Gmail 5.0: Material Design and Multiple Account Support

Google started to materialize many of its applications right after announcing the … more

Some of Our Favorite Features in Android 5.0 Lollipop

Android 5.0 Lollipop is the latest major revision to Google’s mobile operating … more

Sony SmartEyeglass SDK Developer Preview Released

A little over a month ago in Tokyo, Japan, Sony unveiled its new SmartEyeglasstechnology. … more

XDA and Leaseweb: Server Trial/Moto 360 Contest (Winners!)

About a month ago, we held a contest along with XDA’s host, Leaseweb, to … more
Post Reply

Phone and/or Email App hacked

OP Noto_81

28th March 2014, 06:11 AM   |  #1  
OP Junior Member
Thanks Meter: 0
 
2 posts
Join Date:Joined: Mar 2014
I think that my Hotmail and/or S4 has been hacked. Last Monday I received word that a strange email was sent from my account with a link to skin care or something like that, so I changed my PW. On Friday, I received an email from Outlook that says my account has been compromised and I should change my PW, so I did, again. Sunday night, I'm told that another strange email was from my Hotmail account, so I change my PW again, 3rd time within a week. Each PW wasn't overly hard, but always contained both letters and numbers, so not super easy to crack I wouldn't think. So I started to try to track down the source, I removed email accounts from my phone on Monday (I have the stock email app set to check 2 accounts and have yet to have an issue with the second account). I also noticed in the Hotmail access log that my account was being accessed in 2 other states while all this was going on. So, all was going well and today I set up the email app with my Hotmail account info so I could check my email from my phone. Within 2 hours, my account was accessed from out of state again, but as far as I can tell nothing was sent.

I've read that its pretty simple to send out an email using an account that you don't have access too directly, just set up to use as a sent address, nothing shows up in my sent items so that would support this possibility. It's the account access log that has me worried, they still seem to be accessing my account. I've had AVG on my phone for quite some time now and that doesn't pick up anything, tonight I DL'd Lookout and that also came back as a clear scan.

My phone is still stock, would a factory reset fix the issue? I'd question whether or not a reset would get rid of the keylogger/spyware/malware or whatever is creating this problem. What about rooting and flashing a rom? What else could be causing the issue? I'm afraid that if I close the Hotmail account that there would still be something on my phone that's giving others access to my accounts.

Sorry for the book, T.I.A.
28th March 2014, 07:10 AM   |  #2  
Senior Member
Thanks Meter: 81
 
150 posts
Join Date:Joined: Mar 2014
Quote:
Originally Posted by Noto_81

I think that my Hotmail and/or S4 has been hacked. Last Monday I received word that a strange email was sent from my account with a link to skin care or something like that, so I changed my PW. On Friday, I received an email from Outlook that says my account has been compromised and I should change my PW, so I did, again. Sunday night, I'm told that another strange email was from my Hotmail account, so I change my PW again, 3rd time within a week. Each PW wasn't overly hard, but always contained both letters and numbers, so not super easy to crack I wouldn't think. So I started to try to track down the source, I removed email accounts from my phone on Monday (I have the stock email app set to check 2 accounts and have yet to have an issue with the second account). I also noticed in the Hotmail access log that my account was being accessed in 2 other states while all this was going on. So, all was going well and today I set up the email app with my Hotmail account info so I could check my email from my phone. Within 2 hours, my account was accessed from out of state again, but as far as I can tell nothing was sent.

I've read that its pretty simple to send out an email using an account that you don't have access too directly, just set up to use as a sent address, nothing shows up in my sent items so that would support this possibility. It's the account access log that has me worried, they still seem to be accessing my account. I've had AVG on my phone for quite some time now and that doesn't pick up anything, tonight I DL'd Lookout and that also came back as a clear scan.

My phone is still stock, would a factory reset fix the issue? I'd question whether or not a reset would get rid of the keylogger/spyware/malware or whatever is creating this problem. What about rooting and flashing a rom? What else could be causing the issue? I'm afraid that if I close the Hotmail account that there would still be something on my phone that's giving others access to my accounts.

Sorry for the book, T.I.A.

I'm not familiar with Hotmail, but many email providers allow 2-factor authentication. I would definitely suggest using that if it is available to you.

Check the IP addresses on the accesses from other states - do they match your ISP? Sometimes ISPs give out addresses that show up as different states. If Hotmail doesn't show ISP, you can put the IPs into the search at http://bgp.he.net/ and it should show you the ISP.

It is indeed trivial to send email appearing to be 'from' any account without access/relation at all to the account. Unfortunately spammers often take advantage of that and there's not really anything you can do about it.
10th April 2014, 05:19 AM   |  #3  
OP Junior Member
Thanks Meter: 0
 
2 posts
Join Date:Joined: Mar 2014
I did activate the 2 step authentication.

I did track the IP address and then Googled what came back from the search (Cellco Partnership DBA Verizon Wireless) and it appears that this is tied with VZ and the related towers. It just seems weird that at one point it says its being accessed in Minn and the next time in Colo but I'm in So Dak and haven't traveled far from home since all this started.

Regardless, last night another email was sent with my email being used as the sending address. I've decided to close my Hotmail account because of all the hassle. I'm still looking for some advise on whether or not I need to reset the phone or possibly root and flash my phone in order to get rid of anything that might be stored on my phone. Is it worth worrying about or should I just move on?
10th April 2014, 07:32 AM   |  #4  
Senior Member
Thanks Meter: 81
 
150 posts
Join Date:Joined: Mar 2014
Quote:
Originally Posted by Noto_81

I did activate the 2 step authentication.

I did track the IP address and then Googled what came back from the search (Cellco Partnership DBA Verizon Wireless) and it appears that this is tied with VZ and the related towers. It just seems weird that at one point it says its being accessed in Minn and the next time in Colo but I'm in So Dak and haven't traveled far from home since all this started.

Regardless, last night another email was sent with my email being used as the sending address. I've decided to close my Hotmail account because of all the hassle. I'm still looking for some advise on whether or not I need to reset the phone or possibly root and flash my phone in order to get rid of anything that might be stored on my phone. Is it worth worrying about or should I just move on?

Can you PM me the full headers of the email that was sent? I should be able to see in them how it's being done -- whether through your actual account, hotmail's servers, or just forging your email as the 'from' address.

You'd have to get them from the person who received it... in gmail it's as simple as clicking the little arrow and then 'Show Original', but the method to show headers will vary by client/provider, should be easy to google though.

About the IPs, it's not unheard of to be assigned IPs from a state or two over. It's obviously not an ideal configuration, no idea why it happens, but it has happened to me several times in the past. But we can't say they were your phone unless you've been keeping track of what external IPs your phone has been getting...
It is a really good sign that they're not some weird server host in russia, etc... though.
10th April 2014, 12:54 PM   |  #5  
Senior Member
Thanks Meter: 151
 
541 posts
Join Date:Joined: Apr 2010
It's very common for spammers to forge a sender's email address - they can easily send spam which is "from" you without having any access to your account whatsoever. Some of that spam will get bounced back to you based on the use of your address, not because it was actually sent from your account. The bounced spam should include the headers it was originally sent with, from which one can tell where it really originated.

Are you sure the "out of state" access isn't just legitimate access to the account from your phone? IP addresses are logical, not physical. The geoIP databases which try to map addresses to locations aren't perfect, and your cell carrier may in fact be associating your phone with an IP mapped to a different state.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Verizon Samsung Galaxy S 4 Q&A, Help & Troubleshooting by ThreadRank