• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1906
  • Last Modified:

Hacking into email

One of the girls in our office has just dumped her boyfriend.  He is not happy about this and has threatened that he will hack into her email and access all the emails in her mailbox.  He has told her that all he needs is her email address and he can do this with some software that he has.  Apparently he has done this before to someone else.

I know nothing about hacking.  Can anyone enlighten me?  Is it possible to do this?

We have a soho firebox.  The only thing being allowed in is UltraVNC which comes through on various ports which are forwarded to different PCs.  The VNC server on those PCs is using a DSM plugin encryption with a software key, and a password.

How would he try to get in? or can they intercept emails on the internet?

How does this all work?

(Layman's terms please...)
0
peparsons
Asked:
peparsons
4 Solutions
 
Jim HornMicrosoft SQL Server Developer, Architect, and AuthorCommented:
I'm going to go out on a limb here and say that you're likely not going to get this question answered here, as giving you an answer would be the equivalent of how to hack into an email address, and posting hacking solutions is against the EE Member Agreement http://www.experts-exchange.com/help.jsp#hi100

>...has threatened that he will hack into her email and access all the emails in her mailbox.
Perhaps a timely letter from your lawyer to this individual threatening certain consequences if this happens would be a good idea.

Hope this helps.
-Jim
0
 
peparsonsAuthor Commented:
I just need to know how to defend against hackers.  That can't be against the rules.
0
 
David-HowardCommented:
It sounds to me (system wise) as if you have taken the standard precautions to secure your enivornment.
Can he intercept an email on the internet? Highly unlikely.
Ensure that your co-worker does not have an easily guessable password. It should be no less than six characters long and contain alpha numerics as well. You could go so far as to create a new user account for her (alias if you will) and lock down her current account. But from what you have stated I would only do this if I had reason. Especially if this co worker converses with business contacts via her email account.
If he has hacked in to someone elses account I'm guessing that he had access to the user account name and a working knowledge of that person so as to make it easier to hack their password. Many users have generic and easily guessable passwords. Hackers run software designed for these types of passwords in order to crack them. You could think of it like a random number generator in reverse. These utilities simply run a database of common words, etc. in hopes of connecting with the right one. I honestly wouldn't go in to panic mode over a threat from this individual. I do like the idea of a certified letter from a lawyer being delivered to him though. Any attempt at hacking into any system corporate or private is a felony.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
nikorbaCommented:
Hi everybody , It's all about social Engineering . Giva ya an example
There are too many programs used to send fake Emails
So when he gets her email he can send her an email as the following
From : support@microsoft.com  ( He really can use it as a fake sender )
to :  her-email@mail.com
Replyto: his-email@mail.com
Subject : lost password or any dump sth like this

so in the mail he writes telling her that microsoft lost her password and she has to send it again
so if she believed that she would press ( reply ) and put her password and send it right away
she may not realize the ( reply to ) matter so the password now is in his inbox

Another way , is FAKE Pages , he can send her an email from support@microsoft.com
and the email contains a page to reset password but the trick that It's FAke
so she will type the password into the page and press okay , in this way the password will be sent to him

BUT BE SURE HE CANT HACK INTO HOTMAIL SERVERS

Another way , Trojan horses and Downloaders
HE can send her a normal link (.html) so when she click it , nothing will appear and trojan will be in downloading state

Another way , If he couldnt guess the password , he would guess her SECRET QUESTION
tell her to be careful about the secret Question , cuz he was her BF,  He knows alot about her
he may know her favorite person , coloure , etc..............
What else ?
mmmmmmmm let me thinking
there are too many ways.
But to defend his all tries
just tell her to do the followings.
1-Create a good password ( more than 6 characters as David-Howard  said ) and let it contains characters like this ( &#%@! with numbers and letters )
2-create A hard guessing secret question
3-Download and install kaspersky anti-virus personal from http://www.kaspersky.com/productupdates?chapter=146244099
4- never Open links from UNKNOWN ppl
5- Never trust THe HOAX emails

that's all for now
I hope that it helped u
If u have anyother question just drop it here :)
0
 
ppfoongCommented:

First question: where is your email server located? Is it accessible from the public Internet?
If it is located inside your office, and users can only accessible to their mailbox inside the office, which is the normal practice for companies using Exchange, Lotus Notes, etc., which could be further protected by token or SSL thingy, then it is less likely to be hacked from outside.

If it is a hosted email server, or accessible directly from the Internet, then as long as anyone can get the password to access into it, it is accessible. Therefore, strong protection to the password is needed, including implementing policy that forces users to change password frequently.

The staff password might already been known to the ex-boyfriend, so the immediate action is to change all passwords to something not easily be guessed, and never reveal the password to anybody, not even to her manager or IT personnel.

0
 
gidds99Commented:
Is your email server accessable from the internet?  If not and your network is otherwise secure then his claims would appear to be somewhat exagerated.  His claim, "He has told her that all he needs is her email address and he can do this with some software that he has." , would appear to be too good to be true.  I have never encountered any such software and if your systems are secured correctly and your network is isolated from the Internet then I cannot see how this could be possible.

As has been mentioned above a letter from your lawyer outlining the consequences of any attempt to access your systems or continued threats of this nature may be more helpful here than worrying about what would appear to be an empty threat.
0
 
peparsonsAuthor Commented:
Thank you all.  There is some good advice here.  I will chat to her some more and warn her about the social engineering stuff in particular.  We have changed her windows password already to something she has never used before.

0
 
nikorbaCommented:
You are more than welcome peparsons :)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now