Solved

Email being hacked

Posted on 2016-08-16
10
118 Views
Last Modified: 2016-08-17
Hey Guys/Gals -
I need your understanding on an email being hacked. My client had his Google account severely compromised about a year ago. His account was actually accessed from Siberia.

He recently was notified through a friend that he had received an email looking as if it came from him. This time, however, the email was not from his gmail account, they just used his name @central.ces.edu. He said some of the people it was sent to were from his contact list but not all.

Do you feel his gmail email account has been hacked or simply leftovers from the earlier event?

I did have him change his password.

What are your ideas and suggestions?

Thank you,
Mags
0
Comment
Question by:Mags
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 41758036
0
 

Author Comment

by:Mags
ID: 41758048
Thanks for the idea pjam but it is not a Google Apps account.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 115 total points
ID: 41758075
Doing a simple domain check on "central.ces.edu" failed this quick litmus test of valid host under the legit domain
No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.


The domain literal has an address record, the records found are:
central.ces.edu. | 144.50.155.222 | 86400

We were unable to connect to any of your WWW addresses listed. Users will be unable to access your site until this is resolved.
144.50.155.222 : connection failed
http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=central.ces.edu

Furthermore, since this source domain does not have an SPF record, nor an SPF formatted TXT record. I am not surprised if the accounts is spoof and send using an open email rely, may be good to  check the email header to trace the server that it got pass on to eventually reach the recipient.

.. also good to see any red flag in the email such as if there are sign of phishing and if there are URL and attachment - those are further artefact to check against online scanner like Virustotal. Best to report to the Local LE or scam alert authority or anti-phishing community for further assistance
1
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 12

Assisted Solution

by:Missus Miss_Sellaneus
Missus Miss_Sellaneus earned 115 total points
ID: 41758076
It must be a leftover. If it was hacked (again), they would have sent it from his account. I use Gmail, and every time I access any Google account from a different IP address, Google sends an email to let me know. (Which to me, is almost as annoying as how it makes me "verify" my account every time I do so!)

If your client's account is ever accessed from an unusual IP address, he'll get the same email. The subject of the email will start with "New sign-in from". He needs to watch for those emails and make sure they don't go to the junk folder.
1
 
LVL 54

Expert Comment

by:Joe Winograd, EE MVE 2015&2016
ID: 41758097
Hi Mags,
This is a good article on that subject:
Email Hacked? 7 Things You Need to do NOW

I always recommend this article to folks whose emails have been hacked. Regards, Joe
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 115 total points
ID: 41758146
They probably got your address book the last time they had access to the account. Once the address book is out in the wild, there isn't much you can do other than change your email address, so at least you won't be associated with the mails, provided your people know of the address change.

Do make sure that you warn the friends who got mails that didn't originate from you that they don't read them, as they will likely have a malware payload.
1
 

Author Comment

by:Mags
ID: 41758202
Thanks for all the helpful advice guys...I'll be in touch later this afternoon!
0
 
LVL 6

Accepted Solution

by:
Wayne Herbert earned 155 total points
ID: 41758470
I doubt his email account has been hacked but his email address has been spoofed.
 
If the recipient of the bum email were to look at the headers in the email he received, I bet money the initiating mail server has nothing to do with your client or his email; further, were you to try to resolve the email server, you'll either get something invalid, or something in China or Romania that you're not going to be able to track anyway.
 
How someone got the email address/name to do the spoofing is another question... bought and sold lists or perhaps your client was on someone else's contact list that was compromised.
1
 

Author Closing Comment

by:Mags
ID: 41759523
Thank you so much for all your help. I learned a lot and was able to educated my client as well!
Warmly,
Mags
0
 
LVL 54

Expert Comment

by:Joe Winograd, EE MVE 2015&2016
ID: 41759544
> Thank you so much for all your help.

You're very welcome. Happy to help. Glad you learned a lot. You may want to read this article:
How do I accept multiple comments as my solution?

Regards, Joe
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month6 days, 2 hours left to enroll

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question