Solved

Email being hacked

Posted on 2016-08-16
10
78 Views
Last Modified: 2016-08-17
Hey Guys/Gals -
I need your understanding on an email being hacked. My client had his Google account severely compromised about a year ago. His account was actually accessed from Siberia.

He recently was notified through a friend that he had received an email looking as if it came from him. This time, however, the email was not from his gmail account, they just used his name @central.ces.edu. He said some of the people it was sent to were from his contact list but not all.

Do you feel his gmail email account has been hacked or simply leftovers from the earlier event?

I did have him change his password.

What are your ideas and suggestions?

Thank you,
Mags
0
Comment
Question by:MagsMcKinley14
10 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 41758036
0
 

Author Comment

by:MagsMcKinley14
ID: 41758048
Thanks for the idea pjam but it is not a Google Apps account.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 115 total points
ID: 41758075
Doing a simple domain check on "central.ces.edu" failed this quick litmus test of valid host under the legit domain
No MX records exist within the zone. This is legal, but if you want to receive E-mail on this domain, you should have MX record(s). The program can't continue in a case like this, so we are assuming you don't receive mail on this domain.


The domain literal has an address record, the records found are:
central.ces.edu. | 144.50.155.222 | 86400

We were unable to connect to any of your WWW addresses listed. Users will be unable to access your site until this is resolved.
144.50.155.222 : connection failed
http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=central.ces.edu

Furthermore, since this source domain does not have an SPF record, nor an SPF formatted TXT record. I am not surprised if the accounts is spoof and send using an open email rely, may be good to  check the email header to trace the server that it got pass on to eventually reach the recipient.

.. also good to see any red flag in the email such as if there are sign of phishing and if there are URL and attachment - those are further artefact to check against online scanner like Virustotal. Best to report to the Local LE or scam alert authority or anti-phishing community for further assistance
1
 
LVL 11

Assisted Solution

by:Missus Miss_Sellaneus
Missus Miss_Sellaneus earned 115 total points
ID: 41758076
It must be a leftover. If it was hacked (again), they would have sent it from his account. I use Gmail, and every time I access any Google account from a different IP address, Google sends an email to let me know. (Which to me, is almost as annoying as how it makes me "verify" my account every time I do so!)

If your client's account is ever accessed from an unusual IP address, he'll get the same email. The subject of the email will start with "New sign-in from". He needs to watch for those emails and make sure they don't go to the junk folder.
1
 
LVL 51

Expert Comment

by:Joe Winograd, EE MVE
ID: 41758097
Hi Mags,
This is a good article on that subject:
Email Hacked? 7 Things You Need to do NOW

I always recommend this article to folks whose emails have been hacked. Regards, Joe
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 87

Assisted Solution

by:rindi
rindi earned 115 total points
ID: 41758146
They probably got your address book the last time they had access to the account. Once the address book is out in the wild, there isn't much you can do other than change your email address, so at least you won't be associated with the mails, provided your people know of the address change.

Do make sure that you warn the friends who got mails that didn't originate from you that they don't read them, as they will likely have a malware payload.
1
 

Author Comment

by:MagsMcKinley14
ID: 41758202
Thanks for all the helpful advice guys...I'll be in touch later this afternoon!
0
 
LVL 6

Accepted Solution

by:
Wayne Herbert earned 155 total points
ID: 41758470
I doubt his email account has been hacked but his email address has been spoofed.
 
If the recipient of the bum email were to look at the headers in the email he received, I bet money the initiating mail server has nothing to do with your client or his email; further, were you to try to resolve the email server, you'll either get something invalid, or something in China or Romania that you're not going to be able to track anyway.
 
How someone got the email address/name to do the spoofing is another question... bought and sold lists or perhaps your client was on someone else's contact list that was compromised.
1
 

Author Closing Comment

by:MagsMcKinley14
ID: 41759523
Thank you so much for all your help. I learned a lot and was able to educated my client as well!
Warmly,
Mags
0
 
LVL 51

Expert Comment

by:Joe Winograd, EE MVE
ID: 41759544
> Thank you so much for all your help.

You're very welcome. Happy to help. Glad you learned a lot. You may want to read this article:
How do I accept multiple comments as my solution?

Regards, Joe
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now