I have had my email spoofed & just wondered if anyone knows how to rid myself of this, the isp of the person doing it is in Columbia, cos I traced it...The spam emails being sent are of viagra & drug related content, I wondered why I had an email from someone thinking I was hinting at them needing a pick me up (if ya know what I mean)hahaha....laughing aside, this is getting on my nerves now, I have deleted my address book but not sure that will do any good, please..if anyone can help or has had this done to them let me know, I dont really want to make a new email if I can help it....thanks in advance

Get in touch with who-ever your email address is through (hotmail for example) and get them to stop it.

I'm guessing you changed your password like.. as soon as you found out ?
_________________

It happened to one of my hotmail account recently, so I changed my password. Then a couple days ago, got an hijacked email from a mates hotmail account.

Not sure how they do it.

Thought spoofed was just where they pro-port to be from your email address but actually aren't?

In which case anything you do to your email account won't make any difference.

http://en.wikipedia.org/wiki/E-mail_spoofing

From the sound of it, you have just been hijacked. Not a big cause for concern really. Download 'hijack this' by Trend Micro. Just google it and you'll find it, be careful what you delete though, if you aren't, send the scan results to someone competent with computers ............... and that you trust. Hope this helps a bit

I've had the same problem but have solved it legally.

For a hacker to intercept an email address, it is illegal to do so under the data protection act and this applies internationally.

As I've already had a few issues with my ISP, I contacted the legal department and tech support. informed them of the problem and requested the email address to be terminated immediately as sensitive information can be accessed relating to customers and clients alike. they did so in 24hrs and I constructed a new account with a security filter as well as my mac taking on junk mail and wiping it.

this might help you. anyway just chilling out

lew

I'm sorry mr piper, but changing your email account will do nothing. Your screename has the same name ,(ISP number), as do all your names past, future and present. The number that you have is the number that is allocated to your computer and it can be pinpointed down quite easily. Your ISP technical staff should have told you this as you are their customer with a valid request. This is how Police and so forth gather up the information on paedo's in chat rooms. If you thought it was just a random number. forget it, they can pinpoint your home to a few hundrewd yards. Blocking mail, so that it goes directly into the 'spam' folder might be a good ideaor, changing your provider, as they don't seem too handy with advice might be a better one as they may allocate a new number. Sorry to be the bearer of bad news.

I had thought about this and yes you're right. sadly I'm tied into a contract with my ISP for another year. that's my dad's problem. so can't really do all that much lol other than pay them a ridiculous surcharge.

lew

Hi

I am in the digital security field.READ THIS..




Spoofing is the term hackers use to describe the act of faking information sent to a computer. This is a broad definition of spoofing, but there are many subtle variations of this attack. However, the purpose is generally the same: to disguise the location from which the attack originates.

Session hijacking takes the act of spoofing one step further. It involves the faking of one's identity in order to take over a connection that is already established. Because spoofing is required in order to successfully hijack a connection, we will discuss the two hacking techniques together.

The most common spoofing attack is called an IP spoof. This type of attack takes advantage of the Internet Protocol, which is part of TCP/IP. TCP/IP requires a return address on data packets to keep a connection open and to maintain a level of reliability when transmitting information. However, if this return address is faked, the sender is fairly safe from being traced.
An Example of Spoofing

Spoofing has two main uses. The first use is an untraceable denial-of-service attack. By intimately understanding the internal workings of TCP/IP, a hacker can abuse the software used in Internet communication and bring a network to its knees. Flooding a network with packets that have a fake return address not only will slow the flooded network, but will also affect the computer that owns the forged return address. This is like sending out a thousand pieces of insulting mail to your boss while using the return address of your annoying neighbor (not recommended).

This type of spoofing attack is very common on the Internet. One of the most common uses for spoofing is spam. Spam is unsolicited, bulk advertising email that plagues us all. Although spam is illegal in some states, and very rude in all the others, spammers are getting away with it. The reason they can do this is because the origin of the spammer remains hidden. Spammers use a spoofing technique to disguise the source of the email. They can do this by using email servers that allow anyone to connect and send mail. This is known as open relay. Many of these servers are misconfigured; however, some servers are available for just this purpose. By sending the email through the server, the email is tagged with the wrong return address, which makes it difficult to track down and prosecute the responsible parties.

