Email hacking improvements needed;

[Rick]

My Email address is "X";
But someone sent me an email to my "X" email address;
Yet it shows my "X" email address as [email protected]
Of course, [email protected] is not my email address at all

Seen this happening to frequently now;

What's going on here?

[satrow]

It might be that you were added as a BCC, or that it was forwarded to you, check the details in the full headers.

[Rick]

use outllook2003;

Have all my email accounts under outlook so can use/read/reply in one place;
I noticed that some accounts seem to take a while to load the reply window while others do not...

it's a typical notice of being hacked...

How to determine if that email is hacked/monitored by some third party?

[satrow]

You need to check the details from the full email headers:

https://support.office.com/en-us/article/View-the-Internet-header-information-for-an-email-message-20BBC2FB-99C6-4B2B-A3B9-AC9B32A5D8A5

http://whatismyipaddress.com/trace-email

https://www.howtogeek.com/121532/htg-explains-how-scammers-forge-email-addresses-and-how-you-can-tell/

[Rick]

Example of; PAYPAL trying to be hacked?

X-KK-mid:bizmxp5t1512308147t9i64mv83
Received: from [84.38.129.141] (port=62434 helo=IP-129-141.dataclub.eu)
   by host.interficto.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
   (Exim 4.87)
   (envelope-from <[email protected]>)
   id 1eLUQm-0006Ke-Gd; Sun, 03 Dec 2017 08:35:40 -0500
Content-Type: multipart/alternative; boundary="===============1973367036=="
MIME-Version: 1.0
Subject: Important Warning! Your PayPal Account Will be Blocked
To: Recipients <[email protected]>
From: "[email protected]" <[email protected]>
Date: Sun, 03 Dec 2017 15:35:33 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.interficto.com
X-AntiAbuse: Original Domain - spcl.hk
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - paypal.com
X-Get-Message-Sender-Via: host.interficto.com: authenticated_id: [email protected]
X-Authenticated-Sender: host.interficto.com: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:

[Rick]

Another favorite we receive with many types of variations requested to reply too;

Received: from mail-qk0-f195.google.com (unknown [209.85.220.195])
   by bizmx12.qq.com (NewMx) with SMTP id
   for <myaccount@myaccount>; Mon, 04 Dec 2017 12:57:15 +0800
X-QQ-FEAT: 1EQ+pUErFGnDWXanCy35iotJdCkB2NoyJ51ihzoqpAc=
X-QQ-MAILINFO: NFsZrwZFHbKrA1QrvqeWQ69Xh7SVzbiiOJkRTIG3BP2NpGTreWMbly10C
   Zk+8iFZCMFSUg68zO5riuMigVwtVTV1yBrwOHvjhuAAG+wWXcqhVlIUviyUlhdppB/4KmnX
   50aW/TmJRLQh
X-QQ-mid: bizmx12t1512363437tuvyugggn
X-QQ-ORGSender: [email protected]
Received: by mail-qk0-f195.google.com with SMTP id z203so19991491qkb.5
        for <myaccount@myaccount>; Sun, 03 Dec 2017 20:57:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=NnvaXet0Nq44NOp6V7x/qhIRAy0aJSmXtGp63XyFJdE=;
        b=Su+GXauNWzhvxf8Ke3weCBiZxapBguYgxp/wo0i+8Sq1qUI+cqRDn/44MG7JJVNJD6
         cJ+KV1qwvnMPqncArNM2uHtGxbzd0mbOasbWE1owWevCErV2Gqx461qLH0yPEB13vrlz
         oSEJ56+tfKpKX6lBk1oxw9Cic6gUqwsDLEg8ZTZbH5CJXfCaNlZpW2Is5YpyndVV1mqi
         h/04S+g1nNQD2CvSFwDHfdkodQcUmSDXKANp1Ifacz5Mbt3Sz6iFOY2SocsiiTUPAdSf
         VuG82WD32A28Ylql4Q6VRltH0vgzVsGPCSf+9T1cFroLxIZs3WJj37TQfhX/Vcjr2IS4
         qLQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=NnvaXet0Nq44NOp6V7x/qhIRAy0aJSmXtGp63XyFJdE=;
        b=Vh5RJS5EAsvo8QPNZ+9ldYwChx7km92ThEI9MQXmZRShmpJZp07KHE32DJ7YI+Pp3w
         tPEFShrqke9r8li6XdeJg+pCVLJkqAA1WqZndU38u/GmdHUmhlA2eiazHh1aR5WQcWDY
         n8NCWbqN1Kk80X6hpMlWxLQWsJUpZ8TS16oChWAqci/PvXMkLCAIkCPjZFdtLMC5Tty3
         QXxqH5e3esuruh8Yek+vVKpPcLsSDWBtDz9eYpP9nkgqKpOVl94whiuu7uQvfczWeFo8
         FtfjYGnrI4jh8XldfPkMwebxkrV95tqtVS+AwRHPW3FlY9NmRQOyievPjd10Naa1F5rH
         WNvQ==
X-Gm-Message-State: AKGB3mKzxbXNpGeGDNxuuH0itvvPxOy97o5kui+TZsRIx7e6rTsGdbPQ
   UDlbvYgQ2NMDyLe/55I06YzpMYX7uBmogIC4n/U=
X-Google-Smtp-Source: AGs4zMZQAxeFYKN2IminN+4S5TLIDDYSl298VLrTfJspmE9Kk5+wqXLcPruidvBbCJ+DPR46zxJHbMZWiS3lLErD2bI=
X-Received: by 10.55.79.22 with SMTP id d22mr18513429qkb.247.1512363434414;
 Sun, 03 Dec 2017 20:57:14 -0800 (PST)
MIME-Version: 1.0
Received: by 10.200.43.253 with HTTP; Sun, 3 Dec 2017 20:57:13 -0800 (PST)
From: "[email protected] <[email protected]> <[email protected]>" <[email protected]>
Date: Mon, 4 Dec 2017 05:57:13 +0100
Message-ID: <CAH+y6sigYYaQ8i38WWR4ZSVp+TM2FUQv6P8QJS2PgB+s46-Phg@mail.gmail.com>
Subject: [Alibaba Reply Notification] Cherie Muller has replied you
To: [email protected]
Content-Type: multipart/alternative; boundary="001a114a7bfa479776055f7c8d10"

