got a Windows Security popup, asking me to log in to my email account. Took me 20 minutes of guessing to log in 😀