Another common abuse of spoofing is in a denial-of-service (DoS) attack. This type of attack is very similar to the child's game of "knock and hide." A computer virtually knocks on another computer's door and then hides. Using amplification, the target computer can be kept so busy answering false knocks that a real knock will go unanswered.

Although spoofing can protect a hacker from being traced, there are yet more sinister uses for this technique, such as session hijacking. This type of attack can be understood through the illustration of a letter exchange between two friends on the opposite sides of the world. Let's call these people Sally and Joe, and let's call our attacker Mr. Mean.

Assuming the letter exchange was previously in place before the attacker noticed it, both Sally and Joe would know each other's address and have it stored away in their address book. The attacker knows this, and realizes that in order to capture and control the conversation, he must gain control of the addresses.

The first step to session hijacking is to discover the original addresses of both parties. In this case, it is a simple matter—Mr. Mean can look up both Sally and Joe's address in the phone book. The same applies in the digital world. An attacker would have to know both IP addresses and MAC addresses in order to attack. However, coming by this knowledge is often a simple matter, as it is typically public knowledge. Just as Mr. Mean would use a phone book to look up the addresses of his victims, a hacker would use the WHOIS service to look up the addresses of the computers online. This database is nothing more than a listing of all domain names with their corresponding IP addresses.

The next step would be to convince both Sally and Joe that the other had moved. This would be a relatively simple matter for Mr. Mean. All he would have to do is pick up some standard change of address forms from a card shop and mail them to both Sally and Joe. On the form, he would simply tell each party that their new address was 123 Lane Street. This would result in both Sally and Joe updating their address books with the new, fake address. Because of the formality of the form, neither Sally nor Joe would suspect anything. However, in reality, they would now be sending all messages directly to Mr. Mean's house.

Likewise, a hacker can perform such trickery. Using something known as an ARP request, the attacker would send his targets the same message telling them that the new IP address (tied to MAC address) is now located at XXX.XXX.XXX.XXX. This would result in each computer updating its ARP tables (address book) with the new address, which would cause all data to be passed to the attacker's computer.

At this point, Mr. Mean has all the mail messages arriving at his doorstep. He can now read, change, or even throw away any messages sent by Sally or Joe. This is the power of session hijacking. A computer can do the same thing. After the ARP addresses have been changed, the attacker's computer would receive all data being passed between the targets. The hacker can capture, adjust, and delete data just like Mr. Mean.

If Mr. Mean wants to stop monitoring the connection, he can simply ignore all the messages. However, this might lead Sally or Joe to discover that their messages have been compromised. The smartest thing Mr. Mean can do is send out another moving notice to both Sally and Joe informing each other of the correct address. Again, Sally and Joe would update their address books and continue as if nothing happened. The same would apply for a hacker. Although she could just turn off her computer and leave the area, this would result in a loss of communication, and could tip someone off that the connection was not secure. If this is not an acceptable risk for a hacker, she can simply forge ARP packets and correct the ARP table for the victim's computers.

There are many uses for these types of spoofing techniques. For example, secure links between a home computer and a Web store can be hijacked, chat connections can be hijacked, and even updates and downloads for popular programs can be spoofed. In other words, that virus update you just downloaded might not be what you think it is—instead of getting an update to your virus scanner, you could instead be installing a deadly computer virus.

I didn't know all that. I'm just a lowly computer repair man, but, from what i know, you explained it using terms that the layman might/did lol understand, i wouldn't or, to be precise couldn't. I know many analogies for things, but using the post isn't one i'd have thought of <our beloved postal service !!!!!!> . There are sites on here (the internet) that you can obtain ip addresses, but i've never actually been on one for more than a few minutes, and then just for curosity. Thank You for enlightening me