Email security problem

Posted on 2016-10-09
Medium Priority
Last Modified: 2016-10-29
I am curious about a possible security hole in my email accounts.  I recently received an email on my work email that APPEARED to come from on old personal email that I used to have.     I opened it and saw that it was a phishing attempt, providing a link to get to some "cool stuff".   (And my old email actually was not the source, the source came from someone else, but the heading and the name was the same unique name as my old email account.)   I did not click on the link and then deleted the email.  My work email runs on Microsoft Exchange if that info is of any use.  I have several questions about this and am hoping there are some security experts that can answer them.

1.  By not clicking on the suspicious link, I believe that I did not put myself, nor my computer nor my company in danger of some kind of security hack, am I right?

2.  Or is it possible that I may have an issue just by opening the email, even though I did not click on the link?

3.  How is it that an old personal email, that I hadn't used in a while, appear to be the source?  I did not ever link the two emails together, nor did I even use my name on the old personal email when I opened it.  That old email account is still open, I never closed it, but I don't remember the last time I ever used it.

I am anxious to find out because I would like to get into the email security business and this event triggered my interest even more.  In addition to these questions being answered if someone can add some links or docs about securing email I would appreciate it.

Thank you
Question by:Ted James
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 97

Accepted Solution

Experienced Member earned 668 total points (awarded by participants)
ID: 41835958
I see these all the time. They get caught in my spam filter. You need to put a GOOD spam filter in front of your Exchange system. Consider Barracuda or like.  Otherwise you will go nuts trying to stop it all.

Author Comment

by:Ted James
ID: 41835969
The spam filter would be the responsibility of the company I work for.  So I should ask them (the IT department) about the filter they use.  Good idea.

Still, it's crazy that it looked like it came from the personal email even though I didn't put any personal info in that email setup.

Plus, I hope I didn't create any problems with my company's email.
LVL 97

Expert Comment

by:Experienced Member
ID: 41835976
The email was spoofed and spam filters catch most of this.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 28

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 668 total points (awarded by participants)
ID: 41836002
is it possible that I may have an issue just by opening the email, even though I did not click on the link?

If you read email using an HTML-compliant reader instead of a text-only reader, then the answer is yes.  Spam and phishing email usually includes an invisible one-pixel image, the name of which is unique to your email address.  When an HTML-compliant reader opens the email, your reader fetches that one-pixel image from the spammer's web site.  This tells the sender that you opened the email and read it.  That confirms your email address is active, which gets you on a target list that will be sold to other spammers and phishers.  Since you opened the email, it also suggests to the sender that you may be a good candidate for future attempts.

If your email reader can not be set to text-only, but can block inline images until you approve seeing them, I suggest turning that option on.

Author Comment

by:Ted James
ID: 41836262
So the present danger is that I "alerted" the source that my email is active and that I opened it and can be a target in the future.  That alone is good to know.

But what if I clicked on that link?  What further could have happened?
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 664 total points (awarded by participants)
ID: 41836286
1. As long as you don't click on the link, you're usually Okay.
2. Outlook is configured to prevent downloading images without consent by default, so unless you've modified that behavior, the alerting method mentioned wouldn't have succeeded.
3. There are any number of methods spammers can use to get email addresses. One possible explanation is if the email address they spoofed has the same thing in front of the @ sign as your old personal address. So if you have bobc@gmail.com as your old email and your work email is also bobc@company.com, they wouldn't have needed to know your old email address, they would have just needed to program their software to send messages using the same characters before the @ sign.

Author Comment

by:Ted James
ID: 41836859
My spammer used one of the other methods you allude to.  Because the name on my work email is nowhere close to being the name on my old personal email, and my name is not on the personal email.  How did they do that correlation?
LVL 97

Expert Comment

by:Experienced Member
ID: 41836865
Look in the Headers, Message ID to find where they were coming from. They spoof the addresses and obfuscate that. You need a GOOD spam filter to stop this.

Author Comment

by:Ted James
ID: 41837408
Still don't know...how did they know the correlation between the work email which has my name on it, and the personal email that did not have my name on it?
I was tricked into opening the email because it had the name of the old but recognizable email as the phony "source".
LVL 27

Expert Comment

ID: 41864819
...how did they know the correlation between the work email which has my name on it, and the personal email that did not have my name on it?
Why do you think there is any "correlation"? Most likely, your old address was farmed from someone's address book. That entry could have been there for years. And sometime recently that person received an e-mail from your new work address.

So, the spam process is using e-mail addresses from an address book to send spam to other addresses in that address book. If you could look at the spam received by every address in that address book, you'd likely find that many of them also received items appearing to come from your old address.

No "correlation". Just one farmed address being used to send to another farmed address.

BTW, the address book could have had either or both addresses added to it automatically, perhaps even by receiving spam that used those addresses. The owner of the address book might be someone with no functional relationship to you.

Author Comment

by:Ted James
ID: 41865524
Sorry I've been out of commission for a while.  Thank you for your inputs.

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses
Course of the Month10 days, 8 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question