Unauthorized e-mail address change in ISP account

ittiandro · 14 Jan 2022

Hi
I’ m on Windows 10 Home. I recently found that I was not receiving e-mails, although I could send them. and they were received.

I contacted my ISP with which I have an e-mail account ( Outlook 2007) and they told me that my e-mails ( unbeknownst to me and to them) were being diverted to another address of which I have no knowledge and which I never requested. They cancelled that address and immediately after I started receiving my e-mails.

They are unable to explain why and how my e-mail address was changed for a phony one and on whose request,( somebody must have requested it!) but they refuse to admit the possibility of a security breach in their system, saying that it might be the work of hackers who fished for my e-mail account PW in my computer and were subsequently able to get my ISP change my e-mail address in their system, possibly with a view of intercepting my incoming e-mails.

I am not at all convinced that the problem is not on their side. I’ll probably change ISP, but I am curious to know the possible causes and implications of this , if somebody cares to comment on this.

Thanks

Ittiandro

Try3 · 15 Jan 2022

I hope you have changed your login password with your email ISP to a strong one. Personally, for any internet-facing password, I use a minimum of 18 random characters [including at least one character from each of these sets: a-z, A-Z, 1-0, common punctuation, symbols].

You'll have to follow up the change by altering the setup within Outlook 2007 to include the new password but that's a very straightforward task that you have done before.

And set Outlook up to use IMAP or EAS instead of POP3 because those have better encryption on their connections.

I do not know where else you store your ISP's account password.
- If it is stored in IE then it can be obtained by any system intruder without even needing to use Admin permissions.
- The same applies to Firefox unless you have set up its Primary password feature.
- Edge is pretty good. When I looked into the security of browser password banks [or whatever the word is] last year, I could not find any publicly-available utilities that could steal passwords from Edge.

All the best,
Denis

ittiandro · 15 Jan 2022

Thank you so much Denis for your feedback.
1.I did change the PW on the phone with the ISP agent. Do I have to go through them every time if I want to change it or can I do it myself? From what I understood, it seems that the ISP has to record the new PW in their settings. I prefer to avoid this, if possible, because it rather lengthy to call them everytime. Do Ihave to?

2. I am on MS Edge, but I don’t believe I have stored my E-mail PW anywhere except in the Outlook 2007 e-mail account settings..
3. I am still curious to know if this unauthorized change of my e-mail address is necessarily the work of hackers or if there can be other explanations, like possibly a computer glitch on the ISP side, which of course they won’t admit. If it was hackers, did they hack my computer directly, or could they have done it t through the ISP because of a security breach on their side?
It has occurred to me that it could also be an “ inside” job within the ISP organization, possibly somebody in collusion with hackers, who has sold my account information to them. This has already happened with a major bank here in Montreal, where an employee ( or former employee) has sold to third parties sensitive information from the Bank’s customers’ data bank, causing major financial losses.
Perhaps you can comment on this.

Thank again

Ittiandro

Try3 · 15 Jan 2022

1 I don't know who your ISP is but every ISP I have ever had provided an online account interface that could be used for such things as changing email addresses & passwords.

If your email address is, say, FredFlinstone@Wherever.com then go to www.Wherever.com because that's where you are most likely to find a facility for logging in online to change things.

3 Either explanation is equally possible.

All the best,
Denis

ittiandro · 15 Jan 2022

Try 3
Thanks again. I was able to change my e-mail PW for a more secure one through my ISP website.
I hope the problem I had is my last one, but I am a bit weary because for the 1st time in many years I have been victim of computer frauds twice within only 2 months: I was scammed a first time of $ 6000 on by bank account because a hacker has probably broken into my computer when I was online with my bank and found my bank account information and requested a transfer of funds to a bitcoin account under my name.
Fortunately I was reimbursed by the bank, because it was there fault if they failed to check the credentials of the fraudster. After this fraud I asked the bank to block any connection with my account online , including mine. I get all my statements by mail now.

Shortly after, I found a $ 900 charge on my cc because, again, somebody retrieved my cc number and ordered from Amazon. I still cannot understand how. I often buy from Amazon, but on their shopping cart they show only the last 4 digits of the card and my cc info is not stored anywhere else in my computer. Fortunately, this time too, I was reimbursed by Visa, but they are investigating and they tell me they will reverse the credit if they find that I did order from Amazon.
I find kind of unsettling that I keep receiving e-mail solicitations from the UK company where the fraudster bought the article with my CC. I don't know how they got hold of my e-mail address, but Visa could use this as a a proof that I did authorize purchase. I hope not.

Thanks again

Ittiandro

jamis · 15 Jan 2022

Not the same problem, but FWIW, the mail service my local ISP uses was attacked by ransomware on 01/12/22 and we could not connect to the server with any email program. iPhones, IPad, and PC were all unable to connect. The mail service is Mail2World.com. They finally got mail flowing this evening, but the iPhones (v.15.2.1) get mail that they think is corrupted and the ISP and Mail2World is still working on it. Thunderbird and the ISP's web based mail program work OK. The mail service flooded my inbox with incoming mail from 2004 on in an effort to make sure stuff wasn't lost. Service maintains that no user data was compromised, but I think the jury might be out on that one. FBI and HS were involved in the recovery.

Try3 · 16 Jan 2022

ittiandro said:

I hope the problem I had is my last one ...

You have scanned your computer with MS Defender? How to Scan with Windows Defender - TenForumsTutorials
You have run an MS Defender offline scan? Windows Defender Offline Scan - TenForumsTutorials
You have scanned your computer with a third-party antimalware utility to get a second opinion?
You have not turned off UAC or set it to a low level? Change User Account Control level - TenForumsTutorials
You are not using the default password on your router but have changed whatever it came with to a password of your own?

Denis

ittiandro · 16 Jan 2022

Hi Denis

I had installed Bit Defender a few months ago. It takes control of the Windows Firewall and Windows Defender. On the surface, It seems to be very well armed. A lot of features, including one called Safepay, which is supposed to open sites in a dark mode, under a cloak of " invisibility" when you do financial transactions or cc payments.
It also has a Rescue Environment feature which does a pre-boot root scan. In the past they had a RE disc, now discontinued.
I downloaded the BD Rescue CD from an other source but I had an issue with it, because it detected many Trojans that never show up in the regular scan. I keep deleting them and they keep popping up on the next RE CD scan.
I reported this to BD, They sked to send a log report for their lab. They came back saying that no infections were found.
In spite of several requests for an explanation, they never got back to me with an answer. The support ticket is still open after more than 3 months and they never bother to look into this. They have a couple of " specialists" who take turns asking the same questions all over and ask me to send log reports and the name of the Trojans, which I had already done a few times.
They have a very good online support system, covering all the routine problems, but when it comes to to more complex problems they are not of much help. May be next year I'll go Norton.

I thought my comments could help.

Ittiandro

Try3 · 16 Jan 2022

I used Bitdefender as an experiment for a few months five years ago.

It does not give you any better protection than Microsoft defender. Its benefits, if benefits there are, are solely in the additional tools it provides such as the Safepay you mentioned.
- This is true for any comparison between Microsoft defender and third-party anti-malware utilities. It's only the extra tools that can make them worthwhile.
- You can see the protection levels for yourself in some of the test results in www.AVTest.org

It's up to you but "next year" do consider just using Microsoft defender.

All the best,
Denis

csun · 16 Jan 2022

ittiandro said:

Try 3
I was scammed a first time of $ 6000 on by bank account because a hacker has probably broken into my computer when I was online with my bank and found my bank account information and requested a transfer of funds to a bitcoin account under my name.

Shortly after, I found a $ 900 charge on my cc because, again, somebody retrieved my cc number and ordered from

Very sorry for your misfortune.

By your avatar time zone you are in the Eastern time zone in the US or Canada ? Is your credit card from the same bank where you lost 6K ?

Most US banks have 2 factor authorization and strong security. With due respect, I would change banks and refrain from online banking and large internet purchases until you verify your identification has not been stolen. And I trust you were issued a new credit card.

No AV can be guaranteed to prevent your circumstances. Good luck in resolving your issue. Again, very sry you were a victim.