• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 145
  • Last Modified:

Email being hacked

Hey Guys/Gals -
I need your understanding on an email being hacked. My client had his Google account severely compromised about a year ago. His account was actually accessed from Siberia.

He recently was notified through a friend that he had received an email looking as if it came from him. This time, however, the email was not from his gmail account, they just used his name @central.ces.edu. He said some of the people it was sent to were from his contact list but not all.

Do you feel his gmail email account has been hacked or simply leftovers from the earlier event?

I did have him change his password.

What are your ideas and suggestions?

Thank you,
Mags
0
Mags
Asked:
Mags
4 Solutions
 
MagsOwnerAuthor Commented:
Thanks for the idea pjam but it is not a Google Apps account.
0
 
btanExec ConsultantCommented:
Doing a simple domain check on "central.ces.edu" failed this quick litmus test of valid host under the legit domain
No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.


The domain literal has an address record, the records found are:
central.ces.edu. | 144.50.155.222 | 86400

We were unable to connect to any of your WWW addresses listed. Users will be unable to access your site until this is resolved.
144.50.155.222 : connection failed
http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=central.ces.edu

Furthermore, since this source domain does not have an SPF record, nor an SPF formatted TXT record. I am not surprised if the accounts is spoof and send using an open email rely, may be good to  check the email header to trace the server that it got pass on to eventually reach the recipient.

.. also good to see any red flag in the email such as if there are sign of phishing and if there are URL and attachment - those are further artefact to check against online scanner like Virustotal. Best to report to the Local LE or scam alert authority or anti-phishing community for further assistance
1
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Missus Miss_SellaneusCommented:
It must be a leftover. If it was hacked (again), they would have sent it from his account. I use Gmail, and every time I access any Google account from a different IP address, Google sends an email to let me know. (Which to me, is almost as annoying as how it makes me "verify" my account every time I do so!)

If your client's account is ever accessed from an unusual IP address, he'll get the same email. The subject of the email will start with "New sign-in from". He needs to watch for those emails and make sure they don't go to the junk folder.
1
 
Joe Winograd, EE MVE 2015&2016DeveloperCommented:
Hi Mags,
This is a good article on that subject:
Email Hacked? 7 Things You Need to do NOW

I always recommend this article to folks whose emails have been hacked. Regards, Joe
0
 
rindiCommented:
They probably got your address book the last time they had access to the account. Once the address book is out in the wild, there isn't much you can do other than change your email address, so at least you won't be associated with the mails, provided your people know of the address change.

Do make sure that you warn the friends who got mails that didn't originate from you that they don't read them, as they will likely have a malware payload.
1
 
MagsOwnerAuthor Commented:
Thanks for all the helpful advice guys...I'll be in touch later this afternoon!
0
 
Wayne HerbertIT SpecialistCommented:
I doubt his email account has been hacked but his email address has been spoofed.
 
If the recipient of the bum email were to look at the headers in the email he received, I bet money the initiating mail server has nothing to do with your client or his email; further, were you to try to resolve the email server, you'll either get something invalid, or something in China or Romania that you're not going to be able to track anyway.
 
How someone got the email address/name to do the spoofing is another question... bought and sold lists or perhaps your client was on someone else's contact list that was compromised.
1
 
MagsOwnerAuthor Commented:
Thank you so much for all your help. I learned a lot and was able to educated my client as well!
Warmly,
Mags
0
 
Joe Winograd, EE MVE 2015&2016DeveloperCommented:
> Thank you so much for all your help.

You're very welcome. Happy to help. Glad you learned a lot. You may want to read this article:
How do I accept multiple comments as my solution?

Regards, Joe
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now