Scam emails – the bane of modern life – trying to get your bank data, credit cards, or just trick you into sending money…
Subscriber Jean N. wrote last week with an email problem — not the usual one, but that apparently one of her email accounts was being used in a attempted scam of her friends:
Hi Terry, I wrote you before from [deleted]@gmail.com. I signed up for your emails with that address. Now, today, that address has been compromised! Several of my family/friends have phone me to tell me that they got messages asking for money and that I am in London!.
I use Gmail, and Thunderbird. Now how do I know where the problem is? Is it Gmail, or Thunderbird? And were they able to get into other things on my computer? Or just mail?
I definitely need advice.
I wrote back to Jean to tell her that this is a common scam in recent days.
Given that it went to her friends, it could mean that:
- her computer has been compromised
- her gmail account has been compromised
- the computer of one of her mutual friends has been compromised, or
- another email account of mutual friends has been compromised.
I’ve received a few of these from people I’ve never heard of, and that aren’t subscribers to my newsletter, either.
If you have a hint that your accounts or your computer may have been compromised, I suggest changing your email passwords at your ISP, at Gmail, and running a couple good scanners on your computer.
Then, check your computer by using a several of antispyware/antimalware tools. I suggest VIPRE Antivirus or VIPRE Antivirus Premium (30-day trial) (http://terryscomputertips.com/VIPRE ) and Malwarebytes (use the free license, which does scans when you request them).
Those should give you a good hint of whether you’ve got a problem or not.
Jean wrote back to say:
I have run Malwarebytes’ Anti-Malware (it found nothing!), and also MS Security Essentials (it also found nothing). Both were run on FULL scans. Checking my Gmail it appears that someone from Nigeria was on my account minutes before the Emails were sent to people. There are three entries on the Gmail folder.
I have been changing my password daily (on my Gmail account) since this happened. There have been no more incidences so I guess it was a one time thing (I hope!). Everything else on the computer seems ok. Sure gave me a scare though! First time this has ever happened to me. I’m still hearing from friends who got, or didn’t get, the original message (asking for money to be sent to me in London (I’m currently in Yuma!!))
Thanks for responding,
The final test should be looking for a rootkit, or more than one, on your computer. The anti-malware programs may have picked up and resolved one or more, but rootkits are designed to be well hidden.
What’s a rootkit? It’s a type of program that is designed to bury deeply into the operating system (e.g., Windows) so that it can hide from Windows and anti-malware programs. Then, it proceeds with its nefarious goals, such as monitoring for your personal credit card and banking information.
Sophos Anti-Rootkit (http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html) is a free rootkit detection and removal tool that is well-respected. Rootkits, like other malware, are always being changed in attempts to hide them better.
As the manual says, "Sophos Anti-Rootkit does not update itself, so make sure that you always download the latest version from the Sophos website."