I have for some time suspected that someone had been able to have
access to my web based email account through netscape.  When I log on
to my acccount I don't necessarily see any traces of my work within my
account.  How can I check on a periodic bases to see if there has been
any entrance into my email accounts that is not me?  Any  helpful
ideas of how to evaluate my accounts for this would be helpful.  I
follow all of the usual privacy and password guidelines to ensure the
most effective security codes and procedures on my part, I'm looking
for other more unique ways to make sure no one has been entering my
email accounts.
THANKS!

---

Clarification of Question by mdriver-ga on 27 Jul 2002 20:19 PDT

I have for some time suspected that someone had been able to have
access to my web based email account through netscape.  When I log on
to my acccount I don't necessarily see any traces of my work within my
account.  How can I check on a periodic bases to see if there has been
any entrance into my email accounts that is not me?  Any  helpful
ideas of how to evaluate my accounts activity or tips on how to
recognize that some individual is reveiwing my emails is what I would
need.    I work on a Ibook with OS9 and no one has access to my
computer although additional security measures to ensure that my
information is safe also would help me out.

I follow all of the usual privacy and password guidelines to ensure
the
most effective security codes and procedures on my part, I'm looking
for other more unique ways to make sure no one has been tampering with
 my pop or imap accounts.
THANKS!

---

Request for Question Clarification by ephraim-ga on 28 Jul 2002 12:41 PDT

mdriver,

In order to answer this question, I would need more information such as:

1) What type of e-mail account is this? Is it an account with an ISP?
   Is it an AOL account? Yahoo? Text-based and from a university? Wed-based?
   Hotmail?

2) Why do you believe this to be true?

3) What do you think this person is doing? Are they reading your e-mail?
   Writing messages in your name? Something else?

The short answer is that there *are* ways you can monitor your account's
activity, but these ways are as numerous as the types of accounts that
exist. In addition, you will very likely need the cooperation of other
people in order to implement a monitor.

/ephraim

---

Clarification of Question by mdriver-ga on 28 Jul 2002 14:43 PDT

Ephraim,
The account is a web-based via netscape and have accessed this
acccount from my home Ibook and use Explorer 5 as my browser.  But I
have also used Windows on a PC desktop in my home to on occasion pick
up my emails.

I suspect (the snooping) to be the case because I am aware or
suspicious of an individual I was involved with not too long ago,
having access or apparently having access to some information that I
nor anyone else has shared.  The information has ALWAYS been in my
emails after further investigation.  At one point, I thought of
planting some info. on my email account to see if the person would
pick up on it.  This seems to devious and if possible I'd like to know
of a way that I could prove that this person is logging into my
private account.

I do not have any information to beleive that this suspected person
has sent anything out in my address or has misrepresented me in
anyway...but I don't have anyway of knowing this for sure.  I have
noted that some emails that I've kept since the intiial opening of
this account have been deleted and suspected others I had in a folder
have also been deleted.  Thanks for your help.

My company has a CD card product which is an ISP connection that runs
totally off the disk, there is no software install on the host PC
(unfortunately not Mac yet...but you could use Virtual PC.. and added
application...and an added protection layer) which is a secure,
anonymous connection. It doesn't leave any cookies, browser history or
cache on the host PC - all that data is stored on our server. You need
to have the physical CD card in the drive to access the history, cache
and cookies. Unfortunately we don't launch it into America until next
year, and I can't advertise my own interests as a researcher. But that
is a unique way for added security.

lot, 
I appreciate the lead and will be on the lookout for the new
resource...it might be a solution for some of us concerned with
security issues.

I'd suggest contacting the Netscape Mail people, tell them the
situation and see if you could get a log of the times your account has
been accessed.  You may not get a response, but it would be worth a
try.

I agree that you should contact the e-mail provider and request access
information, if it is available.  Additionally, I suggest changing
your password.    Do not use any word or name in your password that is
locatable in a dictionary.  My system administrator uses a password
harvesting program that can grab these passwords in mere minutes.  for
example, 89Ilovedogs22 is a terrible pasword.  8sa8d7s is a much
better one, although harder to remember and not failsafe.  Also, do
not use passwords longer than 16 characters, as most e-mail providers
do not support this level of encryption, and you will find that typing
in half of your password allows access the same as entering the entire
thing.  After changing your password, you may want to keep in mind
that web-based e-mail systems are not a very good way to pass
confidential information.  Yahoo, among others, is particularly
susceptible to password cracks.
If you know which PC you think a person is using to break into your
account, I suggest that you download one of many free
keystroke-logging programs.  You can use these to monitor access, and
some even take screen shots and store them in the computer's memory so
you can monitor any and all activities.  They are discrete, and some
do not even show up in Window's Task Listing, so they are nearly
undetectable.  This is particularly useful if you suspect a family
member is doing this using your home computer.  Be advised, however,
they store every key stroke and thus eventually take up a bit of HD
space, and need to be expunged periodically.  I do not remember which
one I used, but it had the word "star" in its title.  It was
wonderfully discrete and thorough.
Some E-mail providers also allow you to forward mail to MS Outlook,
where it leaves the e-mail received in the internet-based accoutn and
also forwards a copy to your computer.  This is terribly insecure as
Microsoft has all sorts of security holes, but could serve as a cheap
monitoring device.  Check both e-mails daily, if you suspect things
are being erased, and if something appears on your PC that did not
appear in your internet based e-mail, you can rest assured that
someone is deleting messages.  They will never even know that you used
this slightly sneaky ploy and you will know of their intrusion,
although maybe not their identity.  Goodluck...

Also, one small hint.  If you are storing old mail, there is also the
possibility that your e-mail providor is deleting the messages for
space reasons.  This is common practice and you should not be alarmed.

-dexterpexter

Sorry if this sounds obvious, but it hasn't been mentioned yet.  While
it won't help you figure out if this person has been reading your
mail, the easiest way to prevent them from possibly getting into your
mail again is to change your password.

If you want to catch them in the act, you might try a "web bug." 
While their legality is up for debate, it might work for you.  What
you do is embed a little hard to see HTML in a piece of HTML mail (or
web page).  If someone views it, it automatically sends back a "homing
signal" to another server that you specify.  Usually that signal would
contain an IP Address (a numeric internet address.  When you have an
IP address you can check what ISP it came from.  If the person you
suspect is browsing from a university, a specific country, or place of
work you can usually identify it.

For more details on web bugs see:
http://www.eff.org/Privacy/Marketing/web_bug.html

Chris

Do you still suspect unauthorized access after regular password
changes and making sure that your password retrieval alternate email
address is secure? If so, did the "suspicious individual" have access
to your hardware (iBook, PC, router, etc.)? They may have compromised
your computer(s) and/or network security and/or the security of other
computer(s) and/or networks they know you might use to check your
email. Worse case, it could be an issue with your service provider
(e.g. meddling employee).