Email hacked ?

thesimpsons

Had a conversation recently which got me thinking. If your email was hacked and sends out a message to all your contacts ........... "Hi, I need urgent help. pls email me back " type of message

The message appears to come from the correct email address when you hover the mouse over it.

How much info does the hacker have - ie can they read past emails, or all future ones as well. Apart from changing passwords, what else would need doing.

squawker

Sounds a spoofed email

have a read here

https://www.lifewire.com/what-is-email-spoofing-2483501

Ten Pin

Most email clients will show the full header information which will show the actual source of an email.

Some scam emails will have almost identical domain name with an additional character inserted...

Example
365-online.com (FAKE)
365online.com (GENUINE)

And they might also have a spoofed genuine domain name but it's actually a subdomain...

Example
365onlinecom.somedodgydomain.com


Email with 2FA should prevent almost all hacker attempts to log in to an email account

jimgoose

Someone who knows what they're doing with an open SMTP relay can forge email ridiculously easily:

jim@lameduck: telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 oc5182556863.ibm.com ESMTP Postfix
helo goose.net
250 oc5182556863.goose.net
mail from: foo@bar.com
250 2.1.0 Ok
rcpt to: jim@goose.net
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject: Test message
This is a test message.
So there!
  
-- 
Linus Benedict Torvalds
.
250 2.0.0 Ok: queued as 99608EA3016
quit
221 2.0.0 Bye
Connection closed by foreign host.

jim@lameduck:

ressem

thesimpsons wrote: »

Had a conversation recently which got me thinking. If your email was hacked and sends out a message to all your contacts ........... "Hi, I need urgent help. pls email me back " type of message

The message appears to come from the correct email address when you hover the mouse over it.

How much info does the hacker have - ie can they read past emails, or all future ones as well. Apart from changing passwords, what else would need doing.

Depends on the email account.

There's a lot of Office 365 phishing, where a person will click a link and enter their Office 365 / work username and password into a fake site that looks like a Microsoft page.
When a hacker gets this, then they get the ability to
1) download all the contacts,
2) view the sent mails and signature of the victim
3) Access services like onedrive holding the person's files, possibly more (Business sharepoint, shared mailboxes, other apps using Single-Sign-On)
4) send mails to any of those contacts that require in-depth IT tracing to determine that it wasn't sent by the victim. And Office 365 does a poor job of recognizing the sudden mass mailing and blocking it by default.

If the account access is not audit logged and examined, and the attacker is subtle about sending mail (i.e. the victim doesn't start receiving dozens of bounces from old contacts / out of offices) then it's possible for the attacker to site with access for months / until the next corporate mandatory password change.

Microsoft make that 2 factor authentication free (i.e. using a mobile phone to enter a code before a new machine can access your mail.)

scamalert

worked in education place and amount of those crappy phishing emails is insane, and people that actually consider them real, as said above seems more like spoofed email and not your account hacked- if it was the case they would done lots more with info.


likes of google allows to see source ip of email, id bet if checking youll see its spoofed and from likes of india,nigeria etc, on reverse trace.

BailMeOut

They usually add an inbox rule to delete any incoming emails.