Hacked email

Discussion in 'Mac Basics and Help' started by awinterbreeze77, Nov 4, 2013.

  1. awinterbreeze77 macrumors newbie

    Joined:
    Jul 25, 2009
    #1
    So, a friend of mine told me her email got hacked.

    Basically what happened was she received an email from her friend that said, "Click here to view this important shared document" or something, which she did.

    Now, here's the funny part, she tells me she had separate passwords on both her Gmail and an antiquated Hotmail account. She says both were hacked, and that her friends received similar spam messages from both accounts.

    I of course told her to change her password, but the real question is, at first I thought, "Well surely she just went to some page and they asked for her Google credentials" (because the shared doc thing was supposedly from Google drive) and that was it. But now I am considering if it could possibly be some sort of keylogger, as far fetched as it seems.. else how would it get both email passwords. If it were Windows I wouldn't assume it to be a Keylogger, but I mean for a Mac, who really writes some snappy little Applescript that somehow logs your password.

    I'm just not sure. Your thoughts?
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    Email accounts are hacked all the time. It has nothing to do with what computer or OS a user is running. An email account can be hacked, even if the account owner doesn't even own a computer.

    It's also very likely that the email accounts were spoofed. If you don't see the offending emails in the Sent Items folder of the account, this is more likely the case. Spoofing can happen without knowing account passwords, as the emails are only made to appear like they came from the spoofed account.

    The only way to get a keylogger on a Mac is to install it yourself, or give someone access to your Mac so they can install it.
     
  3. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #3
    Yes tell her to go and look in the sent folder sand see if she can see the spam messages in there.
    If she cannot see them, its very likely that the messages that were sent out just looked as if they were sent from her, but actually weren't and her email wasn't hacked.
     
  4. awinterbreeze77 thread starter macrumors newbie

    Joined:
    Jul 25, 2009
    #4
    Thanks for the quick replies, guys. If you don't mind me asking, how exactly are emails hacked without gathering data from a user (i.e. they accidentally put in their login info in a phishing site)? You can't, like, brute force an webmail like Gmail can you?

    The emails were *not* in her sent box, so I believe you may have caught onto something.
     
  5. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    If the emails were not in her sent box, then it's very unlikely that the email account was hacked. Rather, the emails were spoofed, which means that no access to the email account was required. The emails were simply disguised to appear as if they were sent from that email account, even though they were not.
     
  6. Astroboy907 macrumors 65816

    Astroboy907

    Joined:
    May 6, 2012
    Location:
    Spaceball One
    #6
    To bring in the snail mail reference, like putting a different return address on the envelope. You assume it came from a said person, but if you follow the trail back it goes to someone completely different. Right?
     
  7. BrianBaughn macrumors 601

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #7
    I have a customer with a Google Apps account that got hacked just in the past week and was sending out the "click here to get document" type emails (I got one). I thought it might be someone spoofing, but the headers looked genuine. Here's the email content:

    Hello,

    There are some files i would want you to see It's not an attachment -- it's stored on-line at Google Drive. To open this document,Kindly CLICK HERE. and sign in with your email to view.

    --------
    Note: You'll need to sign into Google Drive with your email address.

    The link in the email sent was a phishing attempt to get login information from several different email services.

    Some hacker definitely was in the account. The hacker had created filters (probably imported them) at the Gmail site to make sure that responses from recipients skipped the inbox and went directly to trash (so that the account holder wouldn't be alerted). The hacker probably deleted the sent mails after sending them. Also, the hacker most likely had a script that ran at Gmail that extracted email addresses from existing emails. The phishing emails that went out from the account were sent to many more recipients than were in the contact list.

    This was the only user affected at the domain.
     

Share This Page