Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Spam being sent to me from my own email.

JacobusJ
 Share

Hi community,

I am an University student and i have been receiving spam emails from an email which looks to be mine.

The emails contain my on campus wifi password, and also conatain vague threats to sent screenshots of "sensitive" websites I have visited to all my contacts ,if the ammount has not been paid. These threats have however not been met in the required time, so I do not worry about them.

 

I am however still concerned with the fact that they do have my password for the wifi, and the emails are sent from my account to me. The emails are however not in my sent box, and uppon further inspection the website for the oncampus wifi has no digital sertificate.

 

Do any of you have anyway answers as to:

 1. How the password was obtained

 2. How the emails where spoofed to look like my gmail tag and says it is sent from me

 3. How to address this problem in the future.

 

Futher information:

I have since scanned my devices fot trojans and other mallware, and have changed my password, but recieved a email later containing the new password.

Is this maybe the wifi network that is compromised and not my device?

Link to comment
Share on other sites

Link to post
Share on other sites

i get this sh*t at work all the time, and we have symantec endpoint protection and a large IT section supposedly doing their jobs

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, VegetableStu said:

bring this up to your school's IT department. they're not supposed to send out passwords (in plaintext, even) for crying out loud ( -_(\

 

EDIT: also let them know someone hijacked your email account. see if you can get a new address from them.

It does not look as if it was hijacked, more like the person used my email adres to make it look like it was from me to me.

Also I doubt the person has access to my fiscal email because te resent devices and account activity only have my devices on them, no other logins or devices.

 

Do you think it may be that the person is some how spoofing my adress to make it look like it is from me?

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, kilgore_T said:

i get this sh*t at work all the time, and we have symantec endpoint protection and a large IT section supposedly doing their jobs

Have any of them maybe given steps to take in the future to stop this from happening?

Link to comment
Share on other sites

Link to post
Share on other sites

Did you reused your password?  change any password wher: 1. they could recover the account with this PW 2. where you used this password

Link to comment
Share on other sites

Link to post
Share on other sites

27 minutes ago, JacobusJ said:

Have any of them maybe given steps to take in the future to stop this from happening?

no its just taken as something that happens, i have no idea why, always thought it was weird they couldn't do something about it

Link to comment
Share on other sites

Link to post
Share on other sites

32 minutes ago, JacobusJ said:

Do you think it may be that the person is some how spoofing my adress to make it look like it is from me?

Yes it is easy to spoof the email, to make it look like it was sent from some other address. 

But i think that the wifi you are using is unsecure, so either use mobile hotspot (only if you have unlimited LTE data), or maybe even a VPN.

I only see your reply if you @ me.

Link to comment
Share on other sites

Link to post
Share on other sites

12 hours ago, kilgore_T said:

i get this sh*t at work all the time, and we have symantec endpoint protection and a large IT section supposedly doing their jobs

Well, SEP should be sufficient for the general browsing on a network. It's just the moment that someone downloads a virus on a private network and brings it to the corporate network where SEP is being run that the virus is being identified.

 

I get these e-mails regularly, letting me know there are viruses identified on specific workstations or laptops.

 

12 hours ago, VegetableStu said:

bring this up to your school's IT department. they're not supposed to send out passwords (in plaintext, even) for crying out loud ( -_(\

 

Yes, let them know.

12 hours ago, VegetableStu said:

EDIT: also let them know someone hijacked your email account. see if you can get a new address from them.

I highly doubt that they'll give you a new address, generally the credentials are auto-generated from AD.

Link to comment
Share on other sites

Link to post
Share on other sites

It is actually quite easy to send a spoofed email. You just have to connect with telnet to the SNMP server and use super non intuitive commands to send a mail which will look like it was sent from the SNMP domain.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×