Forum Discussion

Pam613's avatar
Pam613
Contributor II
6 years ago

COX EMAIL HACKED ONCE AGAIN

My Amazon account was hacked again through my Cox email. This is the 4th time it has happened over the past few years. I have 2 factor authentication set up with Amazon  but they bypass that & click forgot password enabling them to get in through my Cox email account and then they change the password. I have changed email accounts & passwords numerous times to no avail. Looks like it time to use a different mail server since there's no security with Cox anymore.

  • My Amazon and Facebook were all hacked ...Amazon once and FB 5 times in last few days. Traced back to cox email.

    • CurtB's avatar
      CurtB
      Honored Contributor

      Hey, Eric.  I can see that getting hacked must be really annoying.  But, how do you know that it was caused by Cox email?  Thanks.

  • OpenBSD's avatar
    OpenBSD
    Contributor II

    Seems to me that you have a computer or computers that are compromised at home with either a virus, trojan or malware. Hackers have to gain access to your Cox email account by obtaining your password. You probably clicked on a link or an attachment you shouldn't have and infected a computer on your network at some point or downloaded something that was infected. Also if you plugin a flash drive into your computer that drive may have something installed that is infected. One you attach it to a computer it jumps on and spreads. This is a reoccurring problem it's most definitely a computer or device connected to your network that is infected. Change your network password as well and make sure anything wireless is using WPA2 not WEP or WPA as both of these have been defeated. Also use a virus scanner (Avast Free Version) and a malware program (Malwarebytes program) to remove the infection(s). I truly believe in your case this is a problem from your end.

    Final note. Make sure your passwords are not simple and also different for each webpage etc that you login to. Every password you create should be different and difficult. Example: Ne(w)*Pa_ss[@]H*0*m*E#^&#90210 .Also you can use a the free password manager KeyPass to store your passwords.

    • Pam613's avatar
      Pam613
      Contributor II

      I have a security software installed & it checks numerous times a week & says everything is fine. It's only my amazon account & my main email account that keeps getting hacked......no other emails or other accounts. I never download anything or use any flash drives that I haven't had for years. I've also changed my passwords numerous times & they're not simple passwords, even my family doesn't know them.

  • Bruce's avatar
    Bruce
    Honored Contributor III

    This doesn't sound right.  If you've changed your email account numerous times on Amazon, what are the odds somebody can navigate to those pages (Cox, Yahoo, Gmail, etc)...on their browser, mind you...and crack those passwords?  I suppose they could access all accounts if you're using the same email address and/or phone number as your recovery methods but if you've changed that password as well, the odds are still astronomical.

    Passwords aside, if you're using the Amazon Two-Step Verification, those codes are either locally generated (app) or locally accessible (SMS).  Meaning, nobody can see those codes unless they have access to your "primary mobile device."  If they don't have access to your primary device, they'd need access to your mandatory back-up device to either see or hear your unique security codes.

    It doesn't sound like somebody has access to your Cox account, but somebody has access to your device(s).  As BSD noted, something or someone has either infected your network or has access to your devices.

    However, if you're using the Amazon Alternate Sign-In for Two-Step Verification, this could be causing your mystery.  What is your first suspicion somebody has changed your password on Amazon; is it an error message after submitting your password?  If so and you're using the Alternate verification, that's normal because your password will change every time.

    Alternate Sign In for Two-Step Verification

    [Step] 4.  Add the security code to the end of your account password on the device or app you are attempting to register and submit again.  For example, if your password is "abcdef" and the security code you receive is "12345", then enter "abcdef12345" in the password field.  You will then be signed into your Amazon account.

    Reference:  https://www.amazon.com/gp/help/customer/display.html?nodeId=201962400

    If you're using the normal 2-step method, you can skip the security code verification by checking the option for Do Not Require Codes on This Browser.  This option needs cookies but if you're clearing cookies, you could be suspicious because Amazon will force you to re-verify again.

    If you're not opting to bypass codes or not clearing cookies, you'll need to review your account in Amazon for any unknown "trusted" access and then either untrust, deverify, deauthorize, deregister those devices.  If it keeps reappearing, you'll need to contact Amazon to investigate.

    You didn't mention if the hacker is actually ordering stuff on Amazon.  Are they?  If so, where are they sending the packages?

    • Pam613's avatar
      Pam613
      Contributor II

      I found out they got in through my Cox email & clicked forgot password on Cox & Amazon but they couldn't do anything on Amazon since Amazon sent the passcode to my phone.

      • Bruce's avatar
        Bruce
        Honored Contributor III

        If you...or somebody...clicks Forgot Password on Cox, what do you have to do?  Do you have to answer a secret question?  If so, change your secret questions and answers.

        However, if the somebody knows you well, they could be easily answering your questions.  If so, provide bogus answers you'd only know.  For example, if Cox asks, "What's the name of your childhood pet?"...use the name of a pet belonging to someone else that you'd uniquely know.

        Cox provides an option to reset your question-answer if you've forgotten the answer.  However, that could be a flaw if an unauthorized user knows everything about your account, such as account number, PIN, last-4, secret answers, etc.  I'm not sure how Cox has you verify this, such as either online or only via telephone.

        Is the password for your Cox user account different from Cox webmail?  I know there are two different links but if you change the password on your user account, does it affect your webmail account?  If not, then change the password to your user account.

  • My son has been hacked three times since December. Amazon, Lyft, Uber, all compromised and his debit card. Plus people opened accounts in his name and sent emails using his return email address. They were also able to simply go in and select forward all emails to their own account, (It was a gmail account) without any verification or authorization from me. It's insane how easily Cox gets hacked

    • Pam613's avatar
      Pam613
      Contributor II

      It's really scary with the lack of security........all log in websites should use 2 factor authentication & cox is lagging behind in this aspect of security with our accounts.

    • ROJ's avatar
      ROJ
      New Contributor

      My email also was hacked; got to my amazon and pay pal accounts.  All through my cox email.  They don't seem to be much help. Really pushing to pay extra for tech support.  I found out on my own how to look for filters and remove them.  Some of my emails were being re-routed to a gmail.  Cox needs a 2 step verification for security.  I'm cancelling my email and moving to a more secure email.