Solved

Email being hacked

Posted on 2016-08-16
10
92 Views
Last Modified: 2016-08-17
Hey Guys/Gals -
I need your understanding on an email being hacked. My client had his Google account severely compromised about a year ago. His account was actually accessed from Siberia.

He recently was notified through a friend that he had received an email looking as if it came from him. This time, however, the email was not from his gmail account, they just used his name @central.ces.edu. He said some of the people it was sent to were from his contact list but not all.

Do you feel his gmail email account has been hacked or simply leftovers from the earlier event?

I did have him change his password.

What are your ideas and suggestions?

Thank you,
Mags
0
Comment
Question by:MagsMcKinley14
10 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 41758036
0
 

Author Comment

by:MagsMcKinley14
ID: 41758048
Thanks for the idea pjam but it is not a Google Apps account.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 115 total points
ID: 41758075
Doing a simple domain check on "central.ces.edu" failed this quick litmus test of valid host under the legit domain
No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.


The domain literal has an address record, the records found are:
central.ces.edu. | 144.50.155.222 | 86400

We were unable to connect to any of your WWW addresses listed. Users will be unable to access your site until this is resolved.
144.50.155.222 : connection failed
http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=central.ces.edu

Furthermore, since this source domain does not have an SPF record, nor an SPF formatted TXT record. I am not surprised if the accounts is spoof and send using an open email rely, may be good to  check the email header to trace the server that it got pass on to eventually reach the recipient.

.. also good to see any red flag in the email such as if there are sign of phishing and if there are URL and attachment - those are further artefact to check against online scanner like Virustotal. Best to report to the Local LE or scam alert authority or anti-phishing community for further assistance
1
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 11

Assisted Solution

by:Missus Miss_Sellaneus
Missus Miss_Sellaneus earned 115 total points
ID: 41758076
It must be a leftover. If it was hacked (again), they would have sent it from his account. I use Gmail, and every time I access any Google account from a different IP address, Google sends an email to let me know. (Which to me, is almost as annoying as how it makes me "verify" my account every time I do so!)

If your client's account is ever accessed from an unusual IP address, he'll get the same email. The subject of the email will start with "New sign-in from". He needs to watch for those emails and make sure they don't go to the junk folder.
1
 
LVL 52

Expert Comment

by:Joe Winograd, EE MVE
ID: 41758097
Hi Mags,
This is a good article on that subject:
Email Hacked? 7 Things You Need to do NOW

I always recommend this article to folks whose emails have been hacked. Regards, Joe
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 115 total points
ID: 41758146
They probably got your address book the last time they had access to the account. Once the address book is out in the wild, there isn't much you can do other than change your email address, so at least you won't be associated with the mails, provided your people know of the address change.

Do make sure that you warn the friends who got mails that didn't originate from you that they don't read them, as they will likely have a malware payload.
1
 

Author Comment

by:MagsMcKinley14
ID: 41758202
Thanks for all the helpful advice guys...I'll be in touch later this afternoon!
0
 
LVL 6

Accepted Solution

by:
Wayne Herbert earned 155 total points
ID: 41758470
I doubt his email account has been hacked but his email address has been spoofed.
 
If the recipient of the bum email were to look at the headers in the email he received, I bet money the initiating mail server has nothing to do with your client or his email; further, were you to try to resolve the email server, you'll either get something invalid, or something in China or Romania that you're not going to be able to track anyway.
 
How someone got the email address/name to do the spoofing is another question... bought and sold lists or perhaps your client was on someone else's contact list that was compromised.
1
 

Author Closing Comment

by:MagsMcKinley14
ID: 41759523
Thank you so much for all your help. I learned a lot and was able to educated my client as well!
Warmly,
Mags
0
 
LVL 52

Expert Comment

by:Joe Winograd, EE MVE
ID: 41759544
> Thank you so much for all your help.

You're very welcome. Happy to help. Glad you learned a lot. You may want to read this article:
How do I accept multiple comments as my solution?

Regards, Joe
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
change password links 7 85
Current Mac OS X Network Profiles and Firewall 5 51
php extract($_REQUEST) 5 44
what is the best antivirus or internet security for windows 10 8 54
The 21st century solution to antiquated pagers.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now