Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Email security problem

Posted on 2016-10-09
Medium Priority
Last Modified: 2016-10-29
I am curious about a possible security hole in my email accounts.  I recently received an email on my work email that APPEARED to come from on old personal email that I used to have.     I opened it and saw that it was a phishing attempt, providing a link to get to some "cool stuff".   (And my old email actually was not the source, the source came from someone else, but the heading and the name was the same unique name as my old email account.)   I did not click on the link and then deleted the email.  My work email runs on Microsoft Exchange if that info is of any use.  I have several questions about this and am hoping there are some security experts that can answer them.

1.  By not clicking on the suspicious link, I believe that I did not put myself, nor my computer nor my company in danger of some kind of security hack, am I right?

2.  Or is it possible that I may have an issue just by opening the email, even though I did not click on the link?

3.  How is it that an old personal email, that I hadn't used in a while, appear to be the source?  I did not ever link the two emails together, nor did I even use my name on the old personal email when I opened it.  That old email account is still open, I never closed it, but I don't remember the last time I ever used it.

I am anxious to find out because I would like to get into the email security business and this event triggered my interest even more.  In addition to these questions being answered if someone can add some links or docs about securing email I would appreciate it.

Thank you
Question by:Ted James
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 98

Accepted Solution

John Hurst earned 668 total points (awarded by participants)
ID: 41835958
I see these all the time. They get caught in my spam filter. You need to put a GOOD spam filter in front of your Exchange system. Consider Barracuda or like.  Otherwise you will go nuts trying to stop it all.

Author Comment

by:Ted James
ID: 41835969
The spam filter would be the responsibility of the company I work for.  So I should ask them (the IT department) about the filter they use.  Good idea.

Still, it's crazy that it looked like it came from the personal email even though I didn't put any personal info in that email setup.

Plus, I hope I didn't create any problems with my company's email.
LVL 98

Expert Comment

by:John Hurst
ID: 41835976
The email was spoofed and spam filters catch most of this.
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

LVL 30

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 668 total points (awarded by participants)
ID: 41836002
is it possible that I may have an issue just by opening the email, even though I did not click on the link?

If you read email using an HTML-compliant reader instead of a text-only reader, then the answer is yes.  Spam and phishing email usually includes an invisible one-pixel image, the name of which is unique to your email address.  When an HTML-compliant reader opens the email, your reader fetches that one-pixel image from the spammer's web site.  This tells the sender that you opened the email and read it.  That confirms your email address is active, which gets you on a target list that will be sold to other spammers and phishers.  Since you opened the email, it also suggests to the sender that you may be a good candidate for future attempts.

If your email reader can not be set to text-only, but can block inline images until you approve seeing them, I suggest turning that option on.

Author Comment

by:Ted James
ID: 41836262
So the present danger is that I "alerted" the source that my email is active and that I opened it and can be a target in the future.  That alone is good to know.

But what if I clicked on that link?  What further could have happened?
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 664 total points (awarded by participants)
ID: 41836286
1. As long as you don't click on the link, you're usually Okay.
2. Outlook is configured to prevent downloading images without consent by default, so unless you've modified that behavior, the alerting method mentioned wouldn't have succeeded.
3. There are any number of methods spammers can use to get email addresses. One possible explanation is if the email address they spoofed has the same thing in front of the @ sign as your old personal address. So if you have bobc@gmail.com as your old email and your work email is also bobc@company.com, they wouldn't have needed to know your old email address, they would have just needed to program their software to send messages using the same characters before the @ sign.

Author Comment

by:Ted James
ID: 41836859
My spammer used one of the other methods you allude to.  Because the name on my work email is nowhere close to being the name on my old personal email, and my name is not on the personal email.  How did they do that correlation?
LVL 98

Expert Comment

by:John Hurst
ID: 41836865
Look in the Headers, Message ID to find where they were coming from. They spoof the addresses and obfuscate that. You need a GOOD spam filter to stop this.

Author Comment

by:Ted James
ID: 41837408
Still don't know...how did they know the correlation between the work email which has my name on it, and the personal email that did not have my name on it?
I was tricked into opening the email because it had the name of the old but recognizable email as the phony "source".
LVL 27

Expert Comment

ID: 41864819
...how did they know the correlation between the work email which has my name on it, and the personal email that did not have my name on it?
Why do you think there is any "correlation"? Most likely, your old address was farmed from someone's address book. That entry could have been there for years. And sometime recently that person received an e-mail from your new work address.

So, the spam process is using e-mail addresses from an address book to send spam to other addresses in that address book. If you could look at the spam received by every address in that address book, you'd likely find that many of them also received items appearing to come from your old address.

No "correlation". Just one farmed address being used to send to another farmed address.

BTW, the address book could have had either or both addresses added to it automatically, perhaps even by receiving spam that used those addresses. The owner of the address book might be someone with no functional relationship to you.

Author Comment

by:Ted James
ID: 41865524
Sorry I've been out of commission for a while.  Thank you for your inputs.

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question