Advice for possible email leak

I

image132

Expert Member
Joined
Apr 3, 2010
Messages
1,437
Reaction score
333
Location
Cape Town
I've recently received two account sign ups for websites I did not sign up for using my email address. One is for some kind of hosting/learning website and another for a casino/online gambling website.

I have tried emailing the first website to tell them to delete my profile and information as it was created fraudulently and without my permission but I was promptly ignored. I have also changed my email password multiple times and since then this new signup for this gambling website has occurred.

I'm at a loss for how these people are able to confirm signup without access to my email address. Does anyone have any advice for me as I'd really really like to not have to burn this email as I've had it for a long time.

Any advice on what to do next would be appreciated.

-Image
 
They already have a keylogger on your system - that's how they knew what the new password was, see?

Try and change the password again but use a different device this time.
 
Please tell me you don't have an @mweb.co.za or @telkom.x email account ;-)

If you have changed your password then the only other place they can access is on your mailserver - where is your email hosted?
 
OCP said:
Please tell me you don't have an @mweb.co.za or @telkom.x email account ;-)

If you have changed your password then the only other place they can access is on your mailserver - where is your email hosted?
Click to expand...
Of topic ...

Was with Mweb way back in the day, cancelled when I got fibre on the previous decade.

Even though I cancelled with Mweb, my Mweb email address is still active. As my Gmail was popping my Mweb email, I still receive emails sent to my Mweb account because Gmail still continues to pop from Mweb
 
  • Haha
Reactions: OCP
image132 said:
I've recently received two account sign ups for websites I did not sign up for using my email address. One is for some kind of hosting/learning website and another for a casino/online gambling website.

I have tried emailing the first website to tell them to delete my profile and information as it was created fraudulently and without my permission but I was promptly ignored. I have also changed my email password multiple times and since then this new signup for this gambling website has occurred.

I'm at a loss for how these people are able to confirm signup without access to my email address. Does anyone have any advice for me as I'd really really like to not have to burn this email as I've had it for a long time.

Any advice on what to do next would be appreciated.

-Image
Click to expand...
You sure these were not phishing mails trying to get your details?

Also are these confirmation mails that a account was created or, asking you to click on a link to confirm your email.

Check the email headers/DMARC info to see if they really originated from the email domain owned by the website.

Lastly do you have 2FA on your email account? In no, then you need to set it up asap. If your email provider does not support 2FA then it's time to move.
 
DapperDanMan said:
They already have a keylogger on your system - that's how they knew what the new password was, see?

Try and change the password again but use a different device this time.
Click to expand...
I've formatted my laptop too but I'll try this just in case. The weird part is I don't receive the request email (the one that usually has the link) to confirm my account on my email. Just the one after that step.
OCP said:
Please tell me you don't have an @mweb.co.za or @telkom.x email account ;-)

If you have changed your password then the only other place they can access is on your mailserver - where is your email hosted?
Click to expand...
No its gmail
gregmcc said:
You sure these were not phishing mails trying to get your details?

Also are these confirmation mails that a account was created or, asking you to click on a link to confirm your email.

Check the email headers/DMARC info to see if they really originated from the email domain owned by the website.

Lastly do you have 2FA on your email account? In no, then you need to set it up asap. If your email provider does not support 2FA then it's time to move.
Click to expand...
No, I'm highly suspect of anything sent to me that I don't recognize and never log into anything via email. I use gmail, I know they support 2fa but last time I tried to set it up it was a pain in the backside. What are the good options for 2fa?
 
image132 said:
No, I'm highly suspect of anything sent to me that I don't recognize and never log into anything via email. I use gmail, I know they support 2fa but last time I tried to set it up it was a pain in the backside. What are the good options for 2fa?
Click to expand...
Unfortunately 2fa and any other effective security measures are often a pain in the backside but they are one of the most effective ways to stop an funny business.
image132 said:
What are the good options for 2fa?
Click to expand...
What works best for you, I think SMS is an option with Gmail, also authenticator app but just make sure you have back up codes as the app is often unforgiving.
 
DapperDanMan said:
They already have a keylogger on your system - that's how they knew what the new password was, see?

Try and change the password again but use a different device this time.
Click to expand...

OR they enabled 2FA with a phone in their possession and are resetting that way.
 
killerbyte said:
Go to the website, tell it you forgot your password, reset the password, login to the account and delete the account.
Click to expand...
I don't exactly want to be giving websites I don't know any more information than they already have let alone logging into them or clicking links from them.
 
Alright thanks everyone. I've changed the password again using an ipad (different device, different OS) and enabled 2fa with my phone for the account.

Google account management doesn't show any unknown devices connected to the account so I still don't understand how this is being done. Thanks for your advice, now I wait and hope.
 
Just sent it to Spam and forget about it.

They likely aren’t doing any verification until you want to use money.
 
image132 said:
I don't exactly want to be giving websites I don't know any more information than they already have let alone logging into them or clicking links from them.
Click to expand...
I give fake details for 90% of the websites I join. It's not an exam you have to pass.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X