Ted James
asked on
Email security problem
I am curious about a possible security hole in my email accounts. I recently received an email on my work email that APPEARED to come from on old personal email that I used to have. I opened it and saw that it was a phishing attempt, providing a link to get to some "cool stuff". (And my old email actually was not the source, the source came from someone else, but the heading and the name was the same unique name as my old email account.) I did not click on the link and then deleted the email. My work email runs on Microsoft Exchange if that info is of any use. I have several questions about this and am hoping there are some security experts that can answer them.
1. By not clicking on the suspicious link, I believe that I did not put myself, nor my computer nor my company in danger of some kind of security hack, am I right?
2. Or is it possible that I may have an issue just by opening the email, even though I did not click on the link?
3. How is it that an old personal email, that I hadn't used in a while, appear to be the source? I did not ever link the two emails together, nor did I even use my name on the old personal email when I opened it. That old email account is still open, I never closed it, but I don't remember the last time I ever used it.
I am anxious to find out because I would like to get into the email security business and this event triggered my interest even more. In addition to these questions being answered if someone can add some links or docs about securing email I would appreciate it.
Thank you
1. By not clicking on the suspicious link, I believe that I did not put myself, nor my computer nor my company in danger of some kind of security hack, am I right?
2. Or is it possible that I may have an issue just by opening the email, even though I did not click on the link?
3. How is it that an old personal email, that I hadn't used in a while, appear to be the source? I did not ever link the two emails together, nor did I even use my name on the old personal email when I opened it. That old email account is still open, I never closed it, but I don't remember the last time I ever used it.
I am anxious to find out because I would like to get into the email security business and this event triggered my interest even more. In addition to these questions being answered if someone can add some links or docs about securing email I would appreciate it.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The email was spoofed and spam filters catch most of this.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So the present danger is that I "alerted" the source that my email is active and that I opened it and can be a target in the future. That alone is good to know.
But what if I clicked on that link? What further could have happened?
But what if I clicked on that link? What further could have happened?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My spammer used one of the other methods you allude to. Because the name on my work email is nowhere close to being the name on my old personal email, and my name is not on the personal email. How did they do that correlation?
Look in the Headers, Message ID to find where they were coming from. They spoof the addresses and obfuscate that. You need a GOOD spam filter to stop this.
ASKER
Still don't know...how did they know the correlation between the work email which has my name on it, and the personal email that did not have my name on it?
I was tricked into opening the email because it had the name of the old but recognizable email as the phony "source".
I was tricked into opening the email because it had the name of the old but recognizable email as the phony "source".
...how did they know the correlation between the work email which has my name on it, and the personal email that did not have my name on it?Why do you think there is any "correlation"? Most likely, your old address was farmed from someone's address book. That entry could have been there for years. And sometime recently that person received an e-mail from your new work address.
So, the spam process is using e-mail addresses from an address book to send spam to other addresses in that address book. If you could look at the spam received by every address in that address book, you'd likely find that many of them also received items appearing to come from your old address.
No "correlation". Just one farmed address being used to send to another farmed address.
BTW, the address book could have had either or both addresses added to it automatically, perhaps even by receiving spam that used those addresses. The owner of the address book might be someone with no functional relationship to you.
ASKER
Sorry I've been out of commission for a while. Thank you for your inputs.
ASKER
Still, it's crazy that it looked like it came from the personal email even though I didn't put any personal info in that email setup.
Plus, I hope I didn't create any problems with my company's email.