-----
End

[satrow]

The 'PayPal' entry looks like a spoofing attempt, sender IP is NL/Belize/Latvia (mail server location/registration/owner, I think), the IP is on at least 5 email spam blocklists, latest report I saw (I didn't dig) was 1 "Spam" entry [02:32:50 27 Sep 2017 GMT+00].

The other IP is a frequent spammer/spamvertiser/virus dropper, probably out of CN.

Wasted here, better to report them to a site that creates email blocklists and get a good email filter/blocklist yourself; if you're already digging these out of your spam folder, leave them there and delete them regularly.

[Rick]

The 'PayPal' entry looks like a spoofing attempt, sender IP is NL/Belize/Latvia (mail server location/registration/owner, I think), the IP is on at least 5 email spam blocklists, latest report I saw (I didn't dig) was 1 "Spam" entry [02:32:50 27 Sep 2017 GMT+00].

The other IP is a frequent spammer/spamvertiser/virus dropper, probably out of CN.

Wasted here, better to report them to a site that creates email blocklists and get a good email filter/blocklist yourself; if you're already digging these out of your spam folder, leave them there and delete them regularly.

Problem is; One can not block an address from which they pay for that service to do business such as alibaba...
Therefore, Email hacking improvements needed that contain inside spoofs...

I doubt that someone in China is stupid enough to try and hack Alibaba...

[Samson]

I doubt that someone in China is stupid enough to try and hack Alibaba...

That assumption would appear to be incorrect.....https://www.reuters.com/article/us-alibaba-cyber/hackers-attack-20-million-accounts-on-alibabas-taobao-shopping-site-idUSKCN0VD14X

[Rick]

I doubt that someone in China is stupid enough to try and hack Alibaba...

That assumption would appear to be incorrect.....https://www.reuters.com/article/us-alibaba-cyber/hackers-attack-20-million-accounts-on-alibabas-taobao-shopping-site-idUSKCN0VD14X

Yes, this area is true, however, we see the attacks coming from other areas that appear to be inside china.

Currently, Alibaba reply is that Spam/Hacking comes from everywhere and don't seem to be spending the time or money to update the online system;

[Rick]

Have a look and see if your a target;

https://haveibeenpwned.com/

[Still_Game]

This is my system for avoiding having to worry too much about spam.......

I have one domain name that I mainly use for personal mail that redirects mail to different Gmail accounts depending on the prefix to the @. I have one or two other Gmail accounts that I use for registration of software, forum registration etc. It's exceedingly rare that spam ever gets through Gmail's filters. Every so often, I review the Spam folders in Gmail for anything that's been wrongly filtered, but it's unusual for that to happen. When I download mail from the Gmail accounts to Outlook 2010, Google automatically archives the mail so I have a backup there of all my mail going back years, in addition to the regular backups of my Outlook PST files.

Works well for me.

[Rick]

I remember when my mom was alive, she learned how to use a computer to be able to keep in touch;
Yahoo as it turned out declared her emails as SPAM... it was so much fun sifting through hundreds of BS to read moms...
"yahoo to this day has done nothing to improve"...

gmail is somewhat limited and monitored by google themselves for opportunities including stocks going up or down and passing that info to "global crap streets"...
gmail is also banned in china and other countries where products are manufactured.

No matter what we do, we need to improve on email security and at a minimum, don't give emails to people offering free software/services;

many tech companies are lamb and uneducated that they can use system ID no mater where one is in the world;
Wonder how many catch that term?

[Still_Game]

Sorry, no idea what you're on about.........