Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email hack/spoof?


  • Please log in to reply
5 replies to this topic

#1 MadSamurai

MadSamurai

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 20 May 2016 - 12:10 PM

Great day everybody, I'm a bit confused.  So, my boss's email address seems to have been compromised.  I, as well as others, started to get emails from her that she didnt send.  IP address isnt coming from the area, most are from uk or mideast.  Now, I know it's not tough to create an outlook account that disguises as somebody else but the problem is, where is it getting the addresses from?  She changed her password, which I don't think is going to solve the problem as i think the toothpaste has already left the tube.
I am hoping I am either wrong, and this compromise can be fixed, or for some guidance as far as next step.  We are hoping a new email address won't be necessary.
Some background, she is terrible with computers and I just removed some viruses off her system a week or so ago.  I ran malwarebytes but it only found a couple of pups that i deemed harmless so i left them.  If there are any scans or anything, please let me know what you would like me to get to you.  I will be heading out for the day shortly and won't have access to her computer over the weekend so any instructions given, I unfortunately won't be able to address them until Monday or Tuesday. 
Thanks for your help

Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Humannpower

Humannpower

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 20 May 2016 - 12:49 PM

In outlook off to the left of the senders name it should show you the original email address. What version of Outlook are y'all running?



#3 MadSamurai

MadSamurai
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 26 May 2016 - 10:16 AM

It shows it is coming from her email address but when i dig deeper, the ip is usually from somewhere in europe or the middle east.  The name though is different.  Sometimes it doesnt have a name, sometimes the name has been from one of our customers.  It is always her email, she gets the ones that bounce back.  She is running Outlook Pro 2010.



#4 Humannpower

Humannpower

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 26 May 2016 - 02:10 PM

Yeah than her email is being spoofed. Nothing you can really do except warn employees and customers.



#5 MadSamurai

MadSamurai
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 01 June 2016 - 12:56 PM

Hmm, OK.  So short of sunsetting that email account and starting a new one, there is nothing that can be done.  I kinda wondererd that but was hoping smarter people like you guys could give me a better alternative.

dang.

Thanks for your help



#6 Humannpower

Humannpower

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 01 June 2016 - 03:07 PM

Closing the email account wont do much if whoever or whatever is sending the emails is sending them using your bosses name. What you would need to do is to educate the employees and customers to look at the email address itself that the emails are coming from. 

 

Below is a test email from Outlook 2016. In the first red rectangle you will see the senders name. Now here is where the spoofing is mainly done as this can be changed to show whatever the sender wants the receiver to see. The second red rectangle is where the actual senders email address will be and where you'll need to pay attention to determine if the email is legitimate or not. The third red rectangle will contain the name or email address of the receiver(s). Now this is just Outlook 2016 but most email programs and email websites will be in a similar format.

 

3Vh6Fd2.png


Edited by Humannpower, 01 June 2016 - 03:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users