Unauthorised email sent from my colleague's account.
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Unauthorised email sent from my colleague's account.

  1. #1
    Junior Member
    Join Date
    Oct 2005
    Posts
    18

    Unauthorised email sent from my colleague's account.

    A colleague at work mentioned that he got one of those mail administrator returned mail emails about an email that he never sent. I told him to just change his account password, although he's convinced there's actually a hacker trying to use his email account. Is there any basis to his fears and does he need to wipe his entire system and start again with the same account password as he seems to think? What should I suggest he do?
    Cereal: Eaten at all times of the day.

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    It is proppably a spoofed email that got sent back..

    It works like this..

    LAMER: has a virus, the virus sends mail to CORP faking the from adress to JOHNs email adress.
    CORP: receives mail, sees it as a virus and sends a notification to JOHN
    JOHN: receives mail from CORP and gets mad.. I didn't send that..

    Now who's fault is it ??
    LAMERs fault for getting infected with a virus (and his ISP for letting him send the mails)
    CORPs fault for sending one of those notifications..

    more on this here: http://attrition.org/security/rant/av-spammers.html
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    JinX is probably spot on.
    He's maybe a bit harsh calling your collegue a lamer but this is the sort of thing you hear about 5 times a day especially if you work on the helldesk.

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    I didn't call his colegue a lamer.. I called his colegue JOHN..

    Luckily I don't do helldesks (anymore)..

    wheaty_bytes, it might be nice if you could paste the contents of the mail..
    That might point out who is to blame
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  5. #5
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    762
    A colleague at work mentioned that he got one of those mail administrator returned mail emails about an email that he never sent. I told him to just change his account password, although he's convinced there's actually a hacker trying to use his email account.
    It is possible.

    Is there any basis to his fears and does he need to wipe his entire system and start again with the same account password as he seems to think? What should I suggest he do?
    He could be right on the money. At work we had the same exact issue and the "IT Tech" told the guy just to change his password sad to say the next day it happened again. I would recommend just creating a new email address for him.

    Post the email headers.

  6. #6
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Originally posted here by Computernerd22
    I would recommend just creating a new email address for him.
    I wouldn't. It's a lot of work to do (informing everyone etc.).

    Is there any other evidence the account has been compromised? This problem on it's own does not indicate a compromised account.

    Just ignore it. Eventually the person with the virus will get sorted out.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  7. #7
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    762
    Just ignore it. Eventually the person with the virus will get sorted out.
    I wouldn't just ignore it. All this will do is piss off the guy who clearly thinks

    he's convinced there's actually a hacker trying to use his email account.
    And the IT Tech is just "ignoring the issue," Kill two birds with one stone. Get rid of the lamer who is using his email account and second, make the worker happy by changing his email address to something he likes that way it (makes it look like you did something for him) and should easily resolve the other issue he was having. If worse comes to worse can't you just delete that specific email address that has been so called hacked, and create a new one? I think this would be better than

    need to wipe his entire system and start again with the same account password as he seems to think?
    If you were going to reformat the harddrive resinstall windows go back on and use the same account information that would be pointless to do.

  8. #8
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    the_JinX: right enough, Doh!

    wheaty_bytes: was it a personal email account or was it a work account?

  9. #9
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Originally posted here by Computernerd22
    And the IT Tech is just "ignoring the issue,"
    Without other supporting evidence this is the correct thing to do. It is a waste of resource to create new accounts like this.

    Crikey, if the support guys here started doing this, they'd get nothing else done.

    The guy may be convinced he's being hacked, this doesn't make it true.

    I'm convinced I'm god's gift to women...

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  10. #10
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    There are numerous mallware that spoof the from email address.....

    Mostly we ignore it...but I do check the machine or account....change passwords etc

    I also try and get a copy of the email or headers...to determine where its coming from.

    We have it happen here...shows internal user is sending internal email virus to other users.....looking at the header...shows its coming from outside...the local cable smtp server..........which is not the ISP we use.............spoofed.


    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides