Email account is getting hacked - possibly on phone

LockDown32
LockDown32 used Ask the Experts™
on
This customer was with GoDaddy. GoDaddy flagged this one account as sending out spam and locked everyone. We have has so many issues with GoDaddy that we took the "opportunity" to move to Network Solutions.

   No sooner did we move to NS then they locked this same account as being hacked and sending spam. We asked the user how many devices he had his email on and it was two. His laptop and his phone. I got on his laptop and hit it with Windows Defender, Avast, Adwcleaner, combofix and Webroot. No hint of a virus or malware. His phone has McAfee on it (from Verizon) and didn't exhibit any signs of being infected.

   So we changed his email password yet again which re-activated his email account and bam. 8-hours later NS shut it down again as being hacked. We had to "guess" which device was causing the issue so we guessed his phone. We reactivated his email again Friday and told him NOT to put the new password on his phone and not use it until further notice. So far there have been no issues. NS says his account is clean.

   So it looks like it might be his phone even though there are no signs and it has McAfee. Has anyone seen this type of issue and is there something else out there for phones maybe better then McAfee? We still don't have any concrete evidence how or where his account got hacked. We "think" it is his phone but can't be sure.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
Android? Did he allow insecure sources? Is the phone rooted?
LockDown32Owner
Top Expert 2016

Author

Commented:
I believe it is anderoid. Don't know about the insecure sources or the rooted. I could ask him it your could tell me where to look and what those options are.
Technical Specialist
Awarded 2017
Distinguished Expert 2018
Commented:
It is shown in system settings. As for rooted devices, install an application that detects root access
AlanConsultant

Commented:
I'd wipe the phone back to factory settings, and make sure they don't allow it to be rooted or to install apps from anywhere other than Google.

You could spend a lot of your time (and your cilent's money) trying to find what it is, but in the end, best to just wipe and only run the minimum number of highly trusted apps in the future.

I would also not allow (or strongly discourage) them to install any games on the phone being used for business purposes.


Alan.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial