Hacking into email

One of the girls in our office has just dumped her boyfriend.  He is not happy about this and has threatened that he will hack into her email and access all the emails in her mailbox.  He has told her that all he needs is her email address and he can do this with some software that he has.  Apparently he has done this before to someone else.

I know nothing about hacking.  Can anyone enlighten me?  Is it possible to do this?

We have a soho firebox.  The only thing being allowed in is UltraVNC which comes through on various ports which are forwarded to different PCs.  The VNC server on those PCs is using a DSM plugin encryption with a software key, and a password.

How would he try to get in? or can they intercept emails on the internet?

How does this all work?

(Layman's terms please...)
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jim HornMicrosoft SQL Server Data DudeCommented:
I'm going to go out on a limb here and say that you're likely not going to get this question answered here, as giving you an answer would be the equivalent of how to hack into an email address, and posting hacking solutions is against the EE Member Agreement http://www.experts-exchange.com/help.jsp#hi100

>...has threatened that he will hack into her email and access all the emails in her mailbox.
Perhaps a timely letter from your lawyer to this individual threatening certain consequences if this happens would be a good idea.

Hope this helps.
peparsonsAuthor Commented:
I just need to know how to defend against hackers.  That can't be against the rules.
It sounds to me (system wise) as if you have taken the standard precautions to secure your enivornment.
Can he intercept an email on the internet? Highly unlikely.
Ensure that your co-worker does not have an easily guessable password. It should be no less than six characters long and contain alpha numerics as well. You could go so far as to create a new user account for her (alias if you will) and lock down her current account. But from what you have stated I would only do this if I had reason. Especially if this co worker converses with business contacts via her email account.
If he has hacked in to someone elses account I'm guessing that he had access to the user account name and a working knowledge of that person so as to make it easier to hack their password. Many users have generic and easily guessable passwords. Hackers run software designed for these types of passwords in order to crack them. You could think of it like a random number generator in reverse. These utilities simply run a database of common words, etc. in hopes of connecting with the right one. I honestly wouldn't go in to panic mode over a threat from this individual. I do like the idea of a certified letter from a lawyer being delivered to him though. Any attempt at hacking into any system corporate or private is a felony.
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Hi everybody , It's all about social Engineering . Giva ya an example
There are too many programs used to send fake Emails
So when he gets her email he can send her an email as the following
From : support@microsoft.com  ( He really can use it as a fake sender )
to :  her-email@mail.com
Replyto: his-email@mail.com
Subject : lost password or any dump sth like this

so in the mail he writes telling her that microsoft lost her password and she has to send it again
so if she believed that she would press ( reply ) and put her password and send it right away
she may not realize the ( reply to ) matter so the password now is in his inbox

Another way , is FAKE Pages , he can send her an email from support@microsoft.com
and the email contains a page to reset password but the trick that It's FAke
so she will type the password into the page and press okay , in this way the password will be sent to him


Another way , Trojan horses and Downloaders
HE can send her a normal link (.html) so when she click it , nothing will appear and trojan will be in downloading state

Another way , If he couldnt guess the password , he would guess her SECRET QUESTION
tell her to be careful about the secret Question , cuz he was her BF,  He knows alot about her
he may know her favorite person , coloure , etc..............
What else ?
mmmmmmmm let me thinking
there are too many ways.
But to defend his all tries
just tell her to do the followings.
1-Create a good password ( more than 6 characters as David-Howard  said ) and let it contains characters like this ( &#%@! with numbers and letters )
2-create A hard guessing secret question
3-Download and install kaspersky anti-virus personal from http://www.kaspersky.com/productupdates?chapter=146244099
4- never Open links from UNKNOWN ppl
5- Never trust THe HOAX emails

that's all for now
I hope that it helped u
If u have anyother question just drop it here :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

First question: where is your email server located? Is it accessible from the public Internet?
If it is located inside your office, and users can only accessible to their mailbox inside the office, which is the normal practice for companies using Exchange, Lotus Notes, etc., which could be further protected by token or SSL thingy, then it is less likely to be hacked from outside.

If it is a hosted email server, or accessible directly from the Internet, then as long as anyone can get the password to access into it, it is accessible. Therefore, strong protection to the password is needed, including implementing policy that forces users to change password frequently.

The staff password might already been known to the ex-boyfriend, so the immediate action is to change all passwords to something not easily be guessed, and never reveal the password to anybody, not even to her manager or IT personnel.

Is your email server accessable from the internet?  If not and your network is otherwise secure then his claims would appear to be somewhat exagerated.  His claim, "He has told her that all he needs is her email address and he can do this with some software that he has." , would appear to be too good to be true.  I have never encountered any such software and if your systems are secured correctly and your network is isolated from the Internet then I cannot see how this could be possible.

As has been mentioned above a letter from your lawyer outlining the consequences of any attempt to access your systems or continued threats of this nature may be more helpful here than worrying about what would appear to be an empty threat.
peparsonsAuthor Commented:
Thank you all.  There is some good advice here.  I will chat to her some more and warn her about the social engineering stuff in particular.  We have changed her windows password already to something she has never used before.

You are more than welcome peparsons :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.