PDA

View Full Version : Security worries



fielker
12-12-2015, 07:17 AM
A neighbour yesterday told me she had received an email from me saying I was stranded in Turkey without money ! What do I need to do about this?

I have also been receiving more spam than usual: Russian ladies offering me sexual favours, confirmation of orders from firms I've never dealt with, notification of non-delivery of items I've never ordered, vague messages giving websites from unknown persons and not addressed to me, advertisements.

I gather that OS 10.7.5 is no longer supported by security updates, so I think I need to upgrade to Yosemite.

What worries me is how easy this would be, and what I might be in danger of losing.

IWT
12-12-2015, 08:39 AM
The email you describe is very well known in the UK. It signifies that your email account has been hacked. You should take immediate steps to change your password; if you can. I say, if you can, because the hacker could have changed it, so excluding you from your own account. Your email provider will help you to make the changes.

NB. The hacker now knows your email address, often used as a username, and your email PW, often used on other sites. Therefore you should immediately go into any site where you have used the same password, and change it.

That is the priority, but you should also check your Mac for malware. The two are not directly related but you are vulnerable.

Ian

fielker
12-12-2015, 09:26 AM
Thanks for this. I'll look into it.

David

fielker
12-12-2015, 10:42 AM
Thanks again, Ian. After nearly an hour on the phone to my server I've managed to change my password! Fingers crossed.

David

IWT
12-12-2015, 12:39 PM
Thanks again, Ian. After nearly an hour on the phone to my server I've managed to change my password! Fingers crossed.

David

I am delighted for you David. You have had a lucky escape. Just remember that if you used your original email password for any other site, change it as a precaution.

Well done and good luck!

Ian

cradom
12-12-2015, 08:39 PM
Just curious... if his email was hacked and the hacker changed the password, how is he still getting mail?
The mail program uses a password to download the mail.
I do however agree, change the thing, NOW. To something hard. Use a password manager.

chas_m
12-12-2015, 10:48 PM
Yeah, I have a strong feeling that fielker wasn't the one who had their email account hacked. I suspect some Windows owner that has fielker's email address in their contacts got a virus or hacked and then the virus spoofed similar messages to everyone in the hacked/virus-ridden person's address book. Still, a good idea to change the password on his/her own email account once in a great while, so no harm done and possibly a lot of good done.

toMACsh
12-13-2015, 08:45 AM
I gather that OS 10.7.5 is no longer supported by security updates, so I think I need to upgrade to Yosemite.

What worries me is how easy this would be, and what I might be in danger of losing.

Going from Lion to Yosemite or even El Capitan could be painless. But, you'll have to post the specs of your Mac so one of our resident gurus can answer that for you. Go to the Apple (upper left) and About This Mac. Post that information here.

Rod Sprague
12-13-2015, 09:09 AM
Chas_m I agree with your comment regarding being spoofed by a Windows users email account being hacked. My wife has received a few solitary bogus emails just before being notified by some friend who has just discovered her email or occasionally face book account has been hacked. They are usually one offs but I always suggest she change her password which she is strangely resistant to doing. I usually get an, "aw, do I have to?" If it were up to her she would only have one password for everything.


Sent from my iPhone using Mac Forums

harryb2448
12-13-2015, 05:04 PM
And what odds GMail or Hotmail?

Rod Sprague
12-13-2015, 08:00 PM
Gmail.

fielker
12-14-2015, 06:18 AM
Thanks again to all.

My specs:
OS 10.7.5
8Gb memory
Safari 6.1.6

Is anything else needed?

I also have to check that my version of Sibelius (7.1.3) is compatible with Yosemite.

chas_m
12-14-2015, 10:37 PM
Actually, Yosemite is no longer an option -- the current system is El Capitan. So step one is checking to see if your machine can run it (if it was supported in Yosemite, it would be supported in El Capitan).

Assuming it is, the transition should be pretty painless. You have a good amount of RAM for that machine and apart from checking your Sibelius software and other such third-party programs, you should be fine. Be sure to make a backup first, of course, and a bootable clone if you can, and take care to have plenty of free space on your boot drive before starting the procedure.

Cr00zng
01-10-2016, 11:37 AM
Just curious... if his email was hacked and the hacker changed the password, how is he still getting mail?
The mail program uses a password to download the mail.
I do however agree, change the thing, NOW. To something hard. Use a password manager.
Changing password on a periodic bases is always a good idea, but...

Just because the "From:" address shows your email address, it does not mean that the actual email came from your email server. When the "From:" address is spoofed, that's rather easy, the actually email does not come from your email server. That could be another explanation for how the email is still received from server and the user is able to change the password. You can always look at the property of the email in question that shows something like this; note: the ""From:" address is the as the "Return-path:" below:


Return-path: <sender email account@sender domain.com> spoofed email address
Envelope-to: recipient account@receiving domain.com recipient email address
Delivery-date: Sun, 10 Jan 2016 09:01:01 -0500
Received: from mail.xxxxxx.net ([66.xxx.xxx.xxx]:38835) sender email server DNS name and IP address
by receing domain.com with esmtp (Exim 4.85) recipient email server DNS name
(envelope-from <sender email account@sender domain.com>)
id 1aIGYG-0003IZ-E8
for recipient account@receiving domain.com; Sun, 10 Jan 2016 09:01:01 -0500
Received: from smtp.sender domain.com ([66.xxx.xxx.xxx])
by mail.sender domain.net (-); Sun, 10 Jan 2016 09:00:41 -0500

cradom
01-10-2016, 11:54 AM
What you're describing is spoofing, something entirely different from getting your mail from your account.
If you access YOUR account with YOUR password, and you get mail, it's your mail.
Spoofing is sending mail using someone elses address as the sender.

fielker
08-25-2016, 06:15 PM
A new worry. I was browsing last night using Safari and a window suddenly appeared saying my Mac had been invaded, and a voice message asked me to call a number within a minute or my passwords etc would be stolen. I managed to unfreeze everything by Force Quit on Safari, and as a precaution I disconnected my back-up disk. Since then I have used Firefox as my browser.

I tried to trash Safari but this is apparently an integral part of OSX.

Am I safe for the moment? And what should I now do? Presumably download an antivirus program; what can anyone suggest?

harryb2448
08-25-2016, 06:30 PM
Nothing to do with Safari, just straight out Ransomware in action and all browsers get this insidious attack.

Suggest Clear History and Cookies. Antivirus will do nothing as there are no Mac OS X viruses. Little free programs such as Malwarebytes for Mac, AdBlock Plus, ScamZapper and Ghostery will help. You cannot remove Safari as it is part of whatever OS X operating system you are using, which you did not share.

Be aware older operating systems, OS X.6, OS X.7 and OS X.8 are no longer supported by Apple with security updates.

fielker
08-26-2016, 05:27 AM
Thanks.

I am using OSX 10.7.5.

Can't clear history - shows up in grey.

Forgive my naivete - how do I clear cookies?!

IWT
08-26-2016, 05:47 AM
I can't remember as far back as 10.7.5 but I suspect not that much has changed.

Try Safari > Preferences > Privacy. There should be a small box-window with "Remove All Website Data". Or, you can view the cookies separately and remove selected ones.

Ian

fielker
08-26-2016, 05:51 AM
Ian: thanks, but Safari Preferences also shows up in grey.

ferrarr
08-26-2016, 08:27 AM
Have you quit Safari and restarted the computer? Before opening Safari press and hold "Shift" when you click on the Safari icon.

IWT
08-26-2016, 08:47 AM
Yes. Should have realised that your Safari was "locked".

Follow Bob's advice and that will get you into Safari. Then clear out History and Cookies.

In post#17, Harry told you about Malwarebytes Anti-Malware app which is free and it will clear out any Malware. The add-ons to your Browser that Harry suggested will hopefully prevent this occurring again.

Ian

fielker
08-26-2016, 09:45 AM
The shift key worked! (So simple, but how does one find out these things?) And the rogue window has disappeared. I have cleared history, and will go through my many cookies and delete any I don't recognise.

Many many thanks. I am greatly relieved.

IWT
08-26-2016, 10:00 AM
Yes, it is a relief when things are sorted, isn't it. I tell you, all of us here have been through misadventures of some kind and the relief on getting it sorted is palpable.

Good for you. Remember us, we're here to help.

Ian