akapas
asked on
email fraud
Hello,
I am an IT Manager with app. a 100 users.
Several people complained that they received emails from other coworkers whom deny sending any (I believe them). However, two of these definitely came from the same outisde IP. I called the company who the IP belongs to (Level 3 Communications) and they said they can only give out information to a sapina. Are there any other options?
Thanks for your help.
Agi
I am an IT Manager with app. a 100 users.
Several people complained that they received emails from other coworkers whom deny sending any (I believe them). However, two of these definitely came from the same outisde IP. I called the company who the IP belongs to (Level 3 Communications) and they said they can only give out information to a sapina. Are there any other options?
Thanks for your help.
Agi
As you found out, there's little you can do by way of the ISP. Try talking to an ISP overseas about something like this.
What you can do is get a gateway system to prevent these spoofed emails from coming through. Symantec's SMTP antivirus gateway product that comes with their Enterprise edition can do this as well as a number of firewall systems.
Good Luck
What you can do is get a gateway system to prevent these spoofed emails from coming through. Symantec's SMTP antivirus gateway product that comes with their Enterprise edition can do this as well as a number of firewall systems.
Good Luck
I like to use www.geobytes.com
It will find whoever is sending the junk, and just to make things a little more interesting, go to www.globexplorer.com with the latitude and longitude for a satellite picture of the area.
also, www.spamspade.com might help.
It will find whoever is sending the junk, and just to make things a little more interesting, go to www.globexplorer.com with the latitude and longitude for a satellite picture of the area.
also, www.spamspade.com might help.
YO!
Sounds pretty simple.
One of your collegues got infected with a beagle variant...
Ok does not have to be a beagle variant but what I mean is that one of them gets infected.. that ^%$# virus uses the address book and sends itself to everyone in the address book as if the infected user is sending them. Netsky as well does that.
Make sure EVERY single one of them has an Uptodate antivirus client. perform a seek and destroy day.
and eventually 100 users.. try using a mail server, If the company cannot afford MS exchange, try http://www.kerio.com/kms_home.html
excellent piece of softie.
FINALLY, do give up on finding who the real culprit is because it quite simply is an automated mass mailer.
Sounds pretty simple.
One of your collegues got infected with a beagle variant...
Ok does not have to be a beagle variant but what I mean is that one of them gets infected.. that ^%$# virus uses the address book and sends itself to everyone in the address book as if the infected user is sending them. Netsky as well does that.
Make sure EVERY single one of them has an Uptodate antivirus client. perform a seek and destroy day.
and eventually 100 users.. try using a mail server, If the company cannot afford MS exchange, try http://www.kerio.com/kms_home.html
excellent piece of softie.
FINALLY, do give up on finding who the real culprit is because it quite simply is an automated mass mailer.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I wish it was that simple. It was done throught webmail, my log tells me that much (the mail server log). And it was not a virus-generated mail, because A), it was only sent to the president and the vice-president and B) it had personal references to one of them.
So, this is a little more complicated than you think :-) But it's okay, we have investigators working on the case now, because we also had a break-in, and someone had a list of my passwords.
But thanks for your input.
Oh, and I do have antivirus up-to-date.
Best,
Agi
So, this is a little more complicated than you think :-) But it's okay, we have investigators working on the case now, because we also had a break-in, and someone had a list of my passwords.
But thanks for your input.
Oh, and I do have antivirus up-to-date.
Best,
Agi
They are at: http://www.spamcop.net/
You will have to register to use their reporting functions. You can then submit the emails to their analysis engine. It will give you a very good analysis of where the emails originated from. You can use the information without actually sending spam reports.