[SOLVED] Not sure how this hack works

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
N

naviseyer

Distinguished
Nov 8, 2016
84
0
18,530
I had a client contact me because he received what he thought was a odd email. The email was from an address that resembled the business email we send invoices from for example our email is payment@nameofbiz.com and he received an email from payment.nameofbiz@email.co. The email contained and actual invoice we had sent him earlier in the week. The only difference was the email was asking he remit payment via wire transfer which is why he contacted me. The signature in the email was of the actual employee that would normally send out an invoice for payment .

I am trying to figure out if this is something happening internally or externally . when i spoke to support from our email provider they called it phishing but it seems like much more then that. it was our invoice and it contained the name of the emploee that would normally send it . the only difference was the email address it came from and the request for wire transfer.

The same day i spoke to the Customer i also received a few undeliverable notices as if the real email address payment@nameofbiz.com was actual trying to deliver email to payment.nameofbiz@email.co

I am trying to of course to figure out whats going on and how to resolve it.

Our email providers only suggestion was to log the email address out of any computers,laptops,phones and change passwords.

i feel like its much more going on here then that but i do not know for sure. Can anyone please shine some light on whats going on ? how it works?

thanks for any information anyone can provide.
 
Solution
ex_bubblehead
The very first thing you should be doing is exactly what your provider told you to do. Do not hesitate even a nanosecond. Do it. It's entirely possible that someone has compromised your mail system. You should also be changing passwords on all user accounts as there could be a compromise within the organization. Then, if you don't feel competent to do the analysis yourself, call in the experts in your area to do a complete security scan. This is not something you should be wavering over, do it now.
Sort by date Sort by votes
M

mdd1963

Titan
Jan 14, 2006
16,616
1,735
81,240
I can see where you'd be concerned if a client receives an email from someone else contained the actual copy of a real recent invoice....

Clearly, something (entire contents of email, apparently) is compromised....

It might be challenging to tell if it is your mail or theirs that is compromised, however....

Thank goodness they called your company first...! Many others have not been so lucky!
 
  • Like
Reactions: Ralston18
Upvote 0 Downvote
N

naviseyer

Distinguished
Nov 8, 2016
84
0
18,530
Thats my issue i dont know what is compromised .
and the fact that the email providers best advice is to log out and change password was not the most comforting answer.
Would this actually be considered phishing.
im trying to do more research but im not finding anything close in relation to phishing.
 
Upvote 0 Downvote
ex_bubblehead

ex_bubblehead

Titan
Moderator
Aug 24, 2012
16,247
1,516
87,240
The very first thing you should be doing is exactly what your provider told you to do. Do not hesitate even a nanosecond. Do it. It's entirely possible that someone has compromised your mail system. You should also be changing passwords on all user accounts as there could be a compromise within the organization. Then, if you don't feel competent to do the analysis yourself, call in the experts in your area to do a complete security scan. This is not something you should be wavering over, do it now.
 
  • Like
Reactions: Ralston18
Upvote 0 Downvote
Solution
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom