Home » News » Disused email accounts vulnerable to hacking by spammers

Disused email accounts vulnerable to hacking by spammers

Disused email accounts vulnerable to hacking by spammers

Wednesday, 13 March, 2019

A former TalkTalk customer has found her contacts being bombarded with spam from her old TalkTalk email account, despite closing it down eight years ago. To make matters worse, the broadband provider’s customer service team initially refused to delete the email address – because she was no longer a customer.

The ex-customer found herself in a bureaucratic nightmare, after friends contacted her and said they were being bombarded with spam from her old email address. It seems the hackers were able to harvest the contents of her address book once they had accessed her defunct account.

Coming from her old account, the emails looked genuine at first glance. In some cases they even contained a subject line from her previous real emails. It was discovered the fake emails contained a disguised hyperlink to an infected file.

After getting her old account details she found she was able to log back on, which in itself indicated that her password had been taken over by the spammers. But, while she could log on, she could not change the password. To do so she needed to log into another TalkTalk account portal, but, of course, couldn’t because she was no longer a customer.

Instead TalkTalk demanded two separate proofs of her identity before they would even talk to her. This is despite the fact that sending forms of ID to a company you have no formal relationship or contract with, especially to a company where hackers may have attacked, is not recommended.

Gaining access to email accounts is highly prized among spammers and hackers. Sending attachments to a recent email conversation is one of the major means to get around anti-phishing measures.

Of course, advice is to never open unsolicited attachments unless you know the sender and are expecting their email. In this particular case those receiving the email knew the sender but obviously weren’t expecting anything.

In an update, it seems that after the case became public TalkTalk issued a statement saying they were sorry for the inconvenience she experienced, and her old email address has now been removed. A happy ending indeed.

Tim Bamford author picture

By:

Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.

News What's the story?

Keep up with the latest developments in UK broadband.

The biggest malware threats of 2020…so far

It’s been a year few of us will forget in a hurry. As the end of June approaches, we review the biggest malware threats of 2020 so far

The biggest malware threats of 2020…so farThe biggest malware threats of 2020…so far Read more

Instagram could become the main news source for young people.

Reuters finds changes in the way younger users consume the news.

Read more

BT launches second line service

BT launches second broadband home line service for the new crop of home workers.

Read more

Best broadband areas for online gaming in the UK.

Read more

Help Learn with us

Make the most of the internet with our broadband library.

How to check if your broadband is down

It might seem obvious that an outage has occurred, but there are easy ways to check if your broadband is down, or whether the problem is more localised

How to check if your broadband is downHow to check if your broadband is down Read more

A guide to Big Tech alternatives.

It seems like we’re reliant on a small group of companies, are there alternatives?

Read more

Quick tips for boosting home broadband speed

Boosting speed can transform activities like streaming, gaming and accessing cloud storage

Read more

What’s the difference between hardware, firmware and software?

Read more