My Outlook 2010 contacts list was hijacked!

Status
Not open for further replies.

ejp

Senior Member
Outlook version
Outlook 2010 64 bit
Email Account
POP3
Most of have seen this: we or an acquaintance/relative/friend get an email from us that we did not send. The Subj field is typically blank and the body contains a single line; a link typically for a site on enlarging something or selling cheap drugs, etc. Sometimes the Subj field contains “Hey!”, or “Check this out”, or “Hi, <your first name here>!.

Can someone help with how this happens? Have they hacked the ATT/Yahoo server for our contacts list? My Yahoo and Gmail accounts now have an empty/blank contacts list in order to avoid this but used to be populated some yrs ago. All my contacts are in my Outlook 2010 email which is now IMAP, so on a server in the cloud somewhere.

Or, have they actually hacked my PC and extracted this info from my local .pst file? We are very careful and run both MBAM (daily on auto-schedule) and either AVG or Avira every other day on each of two machines. We have, however, reflexively opened one of these bogus emails in recent months, but did not click on the link.



This has happened to my and my wife's accounts and those of many friends.

1. How does this happen? How do they do it?

2. How best to avoid short of unplugging the computer indefinitely?

3. Once it starts with emails from me (that aren't really from me) going out, is there a way to stop it?

4. I have removed Java. Does that prevent websites from running code on my PC and injecting malware?

Running Win7 Home Premium with all Windows updates. Email provider is ATT/Yahoo, email program Outlook 2010 with IMAP

Thank you!
 

Diane Poremsky

Senior Member
Outlook version
Outlook 2016 32 bit
Email Account
Office 365 Exchange
I think your account was hacked. Immediately change your password - it seems to have worked for me.

A friend sent that spam to a mailing list i run and as list owner, i checked out the link - i did the bitly trick of adding the + to see the full url but didn't look at the url close enough and he initially said he meant to send it directly to me. The link made semi-sense for him to send it to me so I wasn't as diligent as i should be. Its a yahoogroups list and i use my yahoo account as the logon. I had exactly one address in my yahoo address book: my other address and less than 24 hours later, i got two messages that one address. I haven't had any more since changing the password.

I think it was a script running in memory - you visited a compromised site and logged into yahoo before rebooting. But once your account was compromised, it didn't need you any more. It's not java elated - this system does not have it installed.
 

ejp

Senior Member
Outlook version
Outlook 2010 64 bit
Email Account
POP3
Thanks for the response! I have reset Yahoo p/w and will see what happens. changing the Yahoo p/w always drives me nuts as there are many more steps than you find Googling "how-to" instructions. I had to re-login 2-3 more times and select a whole new set of security questions. they couldn't do more to discourage people from changing their p/w if they tried. I once (year ago or so) found a quick "change password" thing somewhere on the Yahoo site to click, but can't find now. Is there a better way with just a few clicks? I'm tempted to call tech support but that's typically a 30min ordeal.

On your reply, would you mind expanding on the "bitly trick" thing please? Also, the "script running in memory"; do you mean it was likely not an exe installed on the HD, but just a transient piece of malware code in memory? In recent months I have just been putting PC to sleep at night and seldom rebooting. Bad idea maybe? I run Malwarebytes daily and Alvira every 2nd or 3rd day.

Should I expect Malwarebytes and/or AV apps like Alvira or AVG to catch such malware? Just switched from AVG to Alvira free version.

thanks again!
 

Diane Poremsky

Senior Member
Outlook version
Outlook 2016 32 bit
Email Account
Office 365 Exchange
Biltly (and most shorturl services) will expand a url if you add a + to the end of the url - copy the url, paste into the address bar of windows explorer and add a + to the end.

Script in memory means nothing was installed (windows 7/8 should prevent installs) - just a transient hunk of code running. You visited an infected site, the script keeps running until you reboot. Closing IE should end the script but if I'm suspicious, I don't think twice about rebooting.

I'm not an expert by any means and this is based on my experience - so i could be wrong. :) I haven't found anything online and when i asked some security friends, they came off sounding like they had no clue about what I was asking about and were BSing me. I got the impression no one really understands this virus.. and my explanation fits my experience as well as any. :)

No, the AV/Malwarebytes software won't stop the scripts. They won't stop the scareware viruses either (the 'you are infected' or the 'your hard drive is corrupt' ones). They should stop it if the exploit tries to install anything. Firewalls won't stop the scripts either because they use port 80 and the browser exe, so its allowed though.

I tend not to reboot either but if I'm suspicious about something I will reboot. I uninstalled Java from all computers - my husband wasn't happy that he couldn't pay some stupid game online... but java is too full of holes and viruses can use it to get past the AV software.

I'm giving some thought to shutting down overnight, but really don't want to. If I'm hit with too many more exploits, I might.
 

ejp

Senior Member
Outlook version
Outlook 2010 64 bit
Email Account
POP3
Thank you! You are expert enough for me. All sage advice.
 

ejp

Senior Member
Outlook version
Outlook 2010 64 bit
Email Account
POP3
Here is an explanation of how the yahoo hack works - Yahoo plugs hole that allowed hijacking of email accounts | PCWorld - changing the password would invalidate the cookie they stole and prevent the attack. It would also only work for yahoo accounts accessed via the browser. That's why my account was hacked when i logged into yahoogroups.

That's the one! thanks for passing that on. I have inadvertently clicked on the bogus link once or twice. Explains everything.

- - - Updated - - -

Here is an explanation of how the yahoo hack works - Yahoo plugs hole that allowed hijacking of email accounts | PCWorld - changing the password would invalidate the cookie they stole and prevent the attack. It would also only work for yahoo accounts accessed via the browser. That's why my account was hacked when i logged into yahoogroups.

That's the one! thanks for passing that on. I have inadvertently clicked on the bogus link once or twice. Explains everything.
 

Diane Poremsky

Senior Member
Outlook version
Outlook 2016 32 bit
Email Account
Office 365 Exchange
I'd been searching for information about that hack since last week when it hit me but i couldn't find anything. I'm glad it was using cookies and not getting the passwords via a script - I was a bit worried that I might have logged into online banking and it could have my passwords.
 

mpilgrim

Member
Outlook version
Outlook 2010 32 bit
Email Account
POP3
Most of have seen this: we or an acquaintance/relative/friend get an email from us that we did not send. The Subj field is typically blank and the body contains a single line; a link typically for a site on enlarging something or selling cheap drugs, etc. Sometimes the Subj field contains “Hey!”, or “Check this out”, or “Hi, <your first name here>!.




Can someone help with how this happens? Have they hacked the ATT/Yahoo server for our contacts list? My Yahoo and Gmail accounts now have an empty/blank contacts list in order to avoid this but used to be populated some yrs ago. All my contacts are in my Outlook 2010 email which is now IMAP, so on a server in the cloud somewhere.




Or, have they actually hacked my PC and extracted this info from my local .pst file? We are very careful and run both MBAM (daily on auto-schedule) and either AVG or Avira every other day on each of two machines. We have, however, reflexively opened one of these bogus emails in recent months, but did not click on the link.





This has happened to my and my wife's accounts and those of many friends.




1. How does this happen? How do they do it?


2. How best to avoid short of unplugging the computer indefinitely?


3. Once it starts with emails from me (that aren't really from me) going out, is there a way to stop it?


4. I have removed Java. Does that prevent websites from running code on my PC and injecting malware?




Running Win7 Home Premium with all Windows updates. Email provider is ATT/Yahoo, email program Outlook 2010 with IMAP




Thank you!





I just found this forum; my problem is similar as above, but with unfortunate results after attempted correction........ My system is Win7 32-bit running Office 2010 Pro. email account is bellsouth.net (att/yahoo). For many years (on DSL then U-verse) my Outlook setup was Incoming: pop.att.yahoo.com port 995, and SMTP.att.yahoo.com port 465 for output. Two weeks ago my email account was apparently hacked (dirty mail sent to folks which looked like it came from me), so per ATT cust. support i changed my password on my email account. Since then, I have been unable to log on to my account from Outlook (user name/password errors). I tried changing my pop to inbound.att.net, and smtp to outbound.att.net (per info on att web site), but to no avail. I also tried using recommended imap settings, but still no help...........here's the irony of this scenario: On another PC (running WinXP Pro on my desk i can access my office account which is also bellsouth.net (pop and smtp settings as above) using same version of Outlook. However, I tried to access that account from my main PC but with no success. PS. Two Win7 laptops in the house have the same problem.


I have no idea why I have this issue, and I really wish I could learn how to again access my email from my Outlook client............... Anybody have a clue?
 

ejp

Senior Member
Outlook version
Outlook 2010 64 bit
Email Account
POP3
I think I've seen same thing with ATT/Yahoo email and Outlook 2007 then 2010. For me, these things either go away on their own within days, or clear up if I change passwords again on Yahoo. Of course you updated the password in your Outlook email account, right? that sounds like a no-brainer fix, but failed frequently to fix it for me. Sometimes I create a new Outlook account in the off-chance the profile is corrupt. I never found the inbound/outbound change to make any difference in spite of others enthusiastically saying it's the fix for everything. I have no easy fix beyond methodically walking thru the whole process as if you were starting from scratch with a new account. I went in circles with this for 3 yrs with ATT/Yahoo then 6 mo ago things just cleared up somehow. I think it's often on their end....good luck.
 

Diane Poremsky

Senior Member
Outlook version
Outlook 2016 32 bit
Email Account
Office 365 Exchange
did you open the account in outlook - file, account settings, double click on the account and change the password. You may also need to delete the credentials in windows credentials manager (in control panel). I would use the pop/smtp you used for years - those are correct.
 
Status
Not open for further replies.
Similar threads
Thread starter Title Forum Replies Date
M PST import from Outlook 2007 to 2010 - Address Book contacts all in 1 group Using Outlook 4
N Outlook 2010 on re-imaged computer missing calendar/contacts Using Outlook 0
D Outlook 2010 contacts syncing intermittently via Outlook Connector Using Outlook.com accounts in Outlook 2
R Moving contacts from ICloud back to Outlook 2010 Using Outlook 4
O Outlook 2010 Contacts Using Outlook 3
S Seeing Custom Fields in Contacts (Outlook 2010) Using Outlook 0
T Outlook 2010 - Contacts associated with an e-mail address Using Outlook 1
L Suggested contacts are not retained after exiting Outlook 2010; Windows 8.1 Using Outlook 4
Z Copy Outlook 2007 "AutoComplete Contacts” to Outlook 2010 Using Outlook 7
N iCloud deleted my Outlook 2010 contacts Using Outlook 1
C Custom Form Outlook 2010 Contacts Using Outlook 3
D Search iCloud contacts from Outlook 2010 CTRL-E Using Outlook 4
B Using hosted exchange to sync outlook 2010 calendars and contacts to BB Z10 Using Outlook 4
D why do exchange contacts not sync properly from outlook 2011 to outlook 2010 Exchange Server Administration 2
S How to set Company as default "File As" in Contacts for Outlook 2010 ? Using Outlook 1
S Outlook 2010 Mobile Contacts Using Outlook 1
S change default contact list in Outlook 2010 to "contacts" rather than "global" Exchange Server Administration 1
S Outlook 2010 Email address dissapearing in SOME of contacts Using Outlook 2
B Can't Remove Shared Contacts Folder in Outlook 2010 Using Outlook 2
I Shared Contacts in Outlook 2010 and Exchange Server 2010 Using Outlook 4
M Searching Outllook 2010 shared contacts from Outlook 2007 Using Outlook 4
M Error Messages when exporting Outlook 2010 Contacts to a CSV (DOS) or Excel Using Outlook 2
R How to backup contacts in Outlook 2010 as business cards Using Outlook 1
M Outlook 2010 Contacts - mailing lists Using Outlook 2
T BCM 2007 to Outlook 2010 with no BCM - need contacts imported BCM (Business Contact Manager) 3
R Went from outlook 2003 to 2010 - can't retrieve active for contacts Using Outlook 0
S Outlook 2010: How do you enable Contacts' Activities to search archive folders Using Outlook 6
D Outlook 2010 contacts show old data when opened Using Outlook 1
L Outlook Contacts 2010 problem with Notes section configuration Using Outlook 22
D How to remove "extra" contacts folders in Outlook 2010 Using Outlook 4
T Outlook 2010 lost all eMail addresses from contacts Exchange Server Administration 4
e_a_g_l_e_p_i Can emails from Gmail be deleted when they are downloaded to Outlook 2010 Using Outlook 1
L Outlook 2010 Outlook 2010 Outlook VBA and Custom Forms 2
C What folders are needed when reinstalling Outlook 2010 Using Outlook 0
e_a_g_l_e_p_i Gmail in Outlook 2010 preview issue Using Outlook 4
e_a_g_l_e_p_i Outlook 2010 Help setting up Gmail account in Outlook 2010 Using Outlook 3
B Outlook 2016 Unable to view images or logos on the outlook 2016 emails the same html code works well when i use outlook 2010 Using Outlook 0
M Outlook 2010 Outlook 2010 with O365 / Exchange Online Using Outlook 0
F Outlook 2010 Outlook 2010 and GMail Using Outlook 0
D Outlook 2007 vs. Outlook 2010 -- ToDo Bar Using Outlook 0
e_a_g_l_e_p_i I think it may be time to upgrade from Outlook 2010 Using Outlook 3
T Why does outlook 2010 convert only some forum notifications to plain text? Using Outlook 0
I Error saving screenshots in a custom form in outlook 2016, outlook 365 - ok in outlook 2013, outlook 2010 Outlook VBA and Custom Forms 5
M Outlook 2010 Problem with OutLook 2010 32 bit, after Windows Auto Update Using Outlook 3
D Outlook 2010 account setup fails in particular domain Using Outlook 3
B Outlook 2010 is Auto Purging when not configured for that Using Outlook 1
W Outlook 2010 Reading Pane Slows Startup Using Outlook 3
S Outlook 2010 unable to change default font Using Outlook 7
B Outlook 2010 Can not find a certain file in M/S Outlook 2010. Using Outlook 1
Mark Foley Cannot enable add-in in outlook 2010 Using Outlook 0

Similar threads

Top