Flyinfool Posted November 12, 2015 #1 Posted November 12, 2015 I am getting thousands of emails indicating that a sent email is undeliverable for various reasons. This is for an email account that I have NEVER given to anyone and I did not even know it existed. The emails are not being sent from my computer, my email address is being spoofed on to what some spamer is sending as the from address with random names as the displayed from person. These emails are going out even if my computer is turned off and the power cord unplugged. So I know they can not possibly be originating from my computer. This is on my work computer, there are 2 company names in the server, one of the company names is what I do use for my email, the other company name is attached to me by default and our IT guy says there is no way to separate them to simply turn off the offending one. because no one else in the company is having this issue, we are assuming that the company servers also are not being hacked Since I am getting thousands of undeliverable notices, I can only wonder just how many emails are going out with my email addy attached as the from. This just started at 5:40am yesterday. I have already created a rule to move all undeliverable notifications to a separate folder so that I can still get in real email and have a chance of finding it. But I have to now leave my email turned off so that I do not have a steady stream of new mail beeps and sucking up the bandwidth to load them all. Does anyone have any idea as to how to make it stop.
MiCarl Posted November 12, 2015 #2 Posted November 12, 2015 The headers on the outgoing emails (the ones you are getting bounced back) will have a trace of IP addresses. Your IT guy should be able to figure out where they are originating and look into having the offending account terminated.
M61A1MECH Posted November 12, 2015 #3 Posted November 12, 2015 So if you have access to the email account can you protect it with a password? If you do that it should lock him out until he figures out the password. And I agree any IT guy worth half what he is being paid should be able to track down the offending computer based on the info in the header. I know on my hotmail account all I have to do is right click on the message and select "View Message Source" that way I can see who sent the email, who else got the email and read the email with no concerns about viruses being down loaded before my anti virus soft ware catches it.
SilvrT Posted November 12, 2015 #4 Posted November 12, 2015 to assume the servers are not being hacked is not a good ASS-U-ME tion LOL any email addy can be spoofed from practically any server if you know how. To resolve this it is first important to know if your company has it's own email server or uses a 3rd party. Your IT guy should be able to resolve this and posting it here suggests a lack of confidence in his ability LOL (is he a junior?)
SilvrT Posted November 12, 2015 #5 Posted November 12, 2015 Does anyone have any idea as to how to make it stop. If you (or your IT guy) creates the rule on the server end, those emails won't come to you. That "rule" can flag them as spam and cause them to be deleted.
Condor Posted November 12, 2015 #6 Posted November 12, 2015 I get one or two of those emails every once in a while, and I just move it to junk and black list the domain... Seems to work??
Flyinfool Posted November 12, 2015 Author #7 Posted November 12, 2015 Your correct that our IT guy is not real good at this kind of stuff. They called in an outside "expert" to look into this. After about 20 minutes he determined that the emails were originating from the company server. He said that someone hacked my email password and was using our servers to send out millions of emails with my email address as the from and the from name being spoofed to random names. So it was a simple change my email password and restart the email server and the barrage of emails is now slowing down. the emails of "undeliverable" stopped within a few minutes. now the ones that say the email was trying to be delivered for 4 hours unsuccessfully are the only ones coming in. In 2 more hours that 4 hour window will be up and hopefully be the end to this. I suggested that they might need better protection on the company servers. If someone can hack an email that easy what else are they getting into? The theory was that my email got hacked simply because alphabetically it is the first one on the list. I am betting that our assigned passwords are in the top 20 of most popular passwords.
SilvrT Posted November 12, 2015 #8 Posted November 12, 2015 I suggested that they might need better protection on the company servers. If someone can hack an email that easy what else are they getting into? The theory was that my email got hacked simply because alphabetically it is the first one on the list. I am betting that our assigned passwords are in the top 20 of most popular passwords. First of all, hosting an email server requires some pretty high-level security as they are more open to being hacked. A trick from the old days was to create a dummy account using aaaaaaaa@ .... whatever the domain is. Also create a dummy contact in your own list using similar as well as one with 0000000@ (zeros)
Flyinfool Posted November 12, 2015 Author #9 Posted November 12, 2015 I do have those dummy accounts so that I will know if someone has hacked into my contacts. This was not a case of someone getting into my contacts, that we know of, but a case of them using my email account to send to their own contact list of millions of emails. I make no claim to be a puter expert of any kind, but I do know just enough to be dangerous..........
SilvrT Posted November 12, 2015 #10 Posted November 12, 2015 I do have those dummy accounts so that I will know if someone has hacked into my contacts. This was not a case of someone getting into my contacts, that we know of, but a case of them using my email account to send to their own contact list of millions of emails. I make no claim to be a puter expert of any kind, but I do know just enough to be dangerous.......... ya but the company needs to set up a dummy email account in the mail server using "aaaaaaa" as the account name. For example, we have one called aaaaa@mycompanyname.com
Flyinfool Posted November 13, 2015 Author #11 Posted November 13, 2015 I found out that happens a couple times a year to them. Yet they had no clue what was happening till they paid an outside expert. Then finally said "Oh yea......":bang head: :bang head:
SilvrT Posted November 13, 2015 #12 Posted November 13, 2015 I found out that happens a couple times a year to them. Yet they had no clue what was happening till they paid an outside expert. Then finally said "Oh yea......":bang head: :bang head: I can relate ... if a person is the only IT guy in a company, they can't be expected to know everything and the company needs to be receptive to bringing in "specialists". I've been quite fortunate in that my company has only had to bring a specialist in once in the 10 years I've been there. Everything else I've been able to figure out by "hands on learning". Plus my 28 years experience might have had something to do with it LOL. BTW, that hands on learning has involved a lot of "experts" so to speak. Having the resources of the internet at one's fingertips is a real savior.
Flyinfool Posted November 13, 2015 Author #13 Posted November 13, 2015 But if a situation was happening to you a couple of times a year, would you not be able to remember that you have seen this before and how to fix it?
SilvrT Posted November 13, 2015 #14 Posted November 13, 2015 But if a situation was happening to you a couple of times a year, would you not be able to remember that you have seen this before and how to fix it? Sounds to me like it wasn't fixed in the past LOL
Sfahey151 Posted November 13, 2015 #15 Posted November 13, 2015 If your company has a website where you can log in and check your email AND no password policy that locks you out of your account after X amount of failed attempts, then a "hacker" can repeatably attempt to log in using an automated process and a dictionary list of possible passwords. Once he gains access he can send email as you using a long list of "known good" email addresses. Inevitably a lot of those email addresses are bad or invalid and you see the bounces.
Flyinfool Posted November 13, 2015 Author #16 Posted November 13, 2015 If your company has a website where you can log in and check your email AND no password policy that locks you out of your account after X amount of failed attempts, then a "hacker" can repeatably attempt to log in using an automated process and a dictionary list of possible passwords. Once he gains access he can send email as you using a long list of "known good" email addresses. Inevitably a lot of those email addresses are bad or invalid and you see the bounces. That is exactly what is happening, But I was told that it can not be setup for a max number of failed attempts because the CEO has trouble remembering his password and did not like getting locked out of HIS system.......... My new password was created by a random generator using Upper case, lower case, numbers, and symbols and is many many characters long. So at least the bots will not hit it quickly, as long as they can hit someone else first and leave me alone, I'm happy.
cowpuc Posted November 14, 2015 #17 Posted November 14, 2015 If you figure out a way to send some kind of reverse computer self destruct device to send to the bottom feeders that did this to you Jeff PLEASE let me know, I would be interested in investing into that technology Hope ya get it resolved!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now