1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Email Spoofing or Compromised Email or ?

Discussion in 'General Security' started by B.B.Gunn, Jan 25, 2019.

Thread Status:
Not open for further replies.
  1. B.B.Gunn

    B.B.Gunn Thread Starter

    Jan 24, 2019

    I'm a bit new at this... any help or advice would be much appreciated!

    At my club organization, one of our members received an email from another member with a request for money. That member did not write or send that email but the email address is correct and reflects our domain and domain address. However, when I set up the email accounts in the domain, I set up the forwarding mechanism so that emails that are sent to our domain address are forwarded to personal email accounts such as gmail, outlook, etc. I did not set up any email accounts (meaning nothing is stored, no inboxes etc or passwords) only addresses so any email sent to our domain address is automatically redirected and forwarded to the personal accounts. I contacted our domain hosting company and they were not much help and did not see anything suspicious and referred to the fake email as spam. So my questions are:

    1. If this is a spoofing email, the spoofer was very thorough and took the time to use the correct tone and mimic the grammatical errors and odd word choices (the members are non-native English speakers) and they used the correct names and titles. This makes me believe it was not random. The request for money does not include any details such as banking, wiring, or even a link. The member whose name and address was hijacked never did nor knows how to create an alias in their personal email account nor are they able to send emails with our domain address, they are only able to receive emails. If they respond or send, it is through their personal account. So if someone sends an email spoofing the account and requesting money without details and does not include a link of some sort that hides malware or something, I don't see the point of the spoof as the spoofer would not be able to see the response if the other member responded to this email as the answer would be forwarded to a personal account and not to a domain account as one does not exist. What is the point of the spoof then?

    2. Although our emails are handled by the domain and are part of the domain package, this was not always the case. We originally had a separate 3rd party external email host and those email addresses were created by someone else. When the contract was up, I changed the DNS and MX and brought all the email addresses to our domain and now our domain handles the emails addresses. I was not the administrator nor did I ever have control over the emails previously when handled by the 3rd party email host. Does it matter that I was not able to shut down the old account? I just changed the DNS and the MX which I thought would give us exclusive control over the email addresses. Is there a possibility that there is another MX under the previous host and that the email address is somehow compromised? (I don't know if I am making any sense here but hopefully, somewhat).

    3. Any pointer or tips so that I can try to resolve this and secure the addresses?

    Any advice or help would be extremely appreciated. I hope I was somewhat understandable.

    Thanks in advance!
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1222314

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice