Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 205
  • Last Modified:

email fraud

Hello,

I am an IT Manager with app. a 100 users.

Several people complained that they received emails from other coworkers whom deny sending any (I believe them). However, two of these definitely came from the same outisde IP. I called the company who the IP belongs to (Level 3 Communications) and they said they can only give out information to a sapina. Are there any other options?

Thanks for your help.

Agi
0
akapas
Asked:
akapas
1 Solution
 
jimwassonCommented:
You can get a very good analysis of suspect email at Spamcop. They offer both a free and a paid service.

They are at:  http://www.spamcop.net/

You will have to register to use their reporting functions. You can then submit the emails to their analysis engine. It will give you a very good analysis of where the emails originated from. You can use the information without actually sending spam reports.
0
 
syn_ack_finCommented:
As you found out, there's little you can do by way of the ISP. Try talking to an ISP overseas about something like this.

What you can do is get a gateway system to prevent these spoofed emails from coming through. Symantec's SMTP antivirus gateway product that comes with their Enterprise edition can do this as well as a number of firewall systems.

Good Luck
0
 
zoidbergmanCommented:
I like to use www.geobytes.com
It will find whoever is sending the junk, and just to make things a little more interesting, go to www.globexplorer.com with the latitude and longitude for a satellite picture of the area.
also, www.spamspade.com might help.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
RohnishCommented:
YO!
Sounds pretty simple.
One of your collegues got infected with a beagle variant...
Ok does not have to be a beagle variant but what I mean is that one of them gets infected.. that ^%$# virus uses the address book and sends itself to everyone in the address book as if the infected user is sending them. Netsky as well does that.

Make sure EVERY single one of them has an Uptodate antivirus client. perform a seek and destroy day.
and eventually 100 users.. try using a mail server, If the company cannot afford MS exchange, try http://www.kerio.com/kms_home.html
excellent piece of softie.

FINALLY, do give up on finding who the real culprit is because it quite simply is an automated mass mailer.
0
 
RohnishCommented:
By the way,, been there, done that, TOTAL WASTE OF TIME! DO NOT TRY T FIND OUT WHO IT WAS!
0
 
akapasAuthor Commented:
I wish it was that simple. It was done throught webmail, my log tells me that much (the mail server log). And it was not a virus-generated mail, because A), it was only sent to the president and the vice-president and B) it had personal references to one of them.

So, this is a little more complicated than you think :-) But it's okay, we have investigators working on the case now, because we also had a break-in,  and someone had a list of my passwords.

But thanks for your input.

Oh, and I do have antivirus up-to-date.

Best,
Agi
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now