(See this recent article for what to do if your email gets hacked). When helping yet another client get his hacked email account back, I came across two distinct hacker tricks that I thought are worth mentioning.
One is forwarding. This particular hacker had changed a setting in the hacked email account (a Yahoo account) so that all emails received would be automatically forwarded to another email address, which was in possession of the hacker, of course. Thus, if the hacker sent any emails out from the hacked account to the contacts in that account, with one of those famous Nigerian scams (by the way, the hacker was literally in Somolu, Nigeria) and got any replies, the replies would be forwarded to the email account of his choice, which by the way was VERY similar in wording to the original hacked email account so only a very careful eye would notice the difference if the hacker now replied from the second account.
The second one, err, let me backtrack for a moment. There is a setting that can be, well, set, in all emails. It’s called “Reply-to”. User A sends an email to user B, but in that email it’s specified that if user B hits the reply button, the reply will be sent to user C. This setting can be useful sometimes, but in this case, it was a second hidden time-bomb the hacker was using. All the emails sent from the hacked account had a reply-to setting that would send any replies to the hacker’s own account. The only reason I noticed is because I was looking very closely. I mean, who checks that one’s email is going to the right email address when one hits the reply button? Exactly. Very sneaky.
So you see, even if the hacked email account got recovered and back to its rightful owner, with the first trick above he would still not be in control of the emails received, and with the second trick, any emails already sent out would end up, if replied to, in the hacker’s own email account.
The above are two tricks to be aware of, if your email account gets hacked or if you’re at the receiving end of a spam/scam looking email from a known contact.
11/20/13: In handling the most recent email account hijacked, I became aware of yet two more tricks used by the hackers:
A) Use of filters. Often email accounts will have the ability to set filters that perform certain functions on incoming emails, i.e. put them in specific folders as they come in, or perhaps delete them (for unwanted contacts). In this case the hacker had set a filter so that any email sent to the recipient was sent straight to trash. That way nobody emailing the actual account owner would be able to get in touch with him/her.
B) Changing the signature. In this case the hacker had changed the phone # in the signature. In earlier cases they had included a malicious link in the signature, so that whenever in the future an email was sent from that account, it would be sent with a malicious link in it.
Hi, I read your post about the email hackers. Thanks. Your posts have been educational and I appreciate you for posting them. I have a very important confidential project I’m involved in and need to be able to send emails with attachments of word processor docs to and from a few people that I’m working with. A few weeks ago you were one of the people that replied to my post on encryption and noted that MS Word 2003 or later has a pretty secure encryption feature. I don’t use MS Word (I use Open Office) and I was thinking that the encrypted password method might not be as secure as programs like PGP, etc. However, they are owned by Symantec and I really don’t trust Symantec. I also don’t want to use any of the hosted third party encryption services and so I was hoping you know this area well enough to recommend one or more free downloadable encryption programs that I could use. Can you advise me on this? Thanks. Jim
Hi again. I forgot to mention my O/S is Win XP. Thanks again. Jim
Hi Jim, thanks. I’ll send you an email on this.