Frontier email account hacked

lan101

lan101

Well-Known Member
Reaction score
599
So I have a client with a small business that's had a frontier email account (yahoo) for years.

Sometimes randomly it'll just send out spam. It appears that someone else potentially has access to it. For example yesterday it send out an email to a bunch of people and said something along the lines of "Hey there I have a favor to ask of you please reply."

So it appeared that this sent from my clients email address. If you hit reply to that email it goes to a "different email" but looks similar to my clients of course.

Can anything be done about this? They've already changed the password to something super strong 2 different times. I didn't know if anything else can be done to potentially stop it from here on out?

Thank you.
 
lan101 said:
So I have a client with a small business that's had a frontier email account (yahoo) for years.

Sometimes randomly it'll just send out spam. It appears that someone else potentially has access to it. For example yesterday it send out an email to a bunch of people and said something along the lines of "Hey there I have a favor to ask of you please reply."

So it appeared that this sent from my clients email address. If you hit reply to that email it goes to a "different email" but looks similar to my clients of course.

Can anything be done about this? They've already changed the password to something super strong 2 different times. I didn't know if anything else can be done to potentially stop it from here on out?

Thank you.
Click to expand...
perhaps the problem lies in the customer's computer
 
YeOldeStonecat said:
Yahpoop is well known for having their mail servers hacked into...multiple times.

Best thing your client can do is stop using them, many better email services out there. Oh..and this is for a business? x10!!!
Click to expand...

Agree 100% lol. I've mentioned that...they are "slowly" migrating to a gmail which I guess is better than yahoo.
 
HCHTech said:
Did you check for forwarding rules? Did you also change the security questions? Any chance 2FA is available?
Click to expand...

A while back in the webmail settings I looked at the "filters" etc. and nothing was in there. I'll have to check there again to be sure on the forwarding. Thanks.
 
Email has two different fields. Reply To, and Mail From.

The email client fills these in itself. Mail From can be from anywhere, and should be pretty obvious spam unless the domain lacks SPF, DKIM, and DMARC.

But even if the above all works, reply to can be anything else. So if the mail is being sent from the actual mailbox, reply to could very well be used to in effect bypass spam filters.

Since Yahoo has all of the above records, I'm left to assume a Yahoo account is being used to send this junk mail... and mind you it could be ANY Yahoo account... not just your client's...

All you can do is advise your client to change their password, enable MFA, and transition to a more professional service.
 
Yes...strongly encourage them to move away from this, and to a more professional solution.

As noted before, and you can Google this, Yahoos servers have a long history of breaches from the top end. Changing passwords doesn't matter much...they servers get hacked from above the individual mailbox level.

Also residential grade email systems like Yahoo...run IMAP. And..IMAP basically gets exploited directly regardless of having MFA enabled. I'll reword that....MFA doesn't do a thing to secure any account with IMAP. This is one of the reasons one of our standard scripts to run on our 365 clients is...disable IMAP (which is now a default thing for 365 thankfully)

Yeah, Yahoos mail servers....not only is the back door ajar, the front door is just a flimsy screen door that doesn't latch shut...just blows half open in the wind..and all the ground level windows are wide open too!
 
lan101 said:
Sometimes randomly it'll just send out spam. It appears that someone else potentially has access to it. For example yesterday it send out an email to a bunch of people and said something along the lines of "Hey there I have a favor to ask of you please reply."
Click to expand...
No one has access to the account. As @YeOldeStonecat pointed out Yahoo! Email servers have bee repeatedly hacked and address books stolen. So hackers have lists of known good emails and use them as the basis of phishing attempts, using spoofed emails. Check the headers, you’ll see the client is NOT really sending them. You can’t do anything to put the genie back in the bottle. Your client needs to get a real email service like Office 365 and a domain name of their own that will allow you to setup proper SPF,DKIM, and DMARC records. All of that allows you to validate the email sent and helps prevent fakes from being sent.
 
Markverhyden said:
Statistically speaking it's probably spoofed email addresses.
Click to expand...

Yup. I can't think of a single instance where I've gotten an email message that appears to be from someone I know, but that's clearly "not of their style," that wasn't a spoof.

It's far more statistically likely than your account actually being hacked and used by someone else to send stuff. I've spent years educating clients that email that appears to have originated from them is least likely to have been the result of an actual account compromise and most likely to be yet another instance of spoofing. Keep calm, do some basic checks, and carry on.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Client can't login to Google account using their own email.
Replies
8
Views
182
timeshifter
timeshifter
lan101
Clarification for frontier email accounts and outlook after Sep 16th
Replies
8
Views
805
callthatgirl
callthatgirl
thecomputerguy
Do Teams Groups (External Email) follow threat policies?
Replies
6
Views
324
YeOldeStonecat
YeOldeStonecat
Velvis
Logging into computer with Microsoft account
Replies
17
Views
621
Markverhyden
Markverhyden
thecomputerguy
Client locked out of MSN account in an interesting way.
Replies
7
Views
183
thecomputerguy
thecomputerguy
Back
Top