I suspect that we’ve all sent emails that have been bounced back to us as “undeliverable” – for any one of hundreds of possible mail server errors (you might be surprised to learn that there are 850+ possible error messages). The most common error? We’ve used an incorrect email address.
In most circumstances (if you’re aware that you did send the bounced email), it’s safe to open the undeliverable notice. But, and this is a big BUT – if you didn’t sent it – DON”T click on it –DON”T open it! Especially if you’re required to open an attachment to view the details. An attachment virtually guaranteed to contain malware designed to hijack your email account.
You might think that this sort of thing couldn’t happen to you. But, don’t be so sure – a moments inattention can be all it takes.
Here’s an example forwarded to me, just a few days ago, by a regular reader who is a very astute user. A reader who’s extremely conscious of system security, and Internet safety. He and I correspond frequently on security related issues, and I can easily say – he knows his stuff.
Hi Bill:
I just had an email account hijacked because I sent an email to a legitimate web site and immediately received one of those undeliverable messages (Damein something?). Anyway, I clicked on it to see if I sent the email to the correct address. Shortly thereafter, someone took control of my contact list and sent emails out with a link on them.
Of course, I changed my password and deleted my contact’s list. I am no longer keeping a contact list on my email programs, as the first thing they do is take control of one’s contact list.
I’ll point out, that the most common reason (but, not the only one), you’re likely to receive an infected bounce back is – your email address has been scooped from an infected machine’s contact list. In other words, someone you know and have exchanged emails with, is infected. The example above, is a perfect illustration of this.
Malware delivery methods are cyclical (everything old is new again), and we’ve seen this threat before. From what I can see, following some investigation – it appears to be making a resurgence. So, when dealing with bounce backs, it’s important that you have a heightened sense of awareness.
You may think that this is an overreaction but, if the bounced email is a personal email – pick up the phone and confirm the address. Having once been a victim of a cyber criminal who hijacked one of my email accounts, I can assure you – it’s a most unpleasant experience.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
Hey Bill
I’ve seen these before. Of course, I don’t open them and fortunately most of them go straight into the spam folder on delivery. On a slightly different note, one email worried me very much recently. It was very legitimate looking, and claimed to have got my details from a employment website that I am actually subscribed to. It claimed to have a position vacant, and asked me to send my resume to a reply address. Of course, being the suspicious/paranoid bloke that I am, I delved into the details. Turns out the email originated from Mexico!!. I live in Australia!! Email deleted.
Cheers
Hey Mal,
Bizarre!
For those who fell for this, there’s a good chance it was “hasta la vista baby” to their identity. Glad you brought this up.
Best,
Bill
Hey, Bill — I use Thunderbird 3.0.10 with the CloudmarkDesktopOne spam filter. It sends suspect emails to the “Spam” folder. Thunderbird’s internal filter is set to send spam that CloudmarkDesktopOne misses, such as “1 % Interest Rate” and “$500 per day”, to “Junk” . There is no option to send them to the Spam folder, which is good because of the following problem.
I can delete the Trashed and Junked emails by clicking on “Empty Trash” or “Empty Junk”. But there is no “Empty Spam” option. To delete the spam, I highlight all of the spam by clicking on the top-most and bottom-most item in the spam folder and then deleting everything. The deleted items are sent to the Trash folder, which then has to be emptied.
Clicking on the top-most and bottom-most items in Spam shows them in the preview pane, which, to me, is the same as opening the email.
Any comments on the preceding paragraph?
‘Preciate you! Keep up the good work!
.
Hey Hipockets,
Seems like an awkward way to have to complete a task. But, I have a suspicion it’s set up this way to accommodate the “community” aspect of the application.
Given the overall quality of CloudmarkDesktopOne, (I tested the freeware version, last year), I have no doubt the Spam preview mode is safe. I’d like to be more technical in this response but, it’s been some time since I’ve run with this app.
I wish I was getting a few 1 % Interest Rate, and $500 per day, offers. 🙂
Best,
Bill
Hey Bill,
I think your letter sender was talking about ‘Daemon’ of Yahoo. It seems my Yahoo account wasn’t hijacked because I could still access it on some browsers. But at other browsers, there’s always a strict SSL warning advising me not to proceed (to Yahoo). And when I safely access my Yahoo, most of my contacts are gone. Was that hijacking too?
Hey Poch,
Not likely – a mailer daemon is not specific to Yahoo.
The SSL warning you’re seeing (from your description), is browser dependent. Check your SSL security settings in each of your browsers, and enforce the same level of security in each. Better yet, check all security settings.
If you’ve lost any contacts, that suggests that your account has been compromised. You should be aware that hijackers don’t always restrict your access to your account. In this way, it’s possible for hackers to continuously harvest new info from a hacked account..
I suggest that you review all settings in all your accounts, paying particular attention to settings associated with Forwarding, POP/IMAP, and Filters (reset if necessary). Then, change the passwords to all your accounts.
Best,
Bill