2

I own a Yahoo mail account. I am using this account for sending resumes and receive notifications from various job portals. But yesterday, I found that some 10-15 mails had been sent to random addresses from my account. Most of them had this format:

hr@<companyname>.com

I am pretty sure that I didn't send any mails to such addresses. Initially, I thought the job portals may be sending mails on my behalf and Yahoo is logging them, but then I saw the contents. The contents of all those mails were a URL, which I did not click. SCARED. Also, to top it off, my "Sending Name" has been changed to 'Nice Maria'!! o_0

I have taken the necessary measures and changed my password and the secret question. I cannot delete this account as this email is registered with all the job portals and other companies.

Is this a simple case of my account being compromised or was I a victim of some web vulnerability? All the mails seem to be bot generated, with only a URL as the message body. Please advice.

Mono Jamoon
  • 150

2 Answers2

1

This is a SMTP faking, which basically means the user sent the email through another SMTP server that used any email address (you can send an email as i@am.com even though you don't even own the domain), however your email account is not compromised and by no means people could see your email inbox.

To prevent this from happening, my suggestion is to look into the SPF record creation, which if you are using Google Apps, it can be found here: http://support.google.com/a/bin/answer.py?hl=en&answer=33786, this can not prevent people from sending emails from fake email address, but it will automatically sent those ones to spam.

zhuanyi
  • 246
0

Nothing you have said suggests any sort of compromise. I can write a letter and mail it to you with the President's return address on the envelope -- does that mean I "hacked" the President?

David Schwartz
  • 62,365