cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

email support

Ask us about your TalkTalk email account and Webmail.

Has my email been compromised?

Floydoid
Chat Champion
Private Message TalkTalk
Message 14 of 14

Hi, I've recently received some rejected emails (not sent by me but using my Tiscali address), apparently associating me with a Halifax banking scam. What can I do about this? I enclose the relevant blurb from one of the rejected mails, with my email redacted for security reasons.

 

--------------------------------------------------------------------------------------------------------------------------------

 

Delivery has failed to these recipients or groups:

heathernotey@hotmail.com
A communication failure occurred during the delivery of this message. Please try to resend the message later. If the problem continues, contact your email admin.

 

 

 

Diagnostic information for administrators:

Generating server: SJ2P221MB1114.NAMP221.PROD.OUTLOOK.COM

heathernotey@hotmail.com
Remote server returned '550 5.5.0 Requested action not taken: mailbox unavailable.'

Original message headers:

Received: from BN9P221CA0020.NAMP221.PROD.OUTLOOK.COM (2603:10b6:408:10a::32)
by SJ2P221MB1114.NAMP221.PROD.OUTLOOK.COM (2603:10b6:a03:544::7) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.20; Thu, 21 Sep
2023 15:57:25 +0000
Received: from BN8NAM11FT059.eop-nam11.prod.protection.outlook.com
(2603:10b6:408:10a:cafe::85) by BN9P221CA0020.outlook.office365.com
(2603:10b6:408:10a::32) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.30 via Frontend
Transport; Thu, 21 Sep 2023 15:57:25 +0000
Authentication-Results: spf=pass (sender IP is 62.24.135.68)
smtp.mailfrom=tiscali.co.uk; dkim=pass (signature was verified)
header.d=tiscali.co.uk;dmarc=pass action=none header.from=tiscali.co.uk;
Received-SPF: Pass (protection.outlook.com: domain of tiscali.co.uk designates
62.24.135.68 as permitted sender) receiver=protection.outlook.com;
client-ip=62.24.135.68; helo=smtp-out-4.talktalk.net; pr=C
Received: from smtp-out-4.talktalk.net (62.24.135.68) by
BN8NAM11FT059.mail.protection.outlook.com (10.13.177.120) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6813.21 via Frontend Transport; Thu, 21 Sep 2023 15:57:24 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:E9499CDA19151104FCAC18D3FF3061CCCC86DC3A2F82B1150CE8CD24B0E8D9AA;UpperCasedChecksum:AA5901F33B3AEC4F79363341336D6FF24F44B00815CFD08C8D2586050C83F637;SizeAsReceived:1293;Count:15
Received: from appsuite-core-mw-groupware-5685f9468-bsc4s ([185.74.64.153])
by smtp.talktalk.net with SMTP
id jM3QqZfgOu8WdjM3QqC5yy; Thu, 21 Sep 2023 16:57:24 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tiscali.co.uk;
s=2105; t=1695311844;
bh=XTHEHApnyOwwk4DIMWIUO8yEHMZXAcXjrJOKDO5sKTI=;
h=Date:From:To:Subject;
b=2LCn9UbzuSXAMlYaDP/vmODhEHbRlLG7l5g2G8mkbnigkD3Q+1oLd7ZObMQcbT6i7
+H5uFFfxc7o+XHAavAhJyyq0FRDr/yHRYQZb6Y0j7OIqDhMZElv5iYf1kK2dtXp5su
C+iG/Pf0/q0MB8xSk1pQROASbJZXxuUXOmUZfpz0=
X-Originating-IP: [185.74.64.153]
Date: Thu, 21 Sep 2023 16:57:24 +0100 (BST)
From: Halifax <my email - redacted>
To: heathernotey@hotmail.com
Message-ID: <842029500.1994882.1695311844397@apps.talktalk.co.uk>
Subject: This is me! - Miss Heather Notley
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_1994881_1767497832.1695311844390"
