Quicken Email database hacked
I use a unique email address for every company and website I use (I own my own domain). The email address I use only for quicken.com, including this community, just received what at best is spam, at worst malware. Conclusion: Someone has sold or stolen the Quicken.com email address database.
What is the best way to report this to the security department within Quicken?
Comments
-
Hello @Bob@45,
Could you please provide more information regarding the spam/malware that you received and how you determined that it came from Quicken?
Thanks!
-Quicken Jasmine
Make sure to sign up for the email digest to see a round-up of your top posts.
0 -
The spam/malware did not come from Quicken. It came from an address in India.
The spam/malware was addressed TO my email address used ONLY on quicken.com.
So it's not Quicken generating a bad email, it's Quicken losing control of the email database.
I believe I can zip and send the entire bogus email to an appropriate email address in your organization if that will help.
0 -
@Bob@45 Could you please post some identifying content from the message so the rest of us can see whether we got it?
Quicken user since version 2 for DOS, now using QWin Premier (US) on Win10 Pro.
1 -
From: Mail Delivery System Mailer-Daemon@eyewebsolution.dnshostserver.in
"A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:" and it lists my quicken-only email address.
It then includes the "original" email, from "Mail administrator <my email address>", Subject: "Mail delivery: You have messages on hold", Body says "Two (12) incoming messages on hold. … [in red:] Restore pending mails below" with a button that says "Allow Messages".
Then attached is a "ForwardedMessage.eml" which may or may not be that "original" email — I don't open attachments of any suspicious email.
1 -
Thanks. I don't think I got it, but I have a lot of spam to sift through.
You should send the message, with all headers intact, to spoof@quicken.com
Quicken user since version 2 for DOS, now using QWin Premier (US) on Win10 Pro.
0 -
I don't see any reference to Quicken in this. As I read it, it came across to me that perhaps the email in question is one that was sent from your system to this India recipient where it could not be delivered. That would kick back a message like this to the sender of the original email.
Have you run a deep anti-malware scan on your system? It could possibly be that your computer has been compromised and some malware is sending out emails from your system to others.
Quicken Classic Premier (US) Subscription: R60.15 on Windows 11 Home
0 -
There is no reference to Quicken in this, other than the email address used. That email has only been used within quicken.com and never anywhere else.
Your suggestion re: my system would be reasonable, except I have hundreds of similarly unique email addresses, and this is the only one that has been abused in this way this month, and only once (so far).
And the original email that supposedly could not be forwarded, a) was not to India, but from Mail Administrator <my email>, to <my email>. b) the only reference to Inida is the From address Mail Delivery System Mailer-Daemon@eyewebsolution.dnshostserver.in, there is no indicating anywhere in the email headers that the email arrived in India from anywhere else.
The supposed original email is from my quicken email address to my quicken email address, with a return path of my quicken email address. If it was sent from my system, there would have been some email header pointing at source being my system, or my ISP, or my IP address, or the IP address of my router. None of that exists in any header.
Worth checking, but it appears to not be the case. I will be doing (another) deep scan regardless.
Bob
0