Talk Talk Mailbox (After Security Breach)

[Anonymous]

A relative of mine still utilises his  old Talk Talk mailbox even after the BIG security breach some years ago.  His mailbox is sent lots of suspicious e mails with dodgy attachments.

Ive suggested that we create a new Talk Talk mailbox but it’s not an option he wants to take up as he requires it for his business leads.

Ive contacted Talk Talk about this mailbox and their irresponsible response was “you can use and access this mailbox at your ow risk as these old accounts were orphaned out” I replied with exactly what does that mean?  Talk Talk did not reply,

If he wants to keep this mailbox what’s the best way to sift and remove all the suspicious viral, malware, spam and possible Ransomware that could be waiting to be clicked on within the mailbox?

I have heard of sandbox, maybes I could manually remove them from his mailbox and prevent or block them from returning to appear once again after their removal?

Please, can anyone help with advice,

My post/thread is aimed at Windows Security but if anyone can help that would be great.

Cheers

[The Duke]

I’d recommend he migrates from it. Just keep it another 6 months if need be. But answer email form a new service. I’d say Gmail. If he doesn’t like Google, GMX mail.

Also if TT mail is so compromised, he may find alot of his sent email just goes to spam boxes.

Also if I delete with his or any, company and started to get spam from the address, I’d delete his a dress from my contacts and add it to the spam filter. So having a comprised service will be bad for his business longterm.

Migrating an email is far easier in practice than it sound.

He should move. Google offers the best webmail service bar non.

[Anonymous]

Thank you for your response.  Is there a video that I could show my relative just about every plausible threat there is to e mail and after it’s been labelled as “Orphaned out” by Talk Talk as I know a little about virus attachments and spam malware threats but not enough to say I know how to explain threats to his mailbox.

Ive got to create a strong argument to get him to migrate to gmail.  He’s as stubborn as old boots but quite frankly doesn’t understand IT Secuity Concepts enough to realise the great concern.

I have never migrated a mailbox before what’s involved and I will do this once he is agreed with me this urgent cause of action that’s required.

I will need the e mail settings from Talk Talk first.

I would suggest that you clever guys have a thread dedicated to mailbox exploitation given the facts and events surrounding the NHS Ransomware cyber attack.

Everything about minimising the affects of e mail attacks how do they start? From a click and what happens there after.

How we can all check and do our utmost to provide a line of defence against hackers be it small or large numbers like a country.

Thanks guys, great website and it was a great shame Micro Mart is no longer something I can buy once a fortnight or month

???

[JayCeeDee]

I get a lot of dross from my ( historic ) AOL account, but there are loads of sites that have it as the log on ID. I just have my Gmail account set to check all mail from AOL, and use either Thunderbird or a browser tab to view it. In the browser tab, in Gmail, I can monitor any junk or spam and either delete it manually or let Gmail do it after 30 days. Once a month I log in to AOL and check for anything wrongly sent to Junk/Spam ( very rare ) and delete it all from that folder.

A bit more time-consuming than it needs to be, but no real biggie!! It works. :good:  As the Duke says though, send all new o/g mail from a new service.

[Anonymous]

The thing is he has hundreds of e mail that is sitting in his mailbox and would need to sifted and remove the suspicion e mails from his inbox and other folders.

I have heard of sandbox.  If I accessed sandbox and removed the virus e mails would that work as that way I would be protected from  the threats from within the e mails itself.

How do I migrate his Talk Talk mailbox to gmail?

What would I need to do?

Please help

[Dave Rice]

Here’s an explanation I found about orphaned accounts and it’s not good. “If you are not an active TalkTalk customer, then your account is “orphaned” – it goes on working but you can’t manage it, which means you can’t change the password or delete the account.”

You set up his new gmail account and then Choose settings (top right hand corner), Select ‘Accounts and Import’, Select ‘Import Mail and Contacts’.

You’ll need the TT email account & password and mail server details from https://help2.talktalk.co.uk/email-settings-imap-pop3

That will import all emails and also get any new mail sent to his TT address, but Gmail will not check them for spam. As far as viruses go, just do not click on any link whatsoever.

[Anonymous]

I thank you all for your help.  I will contact Talk Talk because it’s vital he keeps his mailbox

I do find it staggering that there’s not enough info or support from Talk Talk about Orphaned accounts since the big secuity breach.

The bad news is though I will have to sift through the suspicious e mails one by one and by that I will have to look at from where the e mail is from the subject and to whom,  it’s going to be painful.

I wish some one or company produced an e mail sifter where you could just click check once and then all the suspicious e mail was removed blocked and reported on one go.

Once again thank you guys

??

[Dave Rice]

I can’t see how it’s vital that he keeps the email address and I’ll bet TalkTalk will not do a thing. If someone insists on using a compromised account they’ll get what they deserve.

Just as well he isn’t an Orange customer, their email service is closing completely at the end of May.

[Bob Williams]

Dave Rice wrote:

I can’t see how it’s vital that he keeps the email address and I’ll bet TalkTalk will not do a thing. If someone insists on using a compromised account they’ll get what they deserve. Just as well he isn’t an Orange customer, their email service is closing completely at the end of May.

Something that I am trying to tell my daughter, who still has the fsmail address from before Orange taking over Freeserve. She has the attitude that “tomorrow is always soon enough”. Drives me and her network engineer son mad, she won’t let either of us near her laptop. Until… well, you can guess the rest. I am carrying out a guerilla raid by employing gdaughter to nag mum.

When the Thought Police arrive at your door, think -
I'm out.

[Richard]

I have been going through a migration for the past couple of months as a result of the Orange abandonment. The biggest issue is all the long established relationships yourhad which only produce a contact every few months. I am sure that I have a few which have been missed, on the other hand there are some that I cannot be bothered to sort out. Then there are the scammers who have been having a field day since Orange decided to give up. For some reason their main activity is pushing dubious diet pills. Another pest sends a few mails a day straight to my junk mail bucket. Ah so soon to become history.

As for the original enquiry my feeling is why bother with someone who has no regard for what they think of as their business? If they are so cavalier in the face of clearly established risks to the business, what other stupidities are they also harbouring? The old address is clearly rubbish, possibly due to bad business practises as much as to anything else.

Do not try to help them, they are beyond help, but when they inevitably fail, your involvement will ensure you will be seen as the cause of their problem. Run away while you still can.

[Anonymous]

Just one final point I would like to make please guys.

If I bought a Blackberry Classic and got the settings and accessed the e mails that way would that work?

I know they are a fading technology but Blackberry are known for their encryption which would probably stop the phishing e nails of all variants?

[The Duke]

First thing he should do is change the password, that’s a given. The copy all his contacts to another service.  very easy, find export to csv then got to Gmail and import the Csv file. That will put all his contacts in the new contact book.

Them delete all contacts out of the TT mail. At least that way, if breached again if has no address to send out crap to customers etc.

Then just keep the TT mail going as an inbox, and as each person is email him, answer it from the new Gmail.  explain in the first responce that this is the new company  address and they should update their records.

He can proactively batch send an email to all at Fort telling them to update the address, but most won’t do it /forget until they need to speak to you. So then do the first reply method.

Given the old TT web mail won’t have any contacts in it, it’s relativly benign and safe. So even if it takes a year untill people stop sending its fine.

Also tell him to send the received email to his Gmail account, either manually or automatically (via auto forwarding), but keep deleting the originals out of the TT account.

 

Hope that all makes sense.

 

But I’d have to agree with richard above, I wouldn’t try to hard to convince him, as if he follows your advice, and his business tanks, he’ll most likely blame you.

[Dave Rice]

He can’t change the password, the account has been orphaned i.e. TT have disowned it. If it’s been compromised it’ll stay compromised.

If this is a business email you cannot run a business from a compromised account, that’s sheer madness. Yes changing a business email is a PITA but with some planning it’s not exactly difficult. The charity I look after (20 users) had to do it in an emergency when they lost control of their domain (long story involving a dismissal) so didn’t even have the old addresses to either send or receive.

In the Gmail import settings you should have the option to delete the mail from TT as soon as it’s been imported. There’s probably a tick box that says “leave mail on server” which you would untick.

re your worry about “infected” emails. Just opening an email isn’t going to trigger anything, the virus would be in an attached file or they will try and get you to click on a link. Google will scan all email attachments for viruses as the emails are received. Your antivirus will scan an attachment as soon as you open it. The links are easy, never ever click one unless you are 100% sure of it’s provenance. So no, you don’t need a Blackberry and encryption wouldn’t help any way. The fact it’s not Windows would mean nothing could run.

You are right to be cautious but avoiding clicking links, routing the email through Google and running a decent AV with a “safe browsing” type browser add-in is about as paranoid as you need get. Do the tidy up Steve suggested of the old TT account and plan to stop using it from Day One for sending and to stop importing the emails from say 3 months time.

[Anonymous]

WOW, amazing advice again. I contacted Talk Talk and all they said was that they would upgrade his mailbox or update it so it’s running on the new exchange.  The advisor was vague and relaying the info back from their so called technical department.  Then they said that he could use the Orphaned but updated mailbox but at his own risk.  More or less their disclaimer.

I do see the urgency about the mailbox being compromised.  The phishing e mails still keep arriving but are not as many as what was 100’s.

I insisted on the upgrade or new e mail roll out, yes I know it wasn’t explained in detail what exactly Talk Talk would do.

I can see a great plan of action coming into place and hopefully his mailbox if it’s retained or shelved after forwarding on to new gmail will be in a better place.

A big thanks

 

 

[The Duke]

First thing, get all the contacts out of it.

[Author]

Posts