Blocked email

Email setup and troubleshooting
Post Reply
ercatli
Posts: 103
Joined: Thu Apr 13, 2006 9:14 am
Location: Sydney
Contact:

Blocked email

Post by ercatli » Wed Dec 13, 2017 5:46 pm

HI, I have had one of my email accounts blocked. After advice from the support team I think I have dealt with the problem, but I thought I would ask a few questions and make a few comments here please.

1. I have (or had until today) 7 different email accounts with Exetel. One of them was blocked about 6 weeks ago, but because it was one I was using only rarely (and thinking of closing down) I didn't notice until recently. I was told the account had been sending out Spam emails. Since I definitely wasn't doing this, someone else must have been. Are you able to explain please, or refer me to a web page, how this might have occurred? Does it infer I have a virus on my home computer, or did someone guess my email password?

2.It would be helpful if, when this occurs (which I understand is common), we could receive an automatically generated email, rather spend time trying to reset the password, etc, and only finding out the account is blocked after some time.

3. When I was advised by residential Support that the account was blocked, I was referred to the Exetel Spam Block page, which suggested I download software via two links. Both links were to download .exe files, which are also used by malware sites, and I have been told that I should never click on a link that loads a .exe file. This was disconcerting, so I was fearful that the page was itself malware imitating Exetel, and I had to ring Support to check the page was safe.

4. Since I use a Mac, these files would be useless anyway. Do you have any recommendations about equivalent software for Mac users please?

5. Since the account was hardly used now, I deleted it from my member services page and from my email client. Will this be enough to be safe again now?

Thank you for your help.

User avatar
Dazzled
Volunteer Site Admin
Posts: 6002
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Blocked email

Post by Dazzled » Wed Dec 13, 2017 9:58 pm

Malwarebytes does have a Mac version, which may be useful.

Somehow you have let out the password to your address. Have you used the email account at some public wifi or similar location? To receive POP email requires the password, and also the email address, both being sent unencrypted, and this can be eavesdropped. Don't use this password for other accounts to be sure. Webmail uses https communication, and I'd use that when out.

User avatar
nilushid
Exetel Staff
Posts: 534
Joined: Tue Jan 10, 2017 2:18 pm
Location: sydney

Re: Blocked email

Post by nilushid » Wed Dec 13, 2017 10:05 pm

ercatli wrote:
1. I have (or had until today) 7 different email accounts with Exetel. One of them was blocked about 6 weeks ago, but because it was one I was using only rarely (and thinking of closing down) I didn't notice until recently. I was told the account had been sending out Spam emails. Since I definitely wasn't doing this, someone else must have been. Are you able to explain please, or refer me to a web page, how this might have occurred? Does it infer I have a virus on my home computer, or did someone guess my email password?
We can only detect the spams or the dos attracts which are coming from your email address. These spams can occur due to many reason (Eg Virus on the devices, security compromise etc). Therefore it is better to make your devices secure by updating the virus guard and keeping strong passwords for your accounts

ercatli wrote:2.It would be helpful if, when this occurs (which I understand is common), we could receive an automatically generated email, rather spend time trying to reset the password, etc, and only finding out the account is blocked after some time.
Our developers is currently working on this and will be activated for the exemail customers in the near future

ercatli wrote:3. When I was advised by residential Support that the account was blocked, I was referred to the Exetel Spam Block page, which suggested I download software via two links. Both links were to download .exe files, which are also used by malware sites, and I have been told that I should never click on a link that loads a .exe file. This was disconcerting, so I was fearful that the page was itself malware imitating Exetel, and I had to ring Support to check the page was safe.
Those two links were given for you to download the application to run a virus scan on the devices to identify any harmful applications or virus. But if you have your own protection software you can use them to identify any virus in your devices

ercatli wrote:4. Since I use a Mac, these files would be useless anyway. Do you have any recommendations about equivalent software for Mac users please?
You can contact apple support to get recommended software for Mac devices

ercatli wrote:5. Since the account was hardly used now, I deleted it from my member services page and from my email client. Will this be enough to be safe again now?
If you deleted the email account it will stop the spam emails which were coming to your email server. However, It is better if you could make sure to secure your end anyway for other applications you are using.

ercatli
Posts: 103
Joined: Thu Apr 13, 2006 9:14 am
Location: Sydney
Contact:

Re: Blocked email

Post by ercatli » Thu Dec 14, 2017 9:55 am

Thanks for advice.
Have you used the email account at some public wifi or similar location? To receive POP email requires the password, and also the email address, both being sent unencrypted, and this can be eavesdropped.
I don't commonly do this. I don't use a mobile phone for emails or web (just phone calls and text), but I have used Wifi at accommodation and a public Council service while on holidays, so maybe that was it.
We can only detect the spams or the dos attracts which are coming from your email address. These spams can occur due to many reason (Eg Virus on the devices, security compromise etc). Therefore it is better to make your devices secure by updating the virus guard and keeping strong passwords for your accounts
I have never had a problem like this ever before, but I downloaded AVG for Mac and scanned my computer. It found 7 "threats".
  • Two were attachments to an email, both .exe files that I presume wouldn't work on my Mac.
  • Four were php files all labelled as "PHP:Agent-PF [Trj]'. I know php files are commonly used on the web, and I wonder whether [Trj] means "trojan", but otherwise I have no idea what these were.
  • One said "1 infection in archive" and I have no idea what that means either.
So I quarantined them all anyway.

So I guess that's that. But I'd still be interested to understand better what all this means. Is there any page you know that would help me? Thanks.

User avatar
Dazzled
Volunteer Site Admin
Posts: 6002
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Blocked email

Post by Dazzled » Thu Dec 14, 2017 10:21 am

,exe normally indicates a Win executable, but may also be something else on other systems.

Look up Easy Doc Converter for an idea about getting a mini-php process running onto your system. What can happen is that malware picked up from unsafe software or wherever, like a short script, can put together a system that operates online without your knowledge. Eg, https://nakedsecurity.sophos.com/2016/0 ... -dark-web/ or https://blog.comodo.com/comodo-news/bac ... -mac-os-x/ or http://fortune.com/2016/07/06/mac-malware-backdoor-app/

This may not be what happened to you, it appears to be uncommon, but it shows how a trojan can get built.

ercatli
Posts: 103
Joined: Thu Apr 13, 2006 9:14 am
Location: Sydney
Contact:

Re: Blocked email

Post by ercatli » Thu Dec 14, 2017 7:23 pm

Those links are a good warning. Thanks.

Post Reply