My email was hacked. Why didn't Norton find this?

Two days ago my email was hacked. I was locked out of my own email and then they got into my Amazon.com account and spent almost $600.00. Luckily I discovered it quick and was able to get Amazon to retreive the package from UPS. They are refunding me and I also had to contact my email account and have my password changed, and I had to cancel my credit card and order a new one.

 

Why didn't Norton discover this? I do automatic scans every week, all my definitions are up to date and I do everything to protect my computer. I have a physical firewall as well as Norton's firewall. I am running Norton Internet Security 2009.

 

After this happened I re-scanned both my desktop and my laptop and Norton found nothing.

 

What gives?

 

Why didn't Norton discover this and block it or warn me?

Also, am I still infected? Who knows.

 

I am really worried that it will happen again now.

 

Please help me with any information that I can use.

 

Steven

Hello Steven and welcome!

 

I am sorry to hear of your problem. You did not mention if you use strictly a web based mail account or an on-board email client.

 

It is possible that your web based mail account was hacked and in that event since it is at your ISP level, Norton could not prevent that. (Nor could any on-board security program.)

 

Let us know some more details about your email account.

 

 

[edit: grammar]

Message Edited by Phil_D on 01-09-2010 02:49 PM

Two days ago my email was hacked. I was locked out of my own email and then they got into my Amazon.com account and spent almost $600.00. Luckily I discovered it quick and was able to get Amazon to retreive the package from UPS. They are refunding me and I also had to contact my email account and have my password changed, and I had to cancel my credit card and order a new one.

 

Why didn't Norton discover this? I do automatic scans every week, all my definitions are up to date and I do everything to protect my computer. I have a physical firewall as well as Norton's firewall. I am running Norton Internet Security 2009.

 

After this happened I re-scanned both my desktop and my laptop and Norton found nothing.

 

What gives?

 

Why didn't Norton discover this and block it or warn me?

Also, am I still infected? Who knows.

 

I am really worried that it will happen again now.

 

Please help me with any information that I can use.

 

Steven

I use Outlook Express, but I also check my mail more often online, using my laptop. So I do both. Why wouldn't Norton find it if I am checking email online? I thought that Norton checks all of my browsing as well as what is downloaded.

Steven

Online email accounts aren't on your computer. No antivirus in the world on your computer can scan what happens on the server where your online email is. That security is up to your email provider.

 

Norton checks your browsing, absolutely, but it can't do anything about what happens on a server far away, no antivirus can. Your account wasn't hacked while you were browsing it, either, was it? Your online email is not stored on your computer, so it can't be scanned by an antivirus on your computer. :)

 

If it was your online email that was hacked, I would suggest you contact that email provider regarding their security measures and what your next step should be to secure your account. 

Message Edited by Bombastus on 01-09-2010 12:11 PM
Message Edited by Bombastus on 01-09-2010 12:13 PM
Message Edited by Bombastus on 01-09-2010 12:15 PM

Hi csblue,

 

Is is likely that your email and Amazon accounts were compromised by means other than someone getting the information directly from your computer. Phishing is probably the most common way that login credentials and credit card numbers are stolen, but there are other possibilities, as well. If you engaged in any online shopping recently it is certainly possible that information you submitted somewhere fell into the wrong hands. The possibility that someone hacked into your computer or installed malware to retrieve personal information is far less likely, but not entirely out of the question. Norton does a very good job of blocking keystroke loggers. So it all depends on the exact method that was employed to steal your information as to whether or not Norton could have directly helped to prevent it.

 

It sounds as if someone may have gotten access to your Amazon account where your credit card and other information was kept on file. It would probably be smart at this point to change your passwords on ALL of your accounts everywhere, if you have not already done so.

Message Edited by SendOfJive on 01-09-2010 12:31 PM
Message Edited by SendOfJive on 01-09-2010 12:33 PM
Message Edited by SendOfJive on 01-09-2010 12:57 PM

Thanks for that information. I am not sure at this point where it was that I was hacked. I do know that I check my email online often. Maybe I'll stop doing that. I will check out that security information also, as you suggested. Meanwhile I am doing a scan with Mallwarebytes as was suggested here also. I hope I have stopped it, whatever it was, and can go forward without any worries.

Thanks for your advice,

Steven

Simply checking your email online should not pose a risk since your login is encrypted (although your messages probably are not).  If you are using the same password for all of your accounts, you should discontinue that practice, as it allows someone who has accessed one of your accounts to then access all of them.

Message Edited by SendOfJive on 01-09-2010 12:42 PM
Message Edited by SendOfJive on 01-09-2010 12:52 PM

Steven,

 

A horrible experience that I'm glad you were able to terminate so quickly. I'm glad to see you are getting plenty of help. One step at a time and you'll be able to determine if your computer itself has been compromised.

 

Certainly change passwords especially for credit cards or banking if you do any of that on line and notify them about it too -- I see you have a new credit card.

 

SendoJive's message   Re: My email was hacked. Why didn't Norton find this?     is really important so do study it.

 

Most frequently if something goes wrong through our email account it is because we ourselves have done something, often inadvertently, that gave the access to our computer and that is something that it can be difficult if not impossible for security software to stop without stopping us from using the computer altogether!

 

I won't go into all the details here but I described earlier today how I downloaded a free utility from a safe site (Norton OK'd it) and checked the file with Norton and Malwarebytes and it was OK and installed it and it checked out OK again when I scanned the drive and then when I went to activate it all hell broke loose with alarms from Norton about Trojans ..... which was because behind the activation which was in itself harmless were some options that you had to opt out of that authorized them to access your computer "to check if updates were needed for any of your software" and even if that were legitimate it is just the type of action that a trojan will do in the background but for nasty reasons.

 

When I checked the home website of the utility, not the site I downloaded it from, I got all sorts of warnings from Norton about malware and trojans!

 

Luckily I did all that on a second, testbed computer that is off most of the time but I must remember to go back and do a full system scan on it just in case ....

Hi

 

Passwords should also be changed frequently and make up difficult passwords to figure out using a combination of different types of keys as allowed by the site.

Thanks everyone for your help so far. I just finished the Malwarebytes scan on my laptop and it came up with one malicious culprit:

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoActiveDesktopChanges

 (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

 

I don't know anything about the above file or program, but it is deleted now. I am still scanning my desktop. It will take several more hours, as it is huge. So far Malwarebytes has found eight items on it. I don't think I can check on what they are until the scan is complete. Yes, I am guilty of using the same password in many places and I have had the same password for many years. I guess it was just a matter of time before something happened. I will change them all now and definitely more often. The thing is keeping track of them. I keep a log on my computer, so maybe I need to encrypt that or password protect it or something. Any suggestions?

Thanks again,

Steven

Message Edited by csblue on 01-09-2010 03:13 PM

csblue wrote:

 

The thing is keeping track of them. I keep a log on my computer, so maybe I need to encrypt that or password protect it or something. Any suggestions?


The Identity Safe Feature in your NIS program was designed just for this purpose. It will keep track of your log-in names and passwords for individual websites and auto fill those fields for you.

 

Norton stores this as encrypted data, but you can view the information whenever you wish.

 

It might be worth trying that.

 

[edit: grammar]

Message Edited by Phil_D on 01-09-2010 06:25 PM

Hi

 

There really is nothing wrong with the old fashion way of writing them down and keeping them in a safe and secret place also, that is if you remember where you put them. That reminds me of my mom who is now gone. She used to hide her jewelry in the house and then drove us crazy having to help her find them.

 

My son who has N360 told me he bought a separate program that keeps track of all his passwords.

Hi

 


Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\Explorer\NoActiveDesktopChanges

 (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.


As I just saw this in the Malwarebytes Forum, the above means this


All this indicates is that the ability to make changes to active desktop is disabled and MBAM is attempting to enable it


 

As can be seen in this thread in the Malwarebytes Forum

 

http://www.malwarebytes.org/forums/index.php?showtopic=12349


Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion<BR />Policies\Explorer\NoActiveDesktopChanges

 (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.”

 

MBAM reports this on  64-bit Windows. It’s not caused by malware and is not harmful in any way. You can safely restore the quarantined item and ignore it in the future.

 

http://www.malwarebytes.org/forums/index.php?showtopic=12349

 

Edit: great minds think alike. :stuck_out_tongue:

Message Edited by Bombastus on 01-09-2010 03:32 PM

lol:womanwink:


floplot wrote:

Hi

 

There really is nothing wrong with the old fashion way of writing them down and keeping them in a safe and secret place also, that is if you remember where you put them. That reminds me of my mom who is now gone. She used to hide her jewelry in the house and then drove us crazy having to help her find them.

 

My son who has N360 told me he bought a separate program that keeps track of all his passwords.


There is a great strategy for handling written passwords.  Offset all digits by one.

 

For example, suppose your random password is:  0ah78k9.

You would write down:  1ah89k0.

 

Because it is the same strategy for all your passwords, it is easy for you to remember.  Because the passwords are themselves random, it would be almost impossible for anyone with access to your list to know how to decipher them.

 

There are almost an infinite number of strategies.  Offset digits up by two or down by two.  Offset even digits up one and odd digits down one.  Offset letters up one and numbers down one, then write in reverse.

 

If you were doing this to a non-random password, it could eventually be worked out.  For example, computer programs could return KFGG to JEFF without too much difficulty.  But since the original password is random, no amount of shuffling is going to expose the password to anything recognizable.

 

And now that you got the idea, there are other ways to play with this that will further disguise your password, but which are so simple you could easily remember them.

 

Another good practice is to use user names when a website offers that option instead of account numbers or email address.  And your user name should have no similarity to your email address.  Most such sites lock down when a user attempts to access them via their user name with too many tries.  You can then be notified at your email address what to do next.

 

Keep in mind that your email account MUST be the most secure of all accounts.  Why?  Because it is via your email account that other accounts settle problems.  If someone has hacked your email account, all they need to do to get access to your credit card account is provide the email address and request that it be reset by sending a response to your email account.  Best practice is to have at least two email addresses, one for every day communication and the other(s) solely for online financial sites.  The addresses should be dissimilar.  That way no one would have a clue how to access your Visa or Mastercard account.

 

Sidebar:

 

I wish all websites would follow a similar but more effective strategy:

1.  You get a user name which, with a password, is your sole means of logging on.

2.  You supply two email addresses (or one email address and a phone number with a related verbal or keypad password).

3.  Anytime someone makes too many unsuccessful log-on attempts, the account is locked.

4.  To unlock an account, the you use your primary password to make the request.

5.  The unlock steps are sent to tyour secondary email address or retrieved by calling in from the phone number of record and providing the related password, either verbally or from the keypad.

 

This strategy would protect about 99.99% of all accounts.  It would take almost a spy agency to get all these things in order (and it have to happen before you noticed what was going on).  Since we are talking about blocking web-based hostile forces, you can be confident that your accounts are safe.

 

 

Message Edited by mijcar on 01-09-2010 06:00 PM

I'm trying the identity safe to see how it works. It looks like it's a good program.

Thanks.

Phil,

 

I've not used Identity Safe up until now and like someone else here have used a third party encrypted utility to keep Passwords etc in but when I finally set up Windows 7 for daily use for both my users Identity Safe could be good if it keeps each user separate? Does it do that?

 

I ask because the rest of NIS is effectively user independent, except I suppose for antispam lists?

Yes, each Identity Safe user profile is independent.

 

The currently logged on user can only use, view or manage their own profile.