Email account is getting hacked - possibly on phone

This customer was with GoDaddy. GoDaddy flagged this one account as sending out spam and locked everyone. We have has so many issues with GoDaddy that we took the "opportunity" to move to Network Solutions.

   No sooner did we move to NS then they locked this same account as being hacked and sending spam. We asked the user how many devices he had his email on and it was two. His laptop and his phone. I got on his laptop and hit it with Windows Defender, Avast, Adwcleaner, combofix and Webroot. No hint of a virus or malware. His phone has McAfee on it (from Verizon) and didn't exhibit any signs of being infected.

   So we changed his email password yet again which re-activated his email account and bam. 8-hours later NS shut it down again as being hacked. We had to "guess" which device was causing the issue so we guessed his phone. We reactivated his email again Friday and told him NOT to put the new password on his phone and not use it until further notice. So far there have been no issues. NS says his account is clean.

   So it looks like it might be his phone even though there are no signs and it has McAfee. Has anyone seen this type of issue and is there something else out there for phones maybe better then McAfee? We still don't have any concrete evidence how or where his account got hacked. We "think" it is his phone but can't be sure.
LVL 15
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shaun VermaakTechnical SpecialistCommented:
Android? Did he allow insecure sources? Is the phone rooted?
LockDown32OwnerAuthor Commented:
I believe it is anderoid. Don't know about the insecure sources or the rooted. I could ask him it your could tell me where to look and what those options are.
Shaun VermaakTechnical SpecialistCommented:
It is shown in system settings. As for rooted devices, install an application that detects root access

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I'd wipe the phone back to factory settings, and make sure they don't allow it to be rooted or to install apps from anywhere other than Google.

You could spend a lot of your time (and your cilent's money) trying to find what it is, but in the end, best to just wipe and only run the minimum number of highly trusted apps in the future.

I would also not allow (or strongly discourage) them to install any games on the phone being used for business purposes.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Clients

From novice to tech pro — start learning today.