advertisement


Hacked email.

eternumviti

eternumviti

Insufficient privileges to reply.
I am sure that some here will find it serendipitous, but my business email has been hacked. We have always had the odd instance of clients receiving emails that purport to be from us, but that are from a completely random email address, but 3 weeks ago one of our customers received an email with a fake invoice attachment that was actually from our correct email address. On cleaning out my clutter yesterday I chanced upon a ransom email that has gone into our junk email box at about the same time, informing me that it knew all about the dodgy websites that I have visited (they must know about my pfm habit) and that in the absence of a substantial payment to be made in bitcoin they would disclose the details to everyone in our email address book. This morning there were a further two such emails in my junkbox, and they had indeed come from my own business email address.

I have already updated and run malwarebytes and AVG, and changed critical passwords. I suspect I will have to close the affected mailboxes, and write to the entire address book from a different email address completely to warn them not to open any emails/attachments from the two affected mailboxes. Any other advice, as I guess this sort of thing isn't uncommon?
 
I had a similar e-mail about 6 weeks ago. I ignored it and nothing more has happened. Although the e-mail seemed to come from one of my accounts, I am by no means convinced that any hacking was involved.
 
eternumviti said:
I have already updated and run malwarebytes and AVG, and changed critical passwords. I suspect I will have to close the affected mailboxes, and write to the entire address book from a different email address completely to warn them not to open any emails/attachments from the two affected mailboxes. Any other advice, as I guess this sort of thing isn't uncommon?
Click to expand...

Probably wise. Bare in mind that return addresses are easily spoofed, so chances are any mails sent out to customers didn’t originate from your own mail server (you should be able to assess this from reading the header IP details etc). Basically your removing the initial breach may well not stop customers being contacted from the old email if they really have managed to steal your contact list.
 
Check here;
https://haveibeenpwned.com/

Most likely related to previous credentials you had registered at an insecure site, and that then got hacked. No major issue, as long as your password is now different from the date of the hack :)
 
eternumviti said:
but 3 weeks ago one of our customers received an email with a fake invoice attachment that was actually from our correct email address.
Click to expand...

Enabling SPF, DKIM and DMARC would have prevented this and should be enabled asap to prevent it happening again.
 
thebiglebowski said:
Enabling SPF, DKIM and DMARC would have prevented this and should be enabled asap to prevent it happening again.
Click to expand...
^^ this

The emails may have appeared to be from your mail system, but would have just been spoofing, which suggests your domain is not configured to specify which servers/IP numbers are authorised to route mail on your domain's behalf.
 
Mmmm, I juts received this very same email within the last couple of minutes. Coincidence, i bet we go to no other similar sights.
 
eternumviti said:
I chanced upon a ransom email that has gone into our junk email box at about the same time, informing me that it knew all about the dodgy websites that I have visited (they must know about my pfm habit) and that in the absence of a substantial payment to be made in bitcoin they would disclose the details to everyone in our email address book
Click to expand...

A few weeks ago I was sent such an email, to the email account I use for logging into forums with a similar content.
 
I had the same thing a couple of months ago citing a very old old ‘lowest security’ password that has never been used for anything even remotely serious. I’m sure they got it when Yahoo was hacked a few years back. Thankfully I know enough about IT to realise they’d not accessed my computer and despite the claims the email hadn’t come from my server so just ignored it. Its just another new way of phishing.

PS Long-term Flickr users should obviously be aware of this as it was part of Yahoo, so definitely view that password as hacked if you haven’t changed it for a couple of years!
 
eternumviti,

eternumviti said:
On cleaning out my clutter yesterday I chanced upon a ransom email that has gone into our junk email box at about the same time, informing me that it knew all about the dodgy websites that I have visited
Click to expand...

This must be the latest scam. I've received a few with exactly the same claim — the person knows the dodgy sites I visit and if I don't pay the ransom in bitcoins the sordid details of my visits to Memory Alpha and pfm will be revealed to all and sundry.

Since it's going to be in the headlines anyway, I'll come clean: I click on pfm wire threads, even though I know better!

Joe
 
ET, my dad's been getting these also the bass player in one of my bands. Pretty rife at the moment.
Change passwords if you haven't already done so.
 
I ceased using my Blueyonder (Virgin) email a few years ago, but always monitored it for any stray emails.
I often received spam from people I knew (or appeared to be)...
Then I received one sent from my own address, quoting my password & demanding bitcoin or they would expose my sordid ways etc..etc..
Obviously, I was shocked they had my password, so I googled & found that HaveIbeenPwnd site.
That revealed I’d been Pwnd on LinkedIn in 2016 (all that time I didn’t know), and a further 3 times since.
Since I haven’t used that email for years, the subsequent ones must be as a result of the 2016 compromise.

Anyway, I got onto Virgin & after lots of mind boggling uselessness & misinformation (Virgin, great product when it works, but their systems are chaos), they are in the process of deleting my email account permanently.

Good luck!
 
Ah, yes, I was hacked on Linked.In too, but again not a secure password. I’ve since closed that account as it was a PITA I never used anyway.
 
The fake invoice and the 'ransom' email are not connected. Check out the invoice carefully and any associated links to see if they have actually hacked you and retrieved a customer list. If you store usernames and passwords then this is a problem, otherwise its merely an annoyance. It might be worth checking with some other customers for similar.

The ransom emails are just going to every email address floating about the stickier areas of the web, which is pretty much everybody's email address. Just sinister spam.
 
Some interesting replies, many thanks. I have spent an hour or two on the phone to my service provider sorting out new email addresses. The problem is that I can't kill the old ones, as they are connected to the functionality of quite a lot of logins.

The word that the techie used to describe the email address that appeared to be mine is 'masked', meaning of course that another address lies behind it.

thebiglebowski said:
Enabling SPF, DKIM and DMARC would have prevented this and should be enabled asap to prevent it happening again.
Click to expand...

What are these things?
 
They are things that try and improve the security and provenance of email and frustrate the Spammers. The guys that look after your IT/Domain Name/DNS/Email System should be able to implement them for you. I implement them for my clients, Microsoft Office365 makes it pretty easy for a reasonable tech to do.


DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing


Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system designed to detect and prevent email spoofing


Sender Policy Framework (SPF) is an email validation protocol designed to detect and block email spoofing


Transport Layer Security (TLS) – and its predecessor, Secure Sockets Layer (SSL) – are cryptographic protocols that provide communications security over a computer network
 
There have been lots of large scale lapses of security on sites with big address books, personally it was LinkedIn that allowed my email address and LinkedIn password to be posted all over the dark web, thanks LinkedIn.
 
You must log in or register to reply here.


advertisement


Back
Top