Fire drill

by Duf Anything and Everything

Yesterday after I got home I saw an email come in that showed as being from Cindy.  It was obviously bogus as it said it contained an invoice with a link to view/pay it.  Almost immediately after seeing it I got a message since I am also the administrator for her email account indicating that her account has been suspended because it was sending a large amount of external emails.  When I logged into the admin area to view details it said her email account had sent out almost 500 emails before it got shut down.  Cindy soon found others had received the same fake invoice email that was sent to me.  It appeared that someone had the credentials to her email account.

This is different than normal email spoofing where a spammer can simply replace the “From” email address with anything they want.  This practice has become less and less effective as spoofed emails are often flagged and not delivered to people’s inboxes.  So the way to get around this is to take over someone’s email account, that way the emails appear to be legitimate and less likely to be screened out.

So the first thing we did before I reactivated her account was to change her password to something unique, not used anywhere else.  The reason you hear the advice to not reuse passwords is it is an easy way for someone shady to get credentials to multiple accounts of yours if that password sits somewhere that has been compromised by the numerous security breaches we hear about all too often.  After changing her password I triggered a logout of her account anywhere it’s logged in currently, legitimate or not.  That way if a bad guy is logged in somewhere once he is kicked out he will no longer have the correct credentials to get back in.  Finally I ran a full scan on her PC just to make sure there wasn’t something installed locally that was grabbing her credentials.  That scan came up clean.

I reactivated her account and have not seen any more notifications about abuse but my antenna has certainly been raised.  This sort of stuff has become so commonplace that it sometimes can become background noise.  You have to make sure you are always listening closely.