Spearfishing

One of the staff recently got a spearfishing message with surprisingly accurate name and email address (Jeremy Badcock, our CEO, Hector Maginski, our COO (names were changed to protect the inocent, for purposes of this posting), can someone help shed some light on whether someones email password was compromised, or whether the hackers simply guessed right? (Email internet headers are below the message).  We use Office 365 hosted exchange as our email server and Outlook 2013 as our email client:
the message read:

From: Jeremy Badcock [mailto:jeremy@businesstest.org]
Sent: Monday, July 27, 2015 8:38 AM
To: Hector Maginski <program@businesstest.org>
Cc: Hector Maginski <program@businesstest.org>
Subject: Request
Hi Hector,
How are you doing today? hope you are having a nice day. I have a few transactions which i want you take care for me today. Let me know the required information needed for you to process the Wire transfer.
I will appreciate swift response
Thank,
Jeremy Badcock


X-Vipre-Scjeremyd: 1B5AC67900A5841B5AC7C6
Received: from CY1PR0101MB1465.prod.exchangelabs.com (10.163.138.143) by
 CY1PR0101MB1465.prod.exchangelabs.com (10.163.138.143) with Microsoft SMTP
 Server (TLS) id 15.1.225.19 via Mailbox Transport; Mon, 27 Jul 2015 12:38:18
 +0000
Received: from BL2PR01CA0051.prod.exchangelabs.com (10.141.66.51) by
 CY1PR0101MB1465.prod.exchangelabs.com (10.163.138.143) with Microsoft SMTP
 Server (TLS) id 15.1.225.19; Mon, 27 Jul 2015 12:38:01 +0000
Received: from BL2FFO11OLC003.protection.gbl (2a01:111:f400:7c09::187) by
 BL2PR01CA0051.outlook.office365.com (2a01:111:e400:c1b::51) with Microsoft
 SMTP Server (TLS) id 15.1.225.19 via Frontend Transport; Mon, 27 Jul 2015
 12:38:00 +0000
Authentication-Results: spf=none (sender IP is 97.74.135.184)
 smtp.mailfrom=nameplateamerica.com; businesstest.org; dkim=none (message
 not signed) header.d=none;
Received-SPF: None (protection.outlook.com: nameplateamerica.com does not
 designate permitted sender hosts)
Received: from p3plwbeout10-02.prod.phx3.secureserver.net (97.74.135.184) by
 BL2FFO11OLC003.mail.protection.outlook.com (10.173.161.187) with Microsoft
 SMTP Server (TLS) id 15.1.231.11 via Frontend Transport; Mon, 27 Jul 2015
 12:37:59 +0000
Received: from localhost ([97.74.135.243])
      by p3plwbeout10-02.prod.phx3.secureserver.net with bizsmtp
      id xQdy1q0035FFQy901QdyRZ; Mon, 27 Jul 2015 05:37:58 -0700
X-SID: xQdy1q0035FFQy901
Received: (qmail 20760 invoked by uid 99); 27 Jul 2015 12:37:58 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 67.213.218.74
User-Agent: Workspace Webmail 5.15.0
Message-ID: <20150727053756.5fb39ab8a7c47f52f9eaa301298976fa.6966a96260.wbe@email10.secureserver.net>
From: Jeremy  <jeremy@businesstest.org>
X-Sender: kiko@nameplateamerica.com
Reply-To: Jeremy Badmitten <boardmanagement47@gmail.com>
To: <program@businesstest.org>
CC: <program@businesstest.org>
Subject: Request
Date: Mon, 27 Jul 2015 05:37:56 -0700
MIME-Version: 1.0
Return-Path: kiko@nameplateamerica.com
X-MS-Exchange-Organization-Network-Message-Id: 524fc9d0-eb66-43ab-294b-08d2968034f2
X-EOPAttributedMessage: 0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Matching-Connectors: 130824742801239047;(8cea95d8-89c9-4167-90d4-08d283062957);()
X-Forefront-Antispam-Report: CIP:97.74.135.184;CTRY:US;IPV:CAL;IPV:NLI;EFV:NLI;SFV:SPM;SFS:(6009001)(2980300002)(428002)(189002)(43544003)(199003)(55666002)(23846002)(16796002)(189998001)(62966003)(450100001)(77156002)(23676002)(54356999)(50986999)(5001970100001)(4001350100001)(4000960100001)(53806999)(4001600100001)(90146999)(101416001)(110136002)(56816999)(6806004)(42186005)(93046001)(83506001)(2351001)(103116003)(50466002)(106466001)(105586002)(63326003)(66066001)(17816001)(111066002)(118296001)(87836001)(43066003)(45826003)(229853001)(33646002)(558084003)(221733001)(46102003)(26826002)(3810500003);DIR:INB;SFP:;SCL:5;SRVR:CY1PR0101MB1465;H:p3plwbeout10-02.prod.phx3.secureserver.net;FPR:;SPF:None;MLV:nov;MX:1;A:1;PTR:p3plsmtp10-02-2.prod.phx3.secureserver.net;LANG:;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0101MB1465;
X-MS-Exchange-Organization-AVStamp-Service: 1.0
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(3002001);SRVR:CY1PR0101MB1465;BCL:0;PCL:0;RULEID:;SRVR:CY1PR0101MB1465;
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2015 12:37:59.9211
 (UTC)
X-MS-Exchange-CrossTenant-Id: 119905f8-d651-40d7-a9d5-b6f87a4de10e
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0101MB1465
X-MS-Exchange-Organization-AuthSource: BL2FFO11OLC003.protection.gbl
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:18.3139051
X-Microsoft-Exchange-Diagnostics:
      1;BL2FFO11OLC003;1:bMjKsSzor7PiW058yHatjWlJdTgQ6M1aSh7/COmC9JkV4L9W3bMY6Tj8kiL3T+knFiM7yQwFCdnImryK9KrgHYgMgo+4LjJZ72UryCEBYcq4jUFIUXFdsnvGUsBQ1d5d+hhp811y3X6iAhCoQT/4Wa4WrSo7sb9C0SfYn+/iJ/uraHor1SLn/aTBwe3VNx1ka/5rI/SICUKRckQNJsCs4YpWCSj/ctLwJrgvN+byfE9nTOq9SBzbZuqQxr8LhUvqY9SelIkzfSK0r44pdOyLIs2RcpbgGsUS6orfvVkLXMY=
X-Microsoft-Exchange-Diagnostics:
      1;CY1PR0101MB1465;2:V1TNtJw6FIcsz/SXPAdiRL/wuedNfg4N3XUqj+DFoWv1H6acnKvwKmPN4QsjcUSsefDg6BzrEhwaDO9vsNix+MKjBKVeTI4SvjnQ99pJ6WqeQQZtBZHkOXKG9nohSos3zXbwo6z2nWk9rgcxPSF29gNrN+win6Q1zWOKQyKtGeA=;3:He0U7UJy4+hMK7ogitlivwUfSYvo615bA+wpFwz0WHo/ynV7lTrFyOa/3Iqjf9CNPJ6bWdXUH34oLkZ3RIFjRfM/osx66UWRUkwqYPVoB5k86G9uAr/WOr9Lgbkh1YYPhaBwfxyIJBEB0gTaSS+FkAQkdlx7h4LF8cW3pO6BhTrVkNglUkl6Nl3If9MWLJpXA99Mp1FTVoXzP+jUbPJjnJG9i2dFPayWXUaJS24pMDQ=;25:W7uCdITfCcfjKkSBlAb0U+OgEP/ANtRekZ/MSK75Tt/wf8MOhrXz2U6PuKWKQNv1bruaqNP974dIbPrDMuH0EMBE58NuC2r0pVFFfjwLBidTCtNtVmZP1wFIig+2tXmeXJt+0SUcgaR+VG6bQNYQcV0RDmEl+PyU1SHF/MvETVhU6pLplPAC7jdxESRV7g2yK9JwpteleZIR6CCyTG1ZfjgPOnsKV2zBO3v/4f7MRUGxYPOdYFiVi5aAtMPnS7Hmk9NpwGrOdF94X8hztSmoWA==
X-Microsoft-Exchange-Diagnostics:
      1;CY1PR0101MB1465;4:ls9GW6Ggumi/49xiqZ5pj8Ha+h5QIxlS6J/81gLXtJgKvkqRO3p8Co02jSqHx0AOWfzJ7xFpIMeYu8irrYw8ysJscCOFJDLnMrRF8CP64N7S/T1OmsyFUldEJ6wj2rFQEpRMpMRNvh3P5qwRFBK7ztyordccBhQsTYzL4C9fKfNwezoBy0cO0ytV+YX/b80Z6Vm5hXNEL/9mHfnn3I1k2y/CNCF9iXwdSByLY4GWU77YzwuqnMLO3TFHNJ+adgan7xktwk/PN6ztrTIf+OnYUA==
X-Microsoft-Exchange-Diagnostics:
      =?us-ascii?Q?1;CY1PR0101MB1465;23:SQv247Oeghga0y8vo/+1dNUCHqKDjTle8ZFgXYT?=
 =?us-ascii?Q?06MA4vc++l28JuttnFxbBm+RESW2y7B6ZgadWDLkvPIb9BU0TGDaobvBPvh6?=
 =?us-ascii?Q?Xq5I5TB1xzmM3dbdOkT47E4vqPyvimLhyETHzRclPGikPqmeO7tKM2WZ9asW?=
 =?us-ascii?Q?smjItvpcAovpoe5LbgQ0NjU8GIZ1RzSblESw0zRknnFTFDEQPIVJaVSe5rId?=
 =?us-ascii?Q?5GQmzygevwBVNZ8ADQmW6jx+YwTGsM0poFt7BoRmOmVQMBfor7/RWkzTPdOB?=
 =?us-ascii?Q?VXbmEbYRqOHMenEv63XZUrfEZr5NbmRSN3HngFnXpJycZBI6xJQ4QIefP7/j?=
 =?us-ascii?Q?Dwkl7ALtDkmqLcP8HABnmM9dZtYCv8KRyUJpVhJABm8XH9B5WaEQV9EvGH7f?=
 =?us-ascii?Q?mh6vQqgx5hWJ32UMLG3Vh1a8KxBKBDEQeGIr8Y6q6nfdWYnQivaoZoeSQg22?=
 =?us-ascii?Q?QDyqvHX6yqSVaD1Oxd0nKyXeNfYqPoQ0Frw3DqJIVXdaFZojpmV6ILF3MuOo?=
 =?us-ascii?Q?9q16LkNy3fgB+Ptl49pShGWg32I2aV12JJaw+KeWiDasSh0lDOCbufazt7Lc?=
 =?us-ascii?Q?rxPaWsKzg68ehVyblWwAuvnxqFeVsTXVRqoVBJ2Mz5XIsE1DGRxk0qQKtoUr?=
 =?us-ascii?Q?RyTrRs79ir9exDmrqV1tX7oaYXxGjzHSYGPU3Nguzq+/dj2bj/jXqjAIG9GG?=
 =?us-ascii?Q?GSKeE+NO/2OrY5w5fIxzfwmlLPM11oVzP+lTNmmr55xV0X9ypUgHQsSvdJZl?=
 =?us-ascii?Q?TVcYr0a5Hx/QXXHmrz4hI6U/3tEcNocBzhrE03jxYnXq00hGmKf7ZUBCgtbB?=
 =?us-ascii?Q?LVl9hHCxkQejlAKhRmtkVIwVzhX3m9IDbkzOpDLQIy6fBrUI3D52T4gnnHZ9?=
 =?us-ascii?Q?VH3P6cd88HSsSTs+59OFA70HLid7VzzUoSPy4crvDlYSrh/NPnaDIAxY4XjO?=
 =?us-ascii?Q?KfRZPBh/QF/iLVkiV82kdoOj67/tab7oNnfRQatKityfQygrt052ws2z+EX6?=
 =?us-ascii?Q?fxKCD/allbkpS7JxUPoKN5T3me0k77n3ctJ1XakX1ao0OQQDGgK42RcqUqhh?=
 =?us-ascii?Q?BFDSVMPzmJ6dqHt42q0YsQ29ZMxadVEG9DoOH/gB1NMzgDsp1ikgoSX7hUP3?=
 =?us-ascii?Q?yPLM/XToeWettmENzBTOyrWTUmo2sIzWMxGsiDCpx7lXSL8IVYW3yQ6cY9DS?=
 =?us-ascii?Q?LZU6VwvfMC/5BzjwQ4aOpp/7K5u8NX2dfPCoN56py97FGQXf+GJk2g2nBrC6?=
 =?us-ascii?Q?t/1wG+NNGqBGOTmjgCrLH5qQ5pP+/STiQ62/DOH6VzCezlqT47rbNpDDl8tW?=
 =?us-ascii?Q?ZLoDFRSmXzyMSTvCKkXZjeLGUZ3LKYKmm/6oKSCLfKNTz?=
X-Microsoft-Exchange-Diagnostics:
      1;CY1PR0101MB1465;5:B14qkVjbj2gL1/6ntYR6NKVbsuzZV85y2V2pfI78TTHEEgRrb3F1k6QhNu8Un0UrVnlcooMImiy7nf3aHvKhBTVc7xdafjJd82RMc61e/sK1bWU4T5WWs8ZQR7OZugou6Gbz+l2ayyLRYZwm6IMiOg==;24:zvOUmjtroaX3Gboh5/DVRCxUJhqDPTeZ+bBrbGiJTRu2y/RK0jjJ9uPH/yXWXeCl52OHg8m3qD0obTswgO5SIw==;20:yIvCHalqI6GZIkO3B23ksqKUqaxAlf+awuEQNb5xQpVcNXE1r8/vLMBFt4fdylmIEm/6MaIRQ1uPKrfwnX8TYQ==;9:5sKlJVUd/tuUXm24hI9h8uIIuR+YsxORiyGqtkM4DmVl61Y6PRTH7FpLOyIEthiMnuSbu2Tcy5zvj9btPdxCtSARPAIGpscku759kEGECD8vSF/XWNuQKaG43aEElD4h
HardwareDudeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DMTechGrooupCommented:
Are your email address for executives on a public website? Would most likely not be compromised.  We get similar emails every now and then with the same text.
0
Simon Butler (Sembee)ConsultantCommented:
That email came from outside.
Received: from localhost ([97.74.135.243])
       by p3plwbeout10-02.prod.phx3.secureserver.net with bizsmtp

Bounced off GoDaddy's systems by the looks of it.
The email originated from some outfit called Hosting Services, so probably a bot.

Most companies use a standard address format and the officers information is public information, so pretty easy to target.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.