Spam being sent to me from my own email.

[JacobusJ]

Hi community,

I am an University student and i have been receiving spam emails from an email which looks to be mine.

The emails contain my on campus wifi password, and also conatain vague threats to sent screenshots of "sensitive" websites I have visited to all my contacts ,if the ammount has not been paid. These threats have however not been met in the required time, so I do not worry about them.

 

I am however still concerned with the fact that they do have my password for the wifi, and the emails are sent from my account to me. The emails are however not in my sent box, and uppon further inspection the website for the oncampus wifi has no digital sertificate.

 

Do any of you have anyway answers as to:

 1. How the password was obtained

 2. How the emails where spoofed to look like my gmail tag and says it is sent from me

 3. How to address this problem in the future.

 

Futher information:

I have since scanned my devices fot trojans and other mallware, and have changed my password, but recieved a email later containing the new password.

Is this maybe the wifi network that is compromised and not my device?

[kilgore_T]

i get this sh*t at work all the time, and we have symantec endpoint protection and a large IT section supposedly doing their jobs

[JacobusJ]

1 hour ago, VegetableStu said:

bring this up to your school's IT department. they're not supposed to send out passwords (in plaintext, even) for crying out loud ( -_(\

 

EDIT: also let them know someone hijacked your email account. see if you can get a new address from them.

It does not look as if it was hijacked, more like the person used my email adres to make it look like it was from me to me.

Also I doubt the person has access to my fiscal email because te resent devices and account activity only have my devices on them, no other logins or devices.

 

Do you think it may be that the person is some how spoofing my adress to make it look like it is from me?

[JacobusJ]

1 hour ago, kilgore_T said:

i get this sh*t at work all the time, and we have symantec endpoint protection and a large IT section supposedly doing their jobs

Have any of them maybe given steps to take in the future to stop this from happening?

[kilgore_T]

27 minutes ago, JacobusJ said:

Have any of them maybe given steps to take in the future to stop this from happening?

no its just taken as something that happens, i have no idea why, always thought it was weird they couldn't do something about it

[Origami Cactus]

32 minutes ago, JacobusJ said:

Do you think it may be that the person is some how spoofing my adress to make it look like it is from me?

Yes it is easy to spoof the email, to make it look like it was sent from some other address. 

But i think that the wifi you are using is unsecure, so either use mobile hotspot (only if you have unlimited LTE data), or maybe even a VPN.

[Guest]

12 hours ago, kilgore_T said:

i get this sh*t at work all the time, and we have symantec endpoint protection and a large IT section supposedly doing their jobs

Well, SEP should be sufficient for the general browsing on a network. It's just the moment that someone downloads a virus on a private network and brings it to the corporate network where SEP is being run that the virus is being identified.

 

I get these e-mails regularly, letting me know there are viruses identified on specific workstations or laptops.

 

12 hours ago, VegetableStu said:

bring this up to your school's IT department. they're not supposed to send out passwords (in plaintext, even) for crying out loud ( -_(\

 

Yes, let them know.

12 hours ago, VegetableStu said:

EDIT: also let them know someone hijacked your email account. see if you can get a new address from them.

I highly doubt that they'll give you a new address, generally the credentials are auto-generated from AD.

[kasugatei]

It is actually quite easy to send a spoofed email. You just have to connect with telnet to the SNMP server and use super non intuitive commands to send a mail which will look like it was sent from the SNMP domain.