My email was compromised. Fake message sent as from me.

I use gmail in Google Apps.  I am also using Outlook 2010 as my upfront GUI.  i just experienced a spoof.  A fake email as from me was sent to recipients in my address list.  I have now changed my password, though that might not be the problem.  My previous password was a randomly generated one done by my LastPass password manager.  It would have been impossible to guess.  But this spoof job was maybe done without their getting into my account.  So at this point I have ...
1. Changed the password
2. Run Adwcleaner and Junkware Removal Tool.  I plan to also run Malwarebytes Antimalware.

Should I send a real message to my whole list with an apology or something?

What else should I do?
Josh ChristieAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jonathan BriteSystem AdminCommented:
It was probably just spoofed as though it came from you but did not really come from you.  Can you please post the headers so we can take a look?  This is a common occurrence with many folks, kind of like Bill collectors using your own name/number on caller id when they try to call you.
0
Jonathan BriteSystem AdminCommented:
also, just in case, try running MalwareBytes AntiRootkit as well.  MBAR for short is available as a direct download from majorgeeks.  I love that tool.
0
KimputerCommented:
You need to check if the message came from your computer, came from another server or came from Google's own server. You have to ask one of the recipients to send you that email back to you WITH FULL HEADEERS:

Header points to your computer: Clean computer (NOT IN Windows! Scan using boot cd or USB from Avast/AVG/etc/etc, run from 2 different companies to be totally sure)
Header points to Google: Your password WAS somehow intercepted and used. Changing password might provide a solution, as long as you know how it leaked. If you don't know how it leaked, it might still pose a problem, as it might happen again (keylogger on your pc? phishing?). Scan computer just to be sure (see above point).
Header points to random IP number (probably foreign): Somehow your contact details were leaked (maybe you signed into a website with your gmail username/password?) Did you give access to your gmail through a third party website or plugin? Change Gmail password is necessary, as is scanning your PC. However, your contact details are now saved and put in a database to be sold to marketeers/spammers. It might happen again, and it will be totally out of your control.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Josh ChristieAuthor Commented:
One of my contacts forwarded this spoof email to me.  Here it is.
eReport-email.msg
spoof.txt
0
David Johnson, CD, MVPOwnerCommented:
is your machines ip address 10.50.241.35? if so then your machine was compromised.  BTW your emaii is on a blacklist
0
Josh ChristieAuthor Commented:
Yes, I believe my IP is 10.50.241.35.  If I compare the email I attached above with a perfectly legitimate one, they both show that IP.  BUT, I think I misled you.  My friend forwarded to me the fake email.  That's what I attached above.  So I believe you are reading the header for my friend's forwarding email to me.  Since last Friday I have been able to obtain the headers for the fake email itself as another friend received it.  I am now attaching that below.  This should be a clean document, not contaminated by forwarding information.  It looks to me as though my IP does not appear in this document.  But you are the experts.  What do you read from it?
0
Josh ChristieAuthor Commented:
Ooops... Here is the attachment.
fake.txt
0
KimputerCommented:
Still all mostly internal IP numbers, which suggest something in your company has been compromised. Please trace down this IP's 10.50.93.6  workstation and check what's going on there.
0
Josh ChristieAuthor Commented:
All of our workstations' IPs begin with 192.168.
Incoming messages all seem to show 10.50.241.35, so that seems to have something to do with my incoming email.  
If I look at the headers for a typical email that I sent or an email that I receive, neither of them has 10.50.93.6 anywhere in the text.  Could that be the IP of the hacker who imitated me?
0
David Johnson, CD, MVPOwnerCommented:
the message originated via a web browser. so you email account has been compromised.. time to change passwords and enable 2 factor authentication
0
Josh ChristieAuthor Commented:
I have changed my password since the event occurred.  My password manager creates a password that is a mixture of letters, cases, numbers, and characters... impossible for anyone to guess.  But anyway I have changed it.  So how safe am I now?
0
KimputerCommented:
David is correct, seems those 10.50.x.x IP's were Google's internal servers. Therefore your password change should already have solved it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Josh ChristieAuthor Commented:
I grade this as a B because I can only be sure it's solved after a reasonable time passes with no new issue.  Thanks
0
KimputerCommented:
That's no problem. Hope you took David's advice on the two factor authentication from Google, as it will add an extra safe warm fuzzy security blanket to comfort you.
0
Josh ChristieAuthor Commented:
Yes, thanks, I learning about Google's 2-step verification.
0
Josh ChristieAuthor Commented:
Got it... thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.