Ask us about your TalkTalk email account and Webmail.
21-09-2023 06:07 PM - edited 21-09-2023 06:08 PM
Hi, I've recently received some rejected emails (not sent by me but using my Tiscali address), apparently associating me with a Halifax banking scam. What can I do about this? I enclose the relevant blurb from one of the rejected mails, with my email redacted for security reasons.
--------------------------------------------------------------------------------------------------------------------------------
Delivery has failed to these recipients or groups:
heathernotey@hotmail.com
A communication failure occurred during the delivery of this message. Please try to resend the message later. If the problem continues, contact your email admin.
Diagnostic information for administrators:
Generating server: SJ2P221MB1114.NAMP221.PROD.OUTLOOK.COM
heathernotey@hotmail.com
Remote server returned '550 5.5.0 Requested action not taken: mailbox unavailable.'
Original message headers:
Received: from BN9P221CA0020.NAMP221.PROD.OUTLOOK.COM (2603:10b6:408:10a::32)
by SJ2P221MB1114.NAMP221.PROD.OUTLOOK.COM (2603:10b6:a03:544::7) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.20; Thu, 21 Sep
2023 15:57:25 +0000
Received: from BN8NAM11FT059.eop-nam11.prod.protection.outlook.com
(2603:10b6:408:10a:cafe::85) by BN9P221CA0020.outlook.office365.com
(2603:10b6:408:10a::32) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.30 via Frontend
Transport; Thu, 21 Sep 2023 15:57:25 +0000
Authentication-Results: spf=pass (sender IP is 62.24.135.68)
smtp.mailfrom=tiscali.co.uk; dkim=pass (signature was verified)
header.d=tiscali.co.uk;dmarc=pass action=none header.from=tiscali.co.uk;
Received-SPF: Pass (protection.outlook.com: domain of tiscali.co.uk designates
62.24.135.68 as permitted sender) receiver=protection.outlook.com;
client-ip=62.24.135.68; helo=smtp-out-4.talktalk.net; pr=C
Received: from smtp-out-4.talktalk.net (62.24.135.68) by
BN8NAM11FT059.mail.protection.outlook.com (10.13.177.120) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6813.21 via Frontend Transport; Thu, 21 Sep 2023 15:57:24 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:E9499CDA19151104FCAC18D3FF3061CCCC86DC3A2F82B1150CE8CD24B0E8D9AA;UpperCasedChecksum:AA5901F33B3AEC4F79363341336D6FF24F44B00815CFD08C8D2586050C83F637;SizeAsReceived:1293;Count:15
Received: from appsuite-core-mw-groupware-5685f9468-bsc4s ([185.74.64.153])
by smtp.talktalk.net with SMTP
id jM3QqZfgOu8WdjM3QqC5yy; Thu, 21 Sep 2023 16:57:24 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tiscali.co.uk;
s=2105; t=1695311844;
bh=XTHEHApnyOwwk4DIMWIUO8yEHMZXAcXjrJOKDO5sKTI=;
h=Date:From:To:Subject;
b=2LCn9UbzuSXAMlYaDP/vmODhEHbRlLG7l5g2G8mkbnigkD3Q+1oLd7ZObMQcbT6i7
+H5uFFfxc7o+XHAavAhJyyq0FRDr/yHRYQZb6Y0j7OIqDhMZElv5iYf1kK2dtXp5su
C+iG/Pf0/q0MB8xSk1pQROASbJZXxuUXOmUZfpz0=
X-Originating-IP: [185.74.64.153]
Date: Thu, 21 Sep 2023 16:57:24 +0100 (BST)
From: Halifax <my email - redacted>
To: heathernotey@hotmail.com
Message-ID: <842029500.1994882.1695311844397@apps.talktalk.co.uk>
Subject: This is me! - Miss Heather Notley
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_1994881_1767497832.1695311844390"
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v8.16.56
X-Originating-Client: open-xchange-appsuite
X-CMAE-Envelope: MS4wfELeV9HFTio+EOQpnOwVdXmojHCqmwgkmz/3G0wx2F+cCJbSyXwEQ/uoxTlkmbyFEn9pUTzCQ9nBQqnw4ZkNgxx7pue0G8GbbNGYvFrfQUqGrPdBORAP
EtGya06DsH1plO3VHnHoVPvQ727KGCiCyY1FNFfvHwl+wmBPwZlpM0olFhKm4yQZQvjzOj1qf2f6fIaxZtaiZFGd+vXeZNUNW1jRQSwze/4ScSJYq/UdEod/
X-IncomingHeaderCount: 15
Return-Path: [my email redacted]
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM11FT059:EE_|SJ2P221MB1114:EE_
X-MS-Office365-Filtering-Correlation-Id: eb6098a8-9076-4eaf-e1e6-08dbbabb72d6
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 62.24.135.68
X-SID-PRA: [my email redacted]
X-SID-Result: PASS
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?8dLQXWztSw4H5EAftJPvf+4zIRWnvEccrh8TqZDcbNgx914beLeZOGl6Bq//?=
=?us-ascii?Q?ZXejAnjDseB/R4CQaENMTeviwLw5mHcQ8XyvSxl1hs25rA7b35Vbn1cXxFpG?=
=?us-ascii?Q?dqrJlNLFEBLXXY/RBdRZTuSchwgKcd4QK5CnSo8gdfsoWO5ClHV2b4I5jg/X?=
=?us-ascii?Q?kwZ0XbOmHymOS9xWreY71U4O7gooPXMyUSG/tw5c4YLIPGXvtvtSTp3QT/zW?=
=?us-ascii?Q?AD/xvQpvBC1UroxrJhzRNNqar6tvrX+ZzB374E4PNiByF7tNU+Dr9NjMuGnx?=
=?us-ascii?Q?zbwTO0PqQayocTeOMDzUffhT553ymVheL/W7mjDsY5s5M25XVh5D9Rc1niP+?=
=?us-ascii?Q?BtT+Md1uq1ZvGP0IXxis46+ciNeEzwtB4S+Pkhm2w8K+jw/YrYl6z38DfLDj?=
=?us-ascii?Q?GkGief5YLVc8SVqlcq7w31e+0a9u/khiYJ2p7gxZk+Y5zpNV2mB4MT1DRruQ?=
=?us-ascii?Q?AjlKE26XX2LkAUxFBRUXg9eMxXDEiZjAOw6xUwg6wz98/s22JB7MYtX51W18?=
=?us-ascii?Q?bqytya5YYA25Ng4uqRphXsX66ijuvEEK99f9eWCxgzf27ZKqAbuKbiTiLytG?=
=?us-ascii?Q?zonUXNkJzsTHEFHTjWdBJRVyqzq6JEEQQX1vNKnX67A9P/u9QUp1XxZAcEP9?=
=?us-ascii?Q?56vNCgigyyxwsPIAoKTZwc9ItuW0X/mH789fAkcZ2dMA6D09BvDS8hsEIcNS?=
=?us-ascii?Q?batYELP7LASmBYjfTNQt/1dTWxKTzlLB2PRbLquAkHByQzPWIq2XefUBF+2I?=
=?us-ascii?Q?4/u88S3hh6n3ULHvGbc3cdXMQNqRZvwYkhXja8QmaHojEs2jCE1XBn0eLTUm?=
=?us-ascii?Q?yQsRZ7VBjNOAdvpBabP/G+chIOxju8XQcDYZP0u07NLE0iwIXZj086qB7ltG?=
=?us-ascii?Q?nA210ayNrjpVyIJ6toRtTzDYjDQg8vLF9WntRGMqvzxZ3ffaOkMtyxsPf1C0?=
=?us-ascii?Q?gHuRDjVhiDBJxmMjKi/y4Y2mbkSaLkV9bKDt/Khxiq8aubK/s/Cj7Et03QF+?=
=?us-ascii?Q?R52aouTryssqcOXPDLMdJsYvLTgO6NNvSfYRbTCzHeaB3JAq5C1VInRu6NvK?=
=?us-ascii?Q?3FcXkRhmHyKrUArUNptYchsr/IzGIGo7Eu48ROwHeIOt2//hns4=3D?=
------------------------------------------------------------------------------------------------------------------------------
on 22-09-2023 06:26 PM
Well a full system virus scan has not turned up any nasties, but it does give a little more peace of mind.
on 22-09-2023 05:19 PM
I'm pretty tech savvy, but it's nice to be reminded of the basics every once in a while. My PC is generally pretty secure, so a compromise like this is quite rare. I'll also run a virus scan now as a just in case.
on 22-09-2023 05:05 PM
Thanks for the confirmations. In my first reply I gave my guidance on creating a new secure password. You just need to keep device security up to date and never enter the password on insecure systems or open wi-fi access points that you don't personally control.
You should be good from here onwards.
Gondola Community Star 2017-2024
Like below to appreciate my post . . . Mark as solved Accept as Solution
on 22-09-2023 05:01 PM
I guess this is the peril of using the same email for 15+ years - all the time I've been with Tiscali / TalkTalk. If push really comes to shove I'll set up a new TT email for all my private stuff, but for now I'll see how things go.
on 22-09-2023 04:58 PM
My new password bears no resemblance to the old one by the way.
on 22-09-2023 04:52 PM
I found them in the sent items folder on Thunderbird funnily enough. Hopefully this change of password will do the trick, as my old tiscali email I use mostly for important personal business.
on 22-09-2023 04:45 PM
Good to know the password upgrade seems to have worked. Clever hackers usually cover their tracks by deleting from the Sent folder and then emptying the Trash.
But you said "Sent items" folder. Does that mean your mailbox is not yet upgraded to the new mail platform? My previous advice about the Security setting was applicable only to the new platform as it's a newly introduced security feature for TalkTalk.
You said you'd found the Filter rules under the Mail or Email heading in the left panel so if that now indicates you have no rules defined then you can be sure the hackers aren't spying on your mail messages.
As you said on another topic that you'd got a phishing email purporting to be from TalkTalk about the mail upgrade do be very wary of anything from TalkTalk because you're going to be targeted. Keep your device security up to date and regularly scan for viruses, trojans and other malware.
TalkTalk do not use any tiscali.co.uk or talktalk.net email addresses for communications nor do they ever ask you to click links to 'Activate', 'Refresh', or 'Update' your account. Never click on any links in emails that you haven't checked first is the best advice I can give.
The latest phishing examples are shown below:
TalkTalk Mail help
Report a phishing or spam email
Gondola Community Star 2017-2024
Like below to appreciate my post . . . Mark as solved Accept as Solution
22-09-2023 03:48 PM - edited 22-09-2023 03:49 PM
I actually found a few rogue sent items in my sent items folder (where I don't normally look) - as if they had come from my account, so they were cleared out earlier, and all seems much quieter now since I've reset my password.
on 22-09-2023 12:12 PM
I mostly access my mail from the website or Thunderbird on the PC. I did a full scan with Malwarebytes last night as a precaution but it found nothing.
on 22-09-2023 12:00 PM
OK I've found it now and reset to a more secure p/w - I will also clear out some old message rules.
on 22-09-2023 11:51 AM
I may be being a bit thick here but I can't see anywhere in Settings to reset.
on 22-09-2023 11:45 AM
Thanks - I'll give it try.
22-09-2023 10:33 AM - edited 22-09-2023 11:18 AM
Hi Floydoid
Your mailbox password has been compromised and your mailbox has been used to send phishing emails.
Scan all your email devices to remove potential password capturing virus, trojan or other malware. Then upgrade your email password.
Hopefully you'll have pre-registered for password recovery an alternate email address and mobile number. Either can be selected in the password reset process to receive an emailed link or a 6 digit code by mobile text message to authenticate a password change. It's worth checking these Reset details are present and correct and haven't been changed by hackers before you opt to change the password.
Select here: Sign in to TalkTalk Mail
Enter your email address and your email password, select Sign in.
Update your reset details is an option on the main settings menu. That's the cog icon on the top right header.
Also on the menu is All settings and via that is a Security option. That will show you all the devices that are currently signed in to your mailbox. Forcibly sign out any devices that you do not recognise as the currently signed in device you're using.
And whilst there, select Mail from the left panel and scroll down to Rules. Hackers may have set up a Filter Rule or Auto forward to spy on your future emails. Delete all Rules.
Check, update and Save the Reset details if needed, then use the Reset password now button in the help page Changing your email password.
My recommendation is to exceed the minimum required and use a password of 12-15 multicase letters and numbers and a symbol. A new password created from multiple words gives an opportunity to memorise the password that, for security, needs to be unique to the mailbox. The Internet browser that you use for TalkTalk Mail may also offer to generate a secure password and can save the login for you.
Use TalkTalk Online Defence (SuperSafe) to keep your security strong and, as part of TalkTalk's security, is a Password Manager that is useful for generating unique passwords, keeping those passwords secure, ready for your login.
Gondola Community Star 2017-2024
Like below to appreciate my post . . . Mark as solved Accept as Solution