Grey arrow next to message / hacked?

[Demon_114]

Dear all,

I have several accounts with Thunderbird. This morning I sent an e-mail from X account to Y account. The e-mail which arrived in Y account had a grey right-facing arrow stating that the correspondent was Y (although X sent it).

I then sent an e-mail from Y account to X account. The e-mail which arrived in X account had a grey right-facing arrow stating that the correspondent was X (although Y sent it).

I have never had this before. Normally, if I sent an e-mail from X account to Y account, when it arrives in Y account it should say that it is from X.

What is worrying is that I have recently received e-mails in both accounts stating that I have been hacked and that I should make a bitcoin payment. So for example, in X account, I receive an e-mail with a right-facing arrow with X as correspondent stating that I have been hacked. I have changed my passwords but this problem keeps on occurring. My web technician has told me to ignore and delete these e-mails.

I would be grateful if someone could explain what is happening and what I should do.

Many thanks,

[kerft]

Emails asking for bitcoin payments are a recent common spam. Although the email makes it try to sound like it is directed to you it is actually sent in bulk like typical spam. You will note that they do not even use your name. These are no more or less malicious than any other spam - in other words, if Thunderbird is set to not load html or remote content and you don't follow the links or save or run the attachments, you are safe. Or if Thunderbird is showing html or remote content, but the email is not exploiting a security flaw in Thunderbird, then you would still be safe.
I don't know about the correspondent arrows, but, if you view the headers of the mail sent from X, is it actually sent from X or does it say it was sent via the server of Y?

[tanstaafl]

See http://kb.mozillazine.org/Posting_a_scr ... _the_forum if you want to post a screen shot

Good advice from the web technician (ignore the email).

Its trivial to spoof the From: header. If you want to see who really sent it use view -> message source or control-U and look at the chain of Received: / Received-SPF: headers. Unfortunately that can take some work to comprehend. However, some email providers also add custom headers such as X-Spam-source: or X-Mail-from: that identify where the mail really came from.

If they mention you by name they probably took your password from a publicly available database of old leaked passwords and email addresses. See https://krebsonsecurity.com/2018/07/sex ... passwords/ for one of the more recent variations of that type of scam.

[Demon_114]

Thank you both for the quick reply.

Kerft - Since I use the same server for both addresses, the source code is showing that it was indeed sent from X to Y passing through the same server. The issue remains why is there a grey arrow showing the correspondent as Y (when it came from X)? Also, thanks for the tips. How can I tell that Thunderbird is set not to load html? At present, it is set not to load remote content.

Tanstaafl - Thanks. I checked out the source code for the fake e-mails (i.e. where they ask for a bitcoin payment) and the IP address appears to be located in India. However, this still leaves me with the issue of why, if I have sent an e-mail from X to Y, it is showing up with a grey arrow stating that it has come from Y.

I have uploaded the image of the grey arrow to Dropbox. However, in the instructions to post a screen shot, I am not quite sure what this means: "Select the code listed as "Forum Thumbnail", copy the code and paste it in the thread where you report your problem".

Many thanks,

[tanstaafl]

That's because the instructions assume you use something more image oriented such as imagur which provide snippets of HTML designed to be copied and pasted in order to display your uploaded image. With dropbox, just post a link to the uploaded image file.