Link to home
Start Free TrialLog in
Avatar of HardwareDude
HardwareDude

asked on

Spearfishing

One of the staff recently got a spearfishing message with surprisingly accurate name and email address (Jeremy Badcock, our CEO, Hector Maginski, our COO (names were changed to protect the inocent, for purposes of this posting), can someone help shed some light on whether someones email password was compromised, or whether the hackers simply guessed right? (Email internet headers are below the message).  We use Office 365 hosted exchange as our email server and Outlook 2013 as our email client:
the message read:

From: Jeremy Badcock [mailto:jeremy@businesstest.org]
Sent: Monday, July 27, 2015 8:38 AM
To: Hector Maginski <program@businesstest.org>
Cc: Hector Maginski <program@businesstest.org>
Subject: Request
Hi Hector,
How are you doing today? hope you are having a nice day. I have a few transactions which i want you take care for me today. Let me know the required information needed for you to process the Wire transfer.
I will appreciate swift response
Thank,
Jeremy Badcock


X-Vipre-Scjeremyd: 1B5AC67900A5841B5AC7C6
Received: from CY1PR0101MB1465.prod.exchangelabs.com (10.163.138.143) by
 CY1PR0101MB1465.prod.exchangelabs.com (10.163.138.143) with Microsoft SMTP
 Server (TLS) id 15.1.225.19 via Mailbox Transport; Mon, 27 Jul 2015 12:38:18
 +0000
Received: from BL2PR01CA0051.prod.exchangelabs.com (10.141.66.51) by
 CY1PR0101MB1465.prod.exchangelabs.com (10.163.138.143) with Microsoft SMTP
 Server (TLS) id 15.1.225.19; Mon, 27 Jul 2015 12:38:01 +0000
Received: from BL2FFO11OLC003.protection.gbl (2a01:111:f400:7c09::187) by
 BL2PR01CA0051.outlook.office365.com (2a01:111:e400:c1b::51) with Microsoft
 SMTP Server (TLS) id 15.1.225.19 via Frontend Transport; Mon, 27 Jul 2015
 12:38:00 +0000
Authentication-Results: spf=none (sender IP is 97.74.135.184)
 smtp.mailfrom=nameplateamerica.com; businesstest.org; dkim=none (message
 not signed) header.d=none;
Received-SPF: None (protection.outlook.com: nameplateamerica.com does not
 designate permitted sender hosts)
Received: from p3plwbeout10-02.prod.phx3.secureserver.net (97.74.135.184) by
 BL2FFO11OLC003.mail.protection.outlook.com (10.173.161.187) with Microsoft
 SMTP Server (TLS) id 15.1.231.11 via Frontend Transport; Mon, 27 Jul 2015
 12:37:59 +0000
Received: from localhost ([97.74.135.243])
      by p3plwbeout10-02.prod.phx3.secureserver.net with bizsmtp
      id xQdy1q0035FFQy901QdyRZ; Mon, 27 Jul 2015 05:37:58 -0700
X-SID: xQdy1q0035FFQy901
Received: (qmail 20760 invoked by uid 99); 27 Jul 2015 12:37:58 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 67.213.218.74
User-Agent: Workspace Webmail 5.15.0
Message-ID: <20150727053756.5fb39ab8a7c47f52f9eaa301298976fa.6966a96260.wbe@email10.secureserver.net>
From: Jeremy  <jeremy@businesstest.org>
X-Sender: kiko@nameplateamerica.com
Reply-To: Jeremy Badmitten <boardmanagement47@gmail.com>
To: <program@businesstest.org>
CC: <program@businesstest.org>
Subject: Request
Date: Mon, 27 Jul 2015 05:37:56 -0700
MIME-Version: 1.0
Return-Path: kiko@nameplateamerica.com
X-MS-Exchange-Organization-Network-Message-Id: 524fc9d0-eb66-43ab-294b-08d2968034f2
X-EOPAttributedMessage: 0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Matching-Connectors: 130824742801239047;(8cea95d8-89c9-4167-90d4-08d283062957);()
X-Forefront-Antispam-Report: CIP:97.74.135.184;CTRY:US;IPV:CAL;IPV:NLI;EFV:NLI;SFV:SPM;SFS:(6009001)(2980300002)(428002)(189002)(43544003)(199003)(55666002)(23846002)(16796002)(189998001)(62966003)(450100001)(77156002)(23676002)(54356999)(50986999)(5001970100001)(4001350100001)(4000960100001)(53806999)(4001600100001)(90146999)(101416001)(110136002)(56816999)(6806004)(42186005)(93046001)(83506001)(2351001)(103116003)(50466002)(106466001)(105586002)(63326003)(66066001)(17816001)(111066002)(118296001)(87836001)(43066003)(45826003)(229853001)(33646002)(558084003)(221733001)(46102003)(26826002)(3810500003);DIR:INB;SFP:;SCL:5;SRVR:CY1PR0101MB1465;H:p3plwbeout10-02.prod.phx3.secureserver.net;FPR:;SPF:None;MLV:nov;MX:1;A:1;PTR:p3plsmtp10-02-2.prod.phx3.secureserver.net;LANG:;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0101MB1465;
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(3002001);SRVR:CY1PR0101MB1465;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0101MB1465;
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2015 12:37:59.9211
 (UTC)
X-MS-Exchange-CrossTenant-Id: 119905f8-d651-40d7-a9d5-b6f87a4de10e
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0101MB1465
X-MS-Exchange-Organization-AuthSource: BL2FFO11OLC003.protection.gbl
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:18.3139051
X-Microsoft-Exchange-Diagnostics:
      1;BL2FFO11OLC003;1:bMjKsSzor7PiW058yHatjWlJdTgQ6M1aSh7/COmC9JkV4L9W3bMY6Tj8kiL3T+knFiM7yQwFCdnImryK9KrgHYgMgo+4LjJZ72UryCEBYcq4jUFIUXFdsnvGUsBQ1d5d+hhp811y3X6iAhCoQT/4Wa4WrSo7sb9C0SfYn+/iJ/uraHor1SLn/aTBwe3VNx1ka/5rI/SICUKRckQNJsCs4YpWCSj/ctLwJrgvN+byfE9nTOq9SBzbZuqQxr8LhUvqY9SelIkzfSK0r44pdOyLIs2RcpbgGsUS6orfvVkLXMY=
X-Microsoft-Exchange-Diagnostics:
      1;CY1PR0101MB1465;2:V1TNtJw6FIcsz/SXPAdiRL/wuedNfg4N3XUqj+DFoWv1H6acnKvwKmPN4QsjcUSsefDg6BzrEhwaDO9vsNix+MKjBKVeTI4SvjnQ99pJ6WqeQQZtBZHkOXKG9nohSos3zXbwo6z2nWk9rgcxPSF29gNrN+win6Q1zWOKQyKtGeA=;3:He0U7UJy4+hMK7ogitlivwUfSYvo615bA+wpFwz0WHo/ynV7lTrFyOa/3Iqjf9CNPJ6bWdXUH34oLkZ3RIFjRfM/osx66UWRUkwqYPVoB5k86G9uAr/WOr9Lgbkh1YYPhaBwfxyIJBEB0gTaSS+FkAQkdlx7h4LF8cW3pO6BhTrVkNglUkl6Nl3If9MWLJpXA99Mp1FTVoXzP+jUbPJjnJG9i2dFPayWXUaJS24pMDQ=;25:W7uCdITfCcfjKkSBlAb0U+OgEP/ANtRekZ/MSK75Tt/wf8MOhrXz2U6PuKWKQNv1bruaqNP974dIbPrDMuH0EMBE58NuC2r0pVFFfjwLBidTCtNtVmZP1wFIig+2tXmeXJt+0SUcgaR+VG6bQNYQcV0RDmEl+PyU1SHF/MvETVhU6pLplPAC7jdxESRV7g2yK9JwpteleZIR6CCyTG1ZfjgPOnsKV2zBO3v/4f7MRUGxYPOdYFiVi5aAtMPnS7Hmk9NpwGrOdF94X8hztSmoWA==
X-Microsoft-Exchange-Diagnostics:
      1;CY1PR0101MB1465;4:ls9GW6Ggumi/49xiqZ5pj8Ha+h5QIxlS6J/81gLXtJgKvkqRO3p8Co02jSqHx0AOWfzJ7xFpIMeYu8irrYw8ysJscCOFJDLnMrRF8CP64N7S/T1OmsyFUldEJ6wj2rFQEpRMpMRNvh3P5qwRFBK7ztyordccBhQsTYzL4C9fKfNwezoBy0cO0ytV+YX/b80Z6Vm5hXNEL/9mHfnn3I1k2y/CNCF9iXwdSByLY4GWU77YzwuqnMLO3TFHNJ+adgan7xktwk/PN6ztrTIf+OnYUA==
X-Microsoft-Exchange-Diagnostics:
      =?us-ascii?Q?1;CY1PR0101MB1465;23:SQv247Oeghga0y8vo/+1dNUCHqKDjTle8ZFgXYT?=
 =?us-ascii?Q?06MA4vc++l28JuttnFxbBm+RESW2y7B6ZgadWDLkvPIb9BU0TGDaobvBPvh6?=
 =?us-ascii?Q?Xq5I5TB1xzmM3dbdOkT47E4vqPyvimLhyETHzRclPGikPqmeO7tKM2WZ9asW?=
 =?us-ascii?Q?smjItvpcAovpoe5LbgQ0NjU8GIZ1RzSblESw0zRknnFTFDEQPIVJaVSe5rId?=
 =?us-ascii?Q?5GQmzygevwBVNZ8ADQmW6jx+YwTGsM0poFt7BoRmOmVQMBfor7/RWkzTPdOB?=
 =?us-ascii?Q?VXbmEbYRqOHMenEv63XZUrfEZr5NbmRSN3HngFnXpJycZBI6xJQ4QIefP7/j?=
 =?us-ascii?Q?Dwkl7ALtDkmqLcP8HABnmM9dZtYCv8KRyUJpVhJABm8XH9B5WaEQV9EvGH7f?=
 =?us-ascii?Q?mh6vQqgx5hWJ32UMLG3Vh1a8KxBKBDEQeGIr8Y6q6nfdWYnQivaoZoeSQg22?=
 =?us-ascii?Q?QDyqvHX6yqSVaD1Oxd0nKyXeNfYqPoQ0Frw3DqJIVXdaFZojpmV6ILF3MuOo?=
 =?us-ascii?Q?9q16LkNy3fgB+Ptl49pShGWg32I2aV12JJaw+KeWiDasSh0lDOCbufazt7Lc?=
 =?us-ascii?Q?rxPaWsKzg68ehVyblWwAuvnxqFeVsTXVRqoVBJ2Mz5XIsE1DGRxk0qQKtoUr?=
 =?us-ascii?Q?RyTrRs79ir9exDmrqV1tX7oaYXxGjzHSYGPU3Nguzq+/dj2bj/jXqjAIG9GG?=
 =?us-ascii?Q?GSKeE+NO/2OrY5w5fIxzfwmlLPM11oVzP+lTNmmr55xV0X9ypUgHQsSvdJZl?=
 =?us-ascii?Q?TVcYr0a5Hx/QXXHmrz4hI6U/3tEcNocBzhrE03jxYnXq00hGmKf7ZUBCgtbB?=
 =?us-ascii?Q?LVl9hHCxkQejlAKhRmtkVIwVzhX3m9IDbkzOpDLQIy6fBrUI3D52T4gnnHZ9?=
 =?us-ascii?Q?VH3P6cd88HSsSTs+59OFA70HLid7VzzUoSPy4crvDlYSrh/NPnaDIAxY4XjO?=
 =?us-ascii?Q?KfRZPBh/QF/iLVkiV82kdoOj67/tab7oNnfRQatKityfQygrt052ws2z+EX6?=
 =?us-ascii?Q?fxKCD/allbkpS7JxUPoKN5T3me0k77n3ctJ1XakX1ao0OQQDGgK42RcqUqhh?=
 =?us-ascii?Q?BFDSVMPzmJ6dqHt42q0YsQ29ZMxadVEG9DoOH/gB1NMzgDsp1ikgoSX7hUP3?=
 =?us-ascii?Q?yPLM/XToeWettmENzBTOyrWTUmo2sIzWMxGsiDCpx7lXSL8IVYW3yQ6cY9DS?=
 =?us-ascii?Q?LZU6VwvfMC/5BzjwQ4aOpp/7K5u8NX2dfPCoN56py97FGQXf+GJk2g2nBrC6?=
 =?us-ascii?Q?t/1wG+NNGqBGOTmjgCrLH5qQ5pP+/STiQ62/DOH6VzCezlqT47rbNpDDl8tW?=
 =?us-ascii?Q?ZLoDFRSmXzyMSTvCKkXZjeLGUZ3LKYKmm/6oKSCLfKNTz?=
X-Microsoft-Exchange-Diagnostics:
      1;CY1PR0101MB1465;5:B14qkVjbj2gL1/6ntYR6NKVbsuzZV85y2V2pfI78TTHEEgRrb3F1k6QhNu8Un0UrVnlcooMImiy7nf3aHvKhBTVc7xdafjJd82RMc61e/sK1bWU4T5WWs8ZQR7OZugou6Gbz+l2ayyLRYZwm6IMiOg==;24:zvOUmjtroaX3Gboh5/DVRCxUJhqDPTeZ+bBrbGiJTRu2y/RK0jjJ9uPH/yXWXeCl52OHg8m3qD0obTswgO5SIw==;20:yIvCHalqI6GZIkO3B23ksqKUqaxAlf+awuEQNb5xQpVcNXE1r8/vLMBFt4fdylmIEm/6MaIRQ1uPKrfwnX8TYQ==;9:5sKlJVUd/tuUXm24hI9h8uIIuR+YsxORiyGqtkM4DmVl61Y6PRTH7FpLOyIEthiMnuSbu2Tcy5zvj9btPdxCtSARPAIGpscku759kEGECD8vSF/XWNuQKaG43aEElD4h
Avatar of DMTechGrooup
DMTechGrooup
Flag of United States of America image

Are your email address for executives on a public website? Would most likely not be compromised.  We get similar emails every now and then with the same text.
ASKER CERTIFIED SOLUTION
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial