Solved

Email security problem

Posted on 2016-10-09
12
42 Views
Last Modified: 2016-10-29
I am curious about a possible security hole in my email accounts.  I recently received an email on my work email that APPEARED to come from on old personal email that I used to have.     I opened it and saw that it was a phishing attempt, providing a link to get to some "cool stuff".   (And my old email actually was not the source, the source came from someone else, but the heading and the name was the same unique name as my old email account.)   I did not click on the link and then deleted the email.  My work email runs on Microsoft Exchange if that info is of any use.  I have several questions about this and am hoping there are some security experts that can answer them.

1.  By not clicking on the suspicious link, I believe that I did not put myself, nor my computer nor my company in danger of some kind of security hack, am I right?

2.  Or is it possible that I may have an issue just by opening the email, even though I did not click on the link?

3.  How is it that an old personal email, that I hadn't used in a while, appear to be the source?  I did not ever link the two emails together, nor did I even use my name on the old personal email when I opened it.  That old email account is still open, I never closed it, but I don't remember the last time I ever used it.

I am anxious to find out because I would like to get into the email security business and this event triggered my interest even more.  In addition to these questions being answered if someone can add some links or docs about securing email I would appreciate it.

Thank you
0
Comment
Question by:Ted James
12 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 167 total points (awarded by participants)
Comment Utility
I see these all the time. They get caught in my spam filter. You need to put a GOOD spam filter in front of your Exchange system. Consider Barracuda or like.  Otherwise you will go nuts trying to stop it all.
0
 

Author Comment

by:Ted James
Comment Utility
The spam filter would be the responsibility of the company I work for.  So I should ask them (the IT department) about the filter they use.  Good idea.

Still, it's crazy that it looked like it came from the personal email even though I didn't put any personal info in that email setup.

Plus, I hope I didn't create any problems with my company's email.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
The email was spoofed and spam filters catch most of this.
0
 
LVL 23

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 167 total points (awarded by participants)
Comment Utility
is it possible that I may have an issue just by opening the email, even though I did not click on the link?

If you read email using an HTML-compliant reader instead of a text-only reader, then the answer is yes.  Spam and phishing email usually includes an invisible one-pixel image, the name of which is unique to your email address.  When an HTML-compliant reader opens the email, your reader fetches that one-pixel image from the spammer's web site.  This tells the sender that you opened the email and read it.  That confirms your email address is active, which gets you on a target list that will be sold to other spammers and phishers.  Since you opened the email, it also suggests to the sender that you may be a good candidate for future attempts.

If your email reader can not be set to text-only, but can block inline images until you approve seeing them, I suggest turning that option on.
0
 

Author Comment

by:Ted James
Comment Utility
So the present danger is that I "alerted" the source that my email is active and that I opened it and can be a target in the future.  That alone is good to know.

But what if I clicked on that link?  What further could have happened?
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 166 total points (awarded by participants)
Comment Utility
1. As long as you don't click on the link, you're usually Okay.
2. Outlook is configured to prevent downloading images without consent by default, so unless you've modified that behavior, the alerting method mentioned wouldn't have succeeded.
3. There are any number of methods spammers can use to get email addresses. One possible explanation is if the email address they spoofed has the same thing in front of the @ sign as your old personal address. So if you have bobc@gmail.com as your old email and your work email is also bobc@company.com, they wouldn't have needed to know your old email address, they would have just needed to program their software to send messages using the same characters before the @ sign.
0
 

Author Comment

by:Ted James
Comment Utility
My spammer used one of the other methods you allude to.  Because the name on my work email is nowhere close to being the name on my old personal email, and my name is not on the personal email.  How did they do that correlation?
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Look in the Headers, Message ID to find where they were coming from. They spoof the addresses and obfuscate that. You need a GOOD spam filter to stop this.
0
 

Author Comment

by:Ted James
Comment Utility
Still don't know...how did they know the correlation between the work email which has my name on it, and the personal email that did not have my name on it?
I was tricked into opening the email because it had the name of the old but recognizable email as the phony "source".
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
...how did they know the correlation between the work email which has my name on it, and the personal email that did not have my name on it?
Why do you think there is any "correlation"? Most likely, your old address was farmed from someone's address book. That entry could have been there for years. And sometime recently that person received an e-mail from your new work address.

So, the spam process is using e-mail addresses from an address book to send spam to other addresses in that address book. If you could look at the spam received by every address in that address book, you'd likely find that many of them also received items appearing to come from your old address.

No "correlation". Just one farmed address being used to send to another farmed address.

BTW, the address book could have had either or both addresses added to it automatically, perhaps even by receiving spam that used those addresses. The owner of the address book might be someone with no functional relationship to you.
0
 

Author Comment

by:Ted James
Comment Utility
Sorry I've been out of commission for a while.  Thank you for your inputs.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now