Something is stealing my password in Thunderbird!
Since a few months ago, I have been battling with SPAM. Once in a while, I would get rejected emails with spam subjects that I did not send. I have spent a lot of time on this, even changing passwords to long random hi-strength strings and they still persist. I have scanned my PC with a whole bunch of anti-virus software and Malwarebytes, and it shows completely clean, yet I will change my password and 1-2 weeks later I will see evidence of rejected spam. All of this has FINALLY forced me away from Thunderbird, much to my chagrin!!! On my PC, I have removed Thunderbird and am using the web-email Yahoo GUI (boo). I still have my old setup on my laptop, but with the wrong password and with the address books (abook.mab, history.mab & impab.mab) removed / empty (once removed, Thunderbird creates new empty files).
Has anyone seen this before? I REALLY want to go back to using Thunderbird!
Alla svar (6)
You are wasting your time. If they were actually coming from Thunderbird on your computer the messages would be in your sent folder. Are they in your sent folder on the Yahoo web mail site? I doubt it. Spammers do not need you password. They just pick up your email address from someplace you posted it on the web and use it for the return address for the junk they send. Unfortunately this is a major failing of email. You can put any addresses you like in the return address field and make it look like it came from someone else. Kind of like the telephone companies allowing number spoofing so I get marketing calls from my own phone number. Google Backscatter to learn more. You can blame Thunderbird all you want if it makes you feel better.
I see what you are saying. I have seen such emails before from recipients that I know, but that does not explain why these spam emails are being sent to persons from my address book(s). I have now been blacklisted from legitimate clients with whom I communicate regularly and I still see emails that bounce back from employees of companies that are no longer there, who are still in my address book.
Do you think it is possible that the contacts that are being spammed are coming from past listened-in-on email sends that I have done on public networks? This would imply that only recipients of emails that I have sent out of public networks are being spammed, and not ALL of my contacts... i.e. my address is being spoofed and the spam is being sent only to a small number of my address book members. If so, then my Thunderbird is ok and I guess the only way to fix this is to change my email address? What do you think?
I have never figured out how they get ones contacts. Several of my friends have had their Facebook contact list accessed and for this reason I never add my contacts to Facebook. I assume they somehow collect addresses from sent messages but I do not know for sure. I just Googled How do spammers get my contacts and there is many threads with many theory's. As for changing your address, that would be a personal decision but not one I would make. They usually get bored with you quickly and move on to the next address. The next address could be your new one.
I just spoke to someone else and they said that it was possible to know the email address of a sender and the addressees on a public network, but I have not researched it further.
Ok...thx for the feedback.
I wonder what's meant by "public network"? All the big providers (gmail, hotmail/outlook, aol, yahoo) offer encrypted connections that make such eavesdropping rather hard.
One area to be careful with is wifi. Using a hotspot in a cafe or similar ought to be safe, but an interloper could set up a fake hotspot, relay your traffic through that and monitor what passes to and fro.
But eavesdropping on a connection doesn't automatically give access to your address books. That smacks more of "phone home" malware installed on your computer.
I thought that too but when I ask around, others have different opinions.
What's frustrating is that I have checked my PC using Bitdefender, Norton, AV, Kaspersky and Malwarebytes and all report a clean system.