Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and the Yahoo Answers website is now in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

Trending News

Promoted
Jose P
Jose P asked in Yahoo ProductsYahoo MailAbuse and Spam · 7 years ago

Was my email account hacked or spoofed?

Woke up this morning and saw an email from me to me. I had a 15 digit password (upper and lower case letters with numbers and special characters mixed in). I also had two step verification turned on. All log in activity shows I was the only computer accessing my account. Not sure what happened or if there is something else I should be doing to protect my accounts. I am running a Norton Antivirus scan right now to look for possible Malware.

Note: I changed my password to 32 digits, however I don't believe my password was compromised. I think something else is at play.

Can anyone help me or point me in the right direction? Thank you.

See header information below.

From jose10162003@yahoo.com Sat Dec 14 06:43:05 2013

X-Apparently-To: jose10162003@yahoo.com via 98.139.211.223; Sat, 14 Dec 2013 06:43:08 -0800

Return-Path: <steakhousesqs@mthai.com>

X-YahooFilteredBulk: 1.163.147.77

Received-SPF: pass (domain of mthai.com designates 1.163.147.77 as permitted sender)

X-YMailISG: .GJwfwwWLDs2vCZtF1cF0gWBVv1TBYttuAB5yAg64GRR.kXT

2h0NX228ajmUttOh5gUfcrc2a0FnUU3Jr2C23SZkhV18yf19T5Jhu87q.oiB

py5rTGzzDVacNqYJO4z5kgoJf2lrhC0r2trzwseA5qqYvLsz2cZEmNZdZos7

nmAYvZNG2zxqmJ1VB4FVMATuiQcva6AD0CW55m9ev39a5nLQ4M4Jba.ihwhM

vpvpvvY53ppswKis.zbqXmfkTlbfXk5to2uZelpAc4Lp5rUv9NtslUMtoivM

0sBWx57H7mc9SkUzSFFU.PAuRui3k4IzWxIkFfxW3SjhohBPe7Qkw7Loj1U0

Td_ahj.neut45KVFu5IZJVNyQCdBKZ8L_AatvX8C77hYXY6YHOyoLTHqCeZ1

T6of.5zSkOMJru6B4QrKjKKfUz7gGLRRQ5t9H4DbJVaKpzhFlHh9J4OxJLjK

RFSq1.Hrm371sKcxJyg9FBLf79wmLU8fuCO92GrBmYV9yMog0qQqIEWMq3ua

BnYrIYMrDe9UQ0G1WPQDaizG8LMbjmhsnHYQW1IoO86Mt3__7JLZBFjp1KNM

7uiGv50pRa4FOSNILo6oC75.Qx7GQmka_baY.O32ndhQQHqYvRmMjr0.Mqg7

1OKSHCHWuY7G9kE9UrKySJ.Ke9mbxJxYqa2iixEb9Cbut8k1tAW8X7RpMP44

xDJpBR8pnrQuLVtayiyhlagDi5h8VLPImr47pvlYvdYalkC3TSEPOX0ZwHxt

r0zJoN8BnZPjMd.m6rSnQ9abREw9Bl5nvreTpACC0M9kkEshFUvkynXRXRx0

8YPAs43sNhx86jcHX2kOCZGJ6zcvsBW3gV_oJmbgf3vSW60xdqb1n88VECek

oXuF.yjIcBCnosZnIqpsFnKzfHiyXuaxpLhKpOHZDry9g3SByA0HRTMhO6lc

orFpL3PDGuFcvtmIg23Y4oL1tr7UOy4VrNq5Ga_dWDS0DXJWeYXyG1l7DDW.

OGdJOfW26mcJIxbS.kpFIaEIrVRNBjcfZ5pDgojZSDNlLPoduRpw6XHF8v2k

Ie5Vtnca93mkzyPIbXbooRQkFYGaKdhvis4KgTAFPG5oSJbUfK6Alv94zK1w

MlmfqaWwWWipHKsL36RjsYROLYrgqyul6AowuIEPtXSA6BC9NyOU9IC7UaAe

LXs-

X-Originating-IP: [1.163.147.77]

Authentication-Results: mta1267.mail.bf1.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=neutral (no sig)

Received: from 127.0.0.1 (EHLO 1-163-147-77.dynamic.hinet.net) (1.163.147.77)

by mta1267.mail.bf1.yahoo.com with SMTP; Sat, 14 Dec 2013 06:43:06 -0800

Received: from 1.163.147.77(helo=yahoo.com)

by yahoo.com with esmtpa (Exim 4.69)

(envelope-from )

id 1MMLFQ-2334rx-H4

for <jose10162003@yahoo.com>; Sat, 14 Dec 2013 22:43:05 +0800

From: <jose10162003@yahoo.com>

To: <jose10162003@yahoo.com>

Subject: Great pharmacy 24/7

Date: Sat, 14 Dec 2013 22:43:05 +0800

MIME-Version: 1.0

Content-Type: text/plain;

charset="Windows-1252"

Content-Transfer-Encoding: 7bit

X-Mailer: pztjtcgdcr-84

Message-ID: <4725343012.UTG0IBER862308@sonlijrckenbirs.tduwvdyvutgu.ua>

Content-Length: 47

1 Answer

Relevance
  • ?
    Lv 7
    7 years ago
    Favorite Answer

    Hi Jose,

    Based on the information you've given us, your account does not appear to have been accessed by the sender of this email. It appears the true sender of the email has forged your email address in the "Reply-to" and/or the "From" field of the message they sent out. This is a tactic commonly used by spammers to confuse the recipient as to the true origins of the email. Please know that we are currently aware of this type of spam and are investigating it.

    Unfortunately, there is no industry-wide technical solution to this problem. Yahoo (or any other email provider) is not able to prevent its domain name from being forged in the headers of an email message, nor is it possible to preempt the misuse of an email address within forged headers. Individuals are strongly discouraged from forging the Yahoo domain; and in the future, appropriate action will be taken as necessary.

    If you are interested in researching the origins of the email, the email message itself may contain some information relating to the sender's identity. Most email systems typically contain the originating Internet Protocol (IP) address in the full Internet headers of messages. The originating IP address is generally located in the very last "Received" line of the full headers and corresponds to the sender's Internet service provider (ISP).

    View the full header of an email

    http://help.yahoo.com/kb/index?page=content&id=SLN...

    In the pop-up box, look for a line that looks something like "Received: from [123.456.78.91] by . . ."

    Press CTRL + C to copy that information or you can also write it down.

    Go to a utility website, such as Whois, to see the name of the provider from which the email was sent.

    Once you have identified the IP address, you can conduct an IP lookup to determine which ISP provides this person with Internet access. One such lookup tool you may want to try is:

    http://whois.arin.net/ui/

    In addition, please visit the following website for useful tools to combat spam:

    http://antispam.yahoo.com/

    Thanks!

Still have questions? Get your answers by asking now.