spam email coming from user account

Hello, I have a lady in the office that receive an email from another employee asking a question, she responds to the email and another email come back with her response and requesting she sends her company credit card, we are all in the same office so she got up to ask and he had never sent her an email nor does her email show up in his inbox..... Hopefully this make sense.  The emails that was sent had, sent from Iphone on the bottom of the email and he does use his Iphone to send and receive company email, they are both on the same domain  ... Any suggestions to find out whats going on

The email is hosted with google so I looked at the access log and it only shows the users mac and his Iphone
also I changed his email password
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pawan KumarDatabase ExpertCommented:
Never share these kind of stuff with anyone with email or via phone. Tracking will not help.

Block everything and complaint to police about the same, It may be a fraud.

Banks/organizations never asks these kind of information.
Deerek11Author Commented:
The question came from one of our employees within the company. Are there steps I need to take for security
Pawan KumarDatabase ExpertCommented:
Yes, please block the card information first.

Then inform the bank about the same.

Please lodge a complaint with the police about the same.

That should be all.
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Deerek11Author Commented:
She never sent any information about the credit card .... she got up from her desk to see if it was real because of the second email requesting card info the first email just asked are you in the office....
Pawan KumarDatabase ExpertCommented:
Great ! then ask her not to to reply on the second email and just ignore it.
Pawan KumarDatabase ExpertCommented:
@Author - I think we can close this question. Could you please mark one answer as accepted solution and close the question if you have no further question. :)

Thank you !
The message didn't come from the person you thought it was. The crooks spoof mail addresses that look like it came from your office, but it is an external source. If you check the headers of the email you should see that it actually came from somewhere else.

Most of the time they will just guess different mail addresses and hope that one of them fits. But it is relatively unlikely that they will get 2 addresses right. If that happens, a PC in your environment has already been compromised and they were able to get your address lists, so you should thoroughly scan all your PC's for malware and get rid of it. Or maybe a PC of one of your clients who has your email addresses has been compromised, in which case you can't do much except maybe warn your clients after you have found that your environment is clean, that it is possible they have malware and should check for it too. Another reason could be that your emails have been published on your website and are publicly available. In that case you can't do much apart from using really good spam filters.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Clients

From novice to tech pro — start learning today.