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v8.16.56
X-Originating-Client: open-xchange-appsuite
X-CMAE-Envelope: MS4wfELeV9HFTio+EOQpnOwVdXmojHCqmwgkmz/3G0wx2F+cCJbSyXwEQ/uoxTlkmbyFEn9pUTzCQ9nBQqnw4ZkNgxx7pue0G8GbbNGYvFrfQUqGrPdBORAP
EtGya06DsH1plO3VHnHoVPvQ727KGCiCyY1FNFfvHwl+wmBPwZlpM0olFhKm4yQZQvjzOj1qf2f6fIaxZtaiZFGd+vXeZNUNW1jRQSwze/4ScSJYq/UdEod/
X-IncomingHeaderCount: 15
Return-Path: [my email redacted]
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM11FT059:EE_|SJ2P221MB1114:EE_
X-MS-Office365-Filtering-Correlation-Id: eb6098a8-9076-4eaf-e1e6-08dbbabb72d6
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 62.24.135.68
X-SID-PRA: [my email redacted]
X-SID-Result: PASS
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?8dLQXWztSw4H5EAftJPvf+4zIRWnvEccrh8TqZDcbNgx914beLeZOGl6Bq//?=
=?us-ascii?Q?ZXejAnjDseB/R4CQaENMTeviwLw5mHcQ8XyvSxl1hs25rA7b35Vbn1cXxFpG?=
=?us-ascii?Q?dqrJlNLFEBLXXY/RBdRZTuSchwgKcd4QK5CnSo8gdfsoWO5ClHV2b4I5jg/X?=
=?us-ascii?Q?kwZ0XbOmHymOS9xWreY71U4O7gooPXMyUSG/tw5c4YLIPGXvtvtSTp3QT/zW?=
=?us-ascii?Q?AD/xvQpvBC1UroxrJhzRNNqar6tvrX+ZzB374E4PNiByF7tNU+Dr9NjMuGnx?=
=?us-ascii?Q?zbwTO0PqQayocTeOMDzUffhT553ymVheL/W7mjDsY5s5M25XVh5D9Rc1niP+?=
=?us-ascii?Q?BtT+Md1uq1ZvGP0IXxis46+ciNeEzwtB4S+Pkhm2w8K+jw/YrYl6z38DfLDj?=
=?us-ascii?Q?GkGief5YLVc8SVqlcq7w31e+0a9u/khiYJ2p7gxZk+Y5zpNV2mB4MT1DRruQ?=
=?us-ascii?Q?AjlKE26XX2LkAUxFBRUXg9eMxXDEiZjAOw6xUwg6wz98/s22JB7MYtX51W18?=
=?us-ascii?Q?bqytya5YYA25Ng4uqRphXsX66ijuvEEK99f9eWCxgzf27ZKqAbuKbiTiLytG?=
=?us-ascii?Q?zonUXNkJzsTHEFHTjWdBJRVyqzq6JEEQQX1vNKnX67A9P/u9QUp1XxZAcEP9?=
=?us-ascii?Q?56vNCgigyyxwsPIAoKTZwc9ItuW0X/mH789fAkcZ2dMA6D09BvDS8hsEIcNS?=
=?us-ascii?Q?batYELP7LASmBYjfTNQt/1dTWxKTzlLB2PRbLquAkHByQzPWIq2XefUBF+2I?=
=?us-ascii?Q?4/u88S3hh6n3ULHvGbc3cdXMQNqRZvwYkhXja8QmaHojEs2jCE1XBn0eLTUm?=
=?us-ascii?Q?yQsRZ7VBjNOAdvpBabP/G+chIOxju8XQcDYZP0u07NLE0iwIXZj086qB7ltG?=
=?us-ascii?Q?nA210ayNrjpVyIJ6toRtTzDYjDQg8vLF9WntRGMqvzxZ3ffaOkMtyxsPf1C0?=
=?us-ascii?Q?gHuRDjVhiDBJxmMjKi/y4Y2mbkSaLkV9bKDt/Khxiq8aubK/s/Cj7Et03QF+?=
=?us-ascii?Q?R52aouTryssqcOXPDLMdJsYvLTgO6NNvSfYRbTCzHeaB3JAq5C1VInRu6NvK?=
=?us-ascii?Q?3FcXkRhmHyKrUArUNptYchsr/IzGIGo7Eu48ROwHeIOt2//hns4=3D?=

 

------------------------------------------------------------------------------------------------------------------------------

 

 

 

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless
0 Likes
13 REPLIES 13

Floydoid
Chat Champion
Private Message TalkTalk
Message 1 of 14

Well a full system virus scan has not turned up any nasties, but it does give a little more peace of mind.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless

Floydoid
Chat Champion
Private Message TalkTalk
Message 2 of 14

I'm pretty tech savvy, but it's nice to be reminded of the basics every once in a while. My PC is generally pretty secure, so a compromise like this is quite rare. I'll also run a virus scan now as a just in case.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless

Message 3 of 14

Thanks for the confirmations. In my first reply I gave my guidance on creating a new secure password. You just need to keep device security up to date and never enter the password on insecure systems or open wi-fi access points that you don't personally control.

