Am I Under Attack?

Avatar Rick Churchill
I have several email accounts. Until recently I had a different account for each device plus one for eBay, one for purchases and societies and one for friends.

The one for purchases I had used to buy games for my PC games machine form a company called Steam. My Steam password kept being reset and I had to re-establish control by emailing copies of games invoices and began to suspect that my email password had been compromised so reset that email password. No illegal purchases of games through the link to PayPal had occurred.

On 24th December I had an email from Amazon asking me to review an item I had not purchased. I changed both the email account password and then the email account associated with Amazon purchases. Incidentally the new email account (but not it's password) was announced to both the new and old email accounts. No illegal purchases were made through the link to my credit card including the item for which the review was made. (This may have been just a mistake by Amazon but there was no feedback from my email to Amazon's [undisclosed email])

In January when I found that two emails which I had not made had been returned as undeliverable from each of two email accounts which I had used for my iPhone and iPad. I deleted those accounts from my internet provider, talktalk.

I returned yesterday from holiday to find that I had 1300 "new" emails. These are copies of emails already received. I looked on the website and saw that I have 2220 emails in one account and 1568 emails in another (all read). The website keeps no record of any that I send.

1) I would like to see if my remaining email accounts have been used to send emails. Is there any way of finding this information?

2) I have POP3 accounts and in preferences I have "Remove from server after downloading message" unticked. I intend to delete all emails from the website inbox so that this does not happen again. Is there anything I should do before I carry this out?

3) Yahoo state that with POP accounts the message is removed after downloading whereas IMAC accounts leave the message on the server and is read by logging in to the website from any device. Should I change from POP3 to IMAC? I am reluctant to do this because I have to have internet access at all times to be able to read emails and on my phone sometimes I don't have that or I want to minimise my data download.

Re: Am I Under Attack?

Avatar Mick Burrell
I'll have too many questions for you to try to unravel this on here but can I phone you between 9:30 and 12:00 tomorrow? (Don't put your number on this forum - Email me the best number to use. My email is on the contact page).

I don't understand this bit:

Incidentally the new email account (but not it's password) was announced to both the new and old email accounts.

Oh, and if you've now changed the email address you previously put on your profile on this site, do update it if you want to receive the bulletin.

Re: Am I Under Attack?

Avatar Tony Still
Mick is the man to help you resolve this so just a couple of thoughts from me:
The Amazon E-Mail to both old and new accounts is a common security practice. If it wasn't you that had changed the address then you would have been pleased to be alerted to it on the old (ie genuine) account.

Many historic messages appearing on an account is something I have seen a number of times (on my own and others' accounts); I guess that it's symptomatic of an account reset and demonstrates that nothing gets truly deleted in this modern world. I think it's quite naughty personally, if the account is set to delete messages then it should do so, not just 'hide' them.

Have you considered moving away from TalkTalk? It is not obvious that they are competent.

Re: Am I Under Attack?

Avatar Rick Churchill
Many thanks to Mike Burrell for spending some time discussing my email accounts today.

He thought that the anomalies on my email accounts could be just errors in the system rather than someone compromising my accounts but obviously I will continue to be vigilant.

We talked about the various options of using POP3 and IMAP (not IMAC - a typo used above) and suggested improvements to the way I operate my email accounts. Up until now I have had separate email addresses for each device but in future I will access some of my accounts from more than one device. If I were to use POP3 (where a copy of the email from the server is downloaded to a device) rather than with IMAP (where the device refers to it on the website whenever it needs to be read), he suggested that one of my devices, probably the main computer, be set to delete the email from the server after a set period of time. This is in Mail >Preferences > Accounts >Account Information.

He noted that my Port Setting for Incoming Mail is 995 rather than the expected 110. Mail >Preferences > Accounts >Server Settings > Untick "Automatically manage connection settings" will reveal the Port number.

I cannot remember why I had this set to 995 which Mick and Talktalk agree is for IMAP but I dimly remember mucking about with Port Settings when I migrated to the Mac some years ago after reading various articles. For the moment I have left this alone to see if new mail is deleted from the server after being downloaded/read. I'll then set this to 110 later and report if there is any change.