Email Hacking

[The Soup Dragon]

I have an email trail to a client that that contains on invoice for payment ( outlook).

The email trail on his computer contains extra emails from "me" telling him about a change of bank account details, which he tried to pay without checking first. Luckily his bank spotted a problem.

He is now telling me that I have a problem with my email system. These extra emails are not in my sent mail. I think someone has been in on his side of the fence and managed to insert these emails somehow................ anyway I have changed passwords but was hoping some of you IT folks might have seen this before.

 

[Alcom IT]

The first thing I'd suggest checking is the email address. Do the fake emails come from EXTACTLY your email address?

It's easy for scammers to create fake email addresses that look very similar to your email address. For example gooogle.co.uk is clearly spelled wrong but very hard to spot if you don't know to look.

That's the first thing to find out as that will tell you where to start looking.

 

[The Soup Dragon]

It does look the same yes. I cant spot any different font letters or anything

 

[Alcom IT]

If the email they received comes from your domain name then you have either had your email account hacked or you don't have any SPF or DMARC records set up on your domain to prevent spoofing. The next steps would require expert investigation and tracing to see where the issue lies and whether there is still a leak. We've seen before that an account can still be compromised even after the passwords have been changed as the scammers have opened up other holes in the system once they gained access. It all depends on who your email system is with and what security measures are in place.

 

[The Soup Dragon]

If the email they received comes from your domain name then you have either had your email account hacked or you don't have any SPF or DMARC records set up on your domain to prevent spoofing. The next steps would require expert investigation and tracing to see where the issue lies and whether there is still a leak. We've seen before that an account can still be compromised even after the passwords have been changed as the scammers have opened up other holes in the system once they gained access. It all depends on who your email system is with and what security measures are in place.

Its with Godaddy and is set up on my laptop using outlook

 

[fisicx]

Which suggests some one has purloined your email credentials and is spoofing your accounts.

Don't use Godaddy.

 

[The Soup Dragon]

Which suggests some one has purloined your email credentials and is spoofing your accounts.

Don't use Godaddy.

Well it appears to be fixed now but it has been very stressful!

Have you heard of problems with Godaddy................................?

 

[Blood Lust]

I have an email trail to a client that that contains on invoice for payment ( outlook).

The email trail on his computer contains extra emails from "me" telling him about a change of bank account details, which he tried to pay without checking first. Luckily his bank spotted a problem.

He is now telling me that I have a problem with my email system. These extra emails are not in my sent mail. I think someone has been in on his side of the fence and managed to insert these emails somehow................ anyway I have changed passwords but was hoping some of you IT folks might have seen this before.

You need to get in contact with a local IT company to investigate and fix whatever security issue is going on. Depending on the security issue you may also be breaking the law albeit unintentionally.

You may find if you have employees that its one of them or it could be that your email system is compromised by an outside party. In which case its highly likely you are not maintaining the appropriate standards of cybersecurity. Although it is not impossible for it to happen when standards are correct and proper, but far less likely?

Do you have a website? Does it take SQL commands? If so have you turned off SQL error messages to the outside and disabled commands your customers dont need?

Is there a route from the outside to an unencrypted file containing your usernames and passwords? If you have employees do they have access to such a file?

Have you got a suitable and reputable virus checker and firewall? Are they turned on? Does it scan emails? When it comes to safe email practices have you clicked on any download links in fake emails?

It is very hard to get your email login credentials unless there is a weakness somewhere.

 

[Paul Kelly ICHYB]

Well it appears to be fixed now

What appears to be fixed? The issue with your client or your email?

 

[The Soup Dragon]

What appears to be fixed? The issue with your client or your email?

Spent half an hour on the phone with godaddy went through things and there was a rule set in my email that I didnt put there. That was deleted and passwords changed. Now seems to be all good again.

 

[Blood Lust]

Good to hear its sorted, some final points if you have other employees.

It might be worth checking out if the platform allows you to set yourself up with email administrator control where you can change your employee passwords. Change them once per month.

Eitherway please make sure your own administrator password is kept encrypted.

 

[RedFuse]

Email hacking is a significant cybersecurity threat, impacting personal privacy and organizational security. Hackers often use phishing, malware, or social engineering to gain unauthorized access. The consequences can be severe, from identity theft to financial loss. It's crucial to use strong, unique passwords, enable two-factor authentication, and stay vigilant about suspicious emails to protect oneself from such threats.

 

[Ozzy]

Heh @RedFuse ;
Last month called and they want their AI generated content back.

 

[Nick@Daydot]

I think it's not that hard to spoof the 'from' field in an email and even 'reply to', so it's not necessary to hack an account to make it appear to have come from that account. In such cases an inspection of the email headers can reveal the spoof. It may not have applied in this case, I'm just sharing.