Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Email being hacked

Posted on 2016-08-16
10
Medium Priority
?
128 Views
Last Modified: 2016-08-17
Hey Guys/Gals -
I need your understanding on an email being hacked. My client had his Google account severely compromised about a year ago. His account was actually accessed from Siberia.

He recently was notified through a friend that he had received an email looking as if it came from him. This time, however, the email was not from his gmail account, they just used his name @central.ces.edu. He said some of the people it was sent to were from his contact list but not all.

Do you feel his gmail email account has been hacked or simply leftovers from the earlier event?

I did have him change his password.

What are your ideas and suggestions?

Thank you,
Mags
0
Comment
Question by:Mags
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 41758036
0
 

Author Comment

by:Mags
ID: 41758048
Thanks for the idea pjam but it is not a Google Apps account.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 460 total points
ID: 41758075
Doing a simple domain check on "central.ces.edu" failed this quick litmus test of valid host under the legit domain
No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.


The domain literal has an address record, the records found are:
central.ces.edu. | 144.50.155.222 | 86400

We were unable to connect to any of your WWW addresses listed. Users will be unable to access your site until this is resolved.
144.50.155.222 : connection failed
http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=central.ces.edu

Furthermore, since this source domain does not have an SPF record, nor an SPF formatted TXT record. I am not surprised if the accounts is spoof and send using an open email rely, may be good to  check the email header to trace the server that it got pass on to eventually reach the recipient.

.. also good to see any red flag in the email such as if there are sign of phishing and if there are URL and attachment - those are further artefact to check against online scanner like Virustotal. Best to report to the Local LE or scam alert authority or anti-phishing community for further assistance
1
Protect Your Retail Business and Reputation

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for an informative webinar to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

 
LVL 12

Assisted Solution

by:Missus Miss_Sellaneus
Missus Miss_Sellaneus earned 460 total points
ID: 41758076
It must be a leftover. If it was hacked (again), they would have sent it from his account. I use Gmail, and every time I access any Google account from a different IP address, Google sends an email to let me know. (Which to me, is almost as annoying as how it makes me "verify" my account every time I do so!)

If your client's account is ever accessed from an unusual IP address, he'll get the same email. The subject of the email will start with "New sign-in from". He needs to watch for those emails and make sure they don't go to the junk folder.
1
 
LVL 55

Expert Comment

by:Joe Winograd, EE MVE 2015&2016
ID: 41758097
Hi Mags,
This is a good article on that subject:
Email Hacked? 7 Things You Need to do NOW

I always recommend this article to folks whose emails have been hacked. Regards, Joe
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 460 total points
ID: 41758146
They probably got your address book the last time they had access to the account. Once the address book is out in the wild, there isn't much you can do other than change your email address, so at least you won't be associated with the mails, provided your people know of the address change.

Do make sure that you warn the friends who got mails that didn't originate from you that they don't read them, as they will likely have a malware payload.
1
 

Author Comment

by:Mags
ID: 41758202
Thanks for all the helpful advice guys...I'll be in touch later this afternoon!
0
 
LVL 7

Accepted Solution

by:
Wayne Herbert earned 620 total points
ID: 41758470
I doubt his email account has been hacked but his email address has been spoofed.
 
If the recipient of the bum email were to look at the headers in the email he received, I bet money the initiating mail server has nothing to do with your client or his email; further, were you to try to resolve the email server, you'll either get something invalid, or something in China or Romania that you're not going to be able to track anyway.
 
How someone got the email address/name to do the spoofing is another question... bought and sold lists or perhaps your client was on someone else's contact list that was compromised.
1
 

Author Closing Comment

by:Mags
ID: 41759523
Thank you so much for all your help. I learned a lot and was able to educated my client as well!
Warmly,
Mags
0
 
LVL 55

Expert Comment

by:Joe Winograd, EE MVE 2015&2016
ID: 41759544
> Thank you so much for all your help.

You're very welcome. Happy to help. Glad you learned a lot. You may want to read this article:
How do I accept multiple comments as my solution?

Regards, Joe
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question