Go Back  Bike Forums > The Lounge > Foo
Reload this Page >

Email Spoofing-Hacking Question

Notices
Foo Off-Topic chit chat with no general subject.

Email Spoofing-Hacking Question

Old 03-08-16, 04:38 PM
  #1  
Homebrew01
Super Moderator
Thread Starter
 
Homebrew01's Avatar
 
Join Date: Jul 2004
Location: Ffld Cnty Connecticut
Posts: 21,633

Bikes: Old Steelies I made, Old Cannondales

Mentioned: 10 Post(s)
Tagged: 0 Thread(s)
Quoted: 1054 Post(s)
Liked 467 Times in 337 Posts
Email Spoofing-Hacking Question

There was a suspicious email at work today.

Employee_A sent an email to Employee_B asking for some confidential information.

Employee_A did not send the email, but it looks like it came from that account. Other than knowing Employee_A's password and logging in, how could someone inside or outside the company send an email that appears to come from Employee_A ??

What detective work can be done to find out more information about who sent it ? Outlook can show Internet headers. Not sure if it's useful, or if GMail has better options.

If Employee_B replied with an attachment, I wonder if someone was in Employee_A's email waiting for it, or going to intercept it somehow.

GMail is used, for a company account.

So the email addresses are Employee_A@OurCompany.com, Employee_B@OurCompany.com

Some people use Outlook locally on their desks as a front-end for Gmail.
__________________
Bikes: Old steel race bikes, old Cannondale race bikes, less old Cannondale race bike, crappy old mtn bike.

FYI: https://www.bikeforums.net/forum-sugg...ad-please.html

Last edited by Homebrew01; 03-08-16 at 04:46 PM.
Homebrew01 is offline  
Old 03-08-16, 04:56 PM
  #2  
ahsposo 
Rock Hard Member
 
ahsposo's Avatar
 
Join Date: Jan 2010
Location: Outside the Box
Posts: 7,134

Bikes: A Home Built All Rounder, Bianchi 928, Specialized Langster, Dahon Folder

Mentioned: 27 Post(s)
Tagged: 0 Thread(s)
Quoted: 5261 Post(s)
Liked 2,393 Times in 1,442 Posts
If I told you I'd have to kill you.
ahsposo is offline  
Old 03-08-16, 05:02 PM
  #3  
ahsposo 
Rock Hard Member
 
ahsposo's Avatar
 
Join Date: Jan 2010
Location: Outside the Box
Posts: 7,134

Bikes: A Home Built All Rounder, Bianchi 928, Specialized Langster, Dahon Folder

Mentioned: 27 Post(s)
Tagged: 0 Thread(s)
Quoted: 5261 Post(s)
Liked 2,393 Times in 1,442 Posts
Seriously, though:

This occurred once in a workgroup I belonged to when "A" left their laptop up for a moment at a meeting while they went to the powder room. A message of urgent passionate longing went out to the new guy in the group from "A" an older, more senior female, but hot mind you, in the group.

It was pretty funny...
ahsposo is offline  
Old 03-08-16, 06:00 PM
  #4  
trackhub
Senior Member
 
trackhub's Avatar
 
Join Date: Nov 2004
Location: Watching all of you on O.B.I.T.
Posts: 2,013

Bikes: Gunnar Street Dog

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Likes: 0
Liked 3 Times in 3 Posts
Man, I would love to help you, but I have been very busy with my friend, the Nigerian prince, who has promised to make me rich
if I can help him out, and all those gorgeous Russian ladies who want to meet me for friendship and romance. You know how it is.
trackhub is offline  
Old 03-08-16, 06:30 PM
  #5  
Jadesfire 
Senior Member
 
Jadesfire's Avatar
 
Join Date: Jul 2015
Posts: 1,495

Bikes: '88 Bianchi, '94ish Trek

Mentioned: 43 Post(s)
Tagged: 2 Thread(s)
Quoted: 1080 Post(s)
Liked 127 Times in 57 Posts
We get that all the time at my work now. Whoever it is can get very crafty and words things just right to make it appear at first glance that it's a legitimate internal e-mail. New ones, that show up every couple of weeks, are forwarded to our IT department. But they just tell us to delete without clicking on any links that may have been provided. I've not heard of a way to track down the perpetrators (outside of the fictional abilities of Lisbeth Salander from The Girl with the Dragon Tattoo). There are far too many hackers out there these days. If you are suspicious of an employee in your company hacking someone's account, I would refer the matter to HR.

Of course, you may be HR for all I know. In which case this post of mine is entirely useless instead of just mostly useless .

Last point: it is surprising how lackadaisical most people are about their computer security. Are there passwords written down in desk drawers or under blotters or keyboards? And do y'all change your passwords on a regular basis? Rhetorical questions, of course. But perhaps something that might need to be brought up?
__________________
Originally Posted by LAJ View Post
Everyone thinks they have had a long strange trip, until they look at other folks' journeys. Then they realize everyone has had a long strange trip, just using different modes of transportation.
"The mystery of life isn't a problem to solve, but a reality to experience."
Jadesfire is offline  
Old 03-08-16, 10:32 PM
  #6  
RubenX 
Look! My Spine!
 
RubenX's Avatar
 
Join Date: Apr 2008
Location: Kissimmee, FL
Posts: 620
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Likes: 0
Liked 0 Times in 0 Posts
Traditional email systems (POP3/IMAP) DO NOT require a password to send messages. You can telnet the right port and say you wanna send an email, it asks:

1. who are you
2. who you wanna send the email
3. whats the subject
4. what's the email

that's it... no password watsoever. If your office has those legacy services still functional (many do), anybody with network access can spoof anybody else. Kids play.

Same thing with caller IDs, kids play.
__________________
"Hoy es un dia normal, pero yo voy a hacerlo intenso" ~ Juanes
RubenX is offline  
Old 03-09-16, 06:03 AM
  #7  
Homebrew01
Super Moderator
Thread Starter
 
Homebrew01's Avatar
 
Join Date: Jul 2004
Location: Ffld Cnty Connecticut
Posts: 21,633

Bikes: Old Steelies I made, Old Cannondales

Mentioned: 10 Post(s)
Tagged: 0 Thread(s)
Quoted: 1054 Post(s)
Liked 467 Times in 337 Posts
Employee_A works remotely. I got the email header and it shows it coming from Employee_A, BUT, "Reply To" shows some non_company email, Like

Reply To ''Employee_A'' <BogusEmail@GMail.com>
__________________
Bikes: Old steel race bikes, old Cannondale race bikes, less old Cannondale race bike, crappy old mtn bike.

FYI: https://www.bikeforums.net/forum-sugg...ad-please.html

Last edited by Homebrew01; 03-09-16 at 06:08 AM.
Homebrew01 is offline  
Old 03-09-16, 06:15 AM
  #8  
ahsposo 
Rock Hard Member
 
ahsposo's Avatar
 
Join Date: Jan 2010
Location: Outside the Box
Posts: 7,134

Bikes: A Home Built All Rounder, Bianchi 928, Specialized Langster, Dahon Folder

Mentioned: 27 Post(s)
Tagged: 0 Thread(s)
Quoted: 5261 Post(s)
Liked 2,393 Times in 1,442 Posts
Originally Posted by Homebrew01 View Post
Employee_A works remotely. I got the email header and it shows it coming from Employee_A, BUT, "Reply To" shows some non_company email, Like

Reply To ''Employee_A'' <BogusEmail@GMail.com>
Ah! I use MailChimp to send invitations to a men's lunch group and I can choose anything to display on the recipients end as "From". Mystery solved. They are just using a similar mailer program, I bet you can probably make a setting in Outlook to send out individual messages with a customized "From" display.

Often if I get something from "FedEx" or "Bank of Amerika" I'll hover my pointer over the "From" and the real sender address shows up...
ahsposo is offline  
Old 03-09-16, 06:41 AM
  #9  
chewybrian 
"Florida Man"
 
chewybrian's Avatar
 
Join Date: Mar 2008
Location: East Florida
Posts: 1,665

Bikes: '16 Bob Jackson rando, '66 Raleigh Superbe, 80 Nishiki Maxima, 07 Gary Fisher Utopia, 09 Surly LHT

Mentioned: 12 Post(s)
Tagged: 0 Thread(s)
Quoted: 1281 Post(s)
Liked 787 Times in 437 Posts
Originally Posted by ahsposo View Post
Seriously, though:

This occurred once in a workgroup I belonged to when "A" left their laptop up for a moment at a meeting while they went to the powder room. A message of urgent passionate longing went out to the new guy in the group from "A" an older, more senior female, but hot mind you, in the group.

It was pretty funny...
We used to do this all the time until a 'zero tolerance' mentality took hold. My favorite I sent on July 3rd in the name of a co-worker, seemingly addressed to the manager, but really going out to just about everyone else. Titled: "Independence", it said:

"Dear (boss),

I wish to declare my independence from your corporate lifestyle and run free and naked through the woods with my like-minded brothers and sisters..."

There was more, about touring with Phish, and selling veggie burritos out of the back of his VW Microbus; you get the idea. I watched him open up his email and read his copy, and he made this face:
__________________
Campione Del Mondo Immaginario
chewybrian is offline  
Old 03-09-16, 06:52 AM
  #10  
njkayaker
Senior Member
 
Join Date: Sep 2007
Posts: 12,267
Mentioned: 25 Post(s)
Tagged: 0 Thread(s)
Quoted: 2678 Post(s)
Liked 452 Times in 311 Posts
Originally Posted by Homebrew01 View Post
Employee_A works remotely. I got the email header and it shows it coming from Employee_A, BUT, "Reply To" shows some non_company email, Like

Reply To ''Employee_A'' <BogusEmail@GMail.com>
It's trivial to change what is used as "Employee_A".


It's not " hacking" at all.
njkayaker is offline  
Old 03-09-16, 06:43 PM
  #11  
StupidlyBrave 
Chepooka
 
StupidlyBrave's Avatar
 
Join Date: Sep 2006
Location: South Central PA
Posts: 1,173

Bikes: 1990 Trek 1400 7spd; 2001 Litespeed Arenberg 10 speed

Mentioned: 5 Post(s)
Tagged: 0 Thread(s)
Quoted: 563 Post(s)
Liked 374 Times in 238 Posts
^True, because your mail server implicitly trusts identities from other mail servers.

Very roughly, the interaction looks like this:
Code:
# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 new-host-2.home ESMTP Postfix
HELO hell.org
250 new-host-2.home
MAIL FROM:lucifer@hell.org
250 2.1.0 Ok
RCPT TO:you@here.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Well now. Welcome.
.
250 2.0.0 Ok: queued as E9F9018019A
StupidlyBrave is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.