 

You should be good from here onwards.

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

0 Likes

Floydoid
Chat Champion
Private Message TalkTalk
Message 4 of 14

I guess this is the peril of using the same email for 15+ years - all the time I've been with Tiscali / TalkTalk.  If push really comes to shove I'll set up a new TT email for all my private stuff, but for now I'll see how things go.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless
0 Likes

Floydoid
Chat Champion
Private Message TalkTalk
Message 5 of 14

My new password bears no resemblance to the old one by the way.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless

Floydoid
Chat Champion
Private Message TalkTalk
Message 6 of 14

I found them in the sent items folder on Thunderbird funnily enough. Hopefully this change of password will do the trick, as my old tiscali email I use mostly for important personal business.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless

Message 7 of 14

Good to know the password upgrade seems to have worked. Clever hackers usually cover their tracks by deleting from the Sent folder and then emptying the Trash.

 

But you said "Sent items" folder. Does that mean your mailbox is not yet upgraded to the new mail platform? My previous advice about the Security setting was applicable only to the new platform as it's a newly introduced security feature for TalkTalk.

 

You said you'd found the Filter rules under the Mail or Email heading in the left panel so if that now indicates you have no rules defined then you can be sure the hackers aren't spying on your mail messages.

 

As you said on another topic that you'd got a phishing email purporting to be from TalkTalk about the mail upgrade do be very wary of anything from TalkTalk because you're going to be targeted.  Keep your device security up to date and regularly scan for viruses, trojans and other malware.

 

TalkTalk do not use any tiscali.co.uk or talktalk.net email addresses for communications nor do they ever ask you to click links to 'Activate', 'Refresh', or 'Update' your account. Never click on any links in emails that you haven't checked first is the best advice I can give.

 

The latest phishing examples are shown below:

 

TalkTalk Mail help

Help with Phishing emails

Report a phishing or spam email

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

Floydoid
Chat Champion
Private Message TalkTalk
Message 8 of 14

I actually found a few rogue sent items in my sent items folder (where I don't normally look) - as if they had come from my account, so they were cleared out earlier, and all seems much quieter now since I've reset my password.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless
0 Likes

Floydoid
Chat Champion
Private Message TalkTalk
Message 9 of 14

I mostly access my mail from the website or Thunderbird on the PC. I did a full scan with Malwarebytes last night as a precaution but it found nothing.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless

Message 10 of 14

OK I've found it now and reset to a more secure p/w - I will also clear out some old message rules.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless

Floydoid
Chat Champion
Private Message TalkTalk
Message 11 of 14

I may be being a bit thick here but I can't see anywhere in Settings to reset.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless
0 Likes

Floydoid
Chat Champion
Private Message TalkTalk
Message 12 of 14

Thanks - I'll give it  try.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
- Douglas Adams, Mostly Harmless

Gondola
Philosopher
Private Message TalkTalk
Message 13 of 14

Hi Floydoid 

 

Your mailbox password has been compromised and your mailbox has been used to send phishing emails. 

 

Scan all your email devices to remove potential password capturing virus, trojan or other malware. Then upgrade your email password. 

 

Hopefully you'll have pre-registered for password recovery an alternate email address and mobile number. Either can be selected in the password reset process to receive an emailed link or a 6 digit code by mobile text message to authenticate a password change. It's worth checking these Reset details are present and correct and haven't been changed by hackers before you opt to change the password. 

 

Select here: Sign in to TalkTalk Mail

 

Enter your email address and your email password, select Sign in.

 

Update your reset details is an option on the main settings menu. That's the cog icon on the top right header.

 

Also on the menu is All settings and via that is a Security option. That will show you all the devices that are currently signed in to your mailbox. Forcibly sign out any devices that you do not recognise as the currently signed in device you're using.

 

And whilst there, select Mail from the left panel and scroll down to Rules. Hackers may have set up a Filter Rule or Auto forward to spy on your future emails. Delete all Rules.

 

Check, update and Save the Reset details if needed, then use the Reset password now button in the help page  Changing your email password.

 

My recommendation is to exceed the minimum required and use a password of 12-15 multicase letters and numbers and a symbol. A new password created from multiple words gives an opportunity to memorise the password that, for security, needs to be unique to the mailbox. The Internet browser that you use for TalkTalk Mail may also offer to generate a secure password and can save the login for you.

 

Use  TalkTalk Online Defence (SuperSafe) to keep your security strong and, as part of TalkTalk's security, is a  Password Manager that is useful for generating unique passwords, keeping those passwords secure, ready for your login.

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution