Share this content

New dodgy email trick

Email hacker replied to my reply

Didn't find your answer?

Maybe everyone else has already experienced this but...

I received an email yesterday from a firm I did some business with a year or two ago containing a link to a remittance advice. It looked dodgy so I replied and said "er... I think maybe your email account has been hacked..."

The firm then replied and said no, we haven't been hacked at all. It's a genuine email so please click on the link to see the document.

The link looked so dodgy that I still wasn't happy and phoned them. They confirmed that their email system had indeed been hacked, and it was the hacker who had replied to my email.

That's a new one for me!

Replies (16)

Please login or register to join the discussion.

RLI
By lionofludesch
08th Aug 2017 14:07

Technology makes our lives easier.

Thanks (2)
Replying to lionofludesch:
avatar
By edhy
15th Aug 2017 11:45

Yes, and life of many criminals as well :)

Thanks (0)
By Duggimon
08th Aug 2017 14:45

Don't reply to dodgy emails! What on earth were you thinking?

If you think it's dodgy delete it, if you're not sure then send a new email or call them. Replying to the original is giving the hacker another chance to trick you, it's easy to set up an email so that the reply is sent to a different address.

Thanks (0)
Replying to Duggimon:
avatar
By mabzden
08th Aug 2017 15:15

Good point.

That said, I've just checked and the mail-to/reply address was the legitimate email address for the individual. I've received emails from that same email address before.

So the hacker must have taken over their account, or possibly the firm's email system.

Thanks (0)
Replying to mabzden:
Stepurhan
By stepurhan
08th Aug 2017 15:48

mabzden wrote:

That said, I've just checked and the mail-to/reply address was the legitimate email address for the individual. I've received emails from that same email address before.

So the hacker must have taken over their account, or possibly the firm's email system.


Not necessarily (though it appears the other firm confirmed they did in this case).

There is a common hacking technique known as "e-mail spoofing". This makes e-mails appear to come from a legitimate address when they don't. https://en.wikipedia.org/wiki/Email_spoofing

Thanks (2)
Replying to stepurhan:
avatar
By Brian Gooch
10th Aug 2017 10:13

But if you know that the 'reply to' email address is genuine then the reply email should go to that address. As mabzden said, the only way a hacker could access that is if they have hacked their email system/mail server. Spoofing alone can't divert the response to the spoofed email received.

Thanks (1)
Replying to Brian Gooch:
avatar
By richardterhorst
10th Aug 2017 11:04

No its only the appearance that looks like the genuine email address. In fact the underlying email address, which is hidden, is where it goes to.

That is how they get a sniff that you can be convinced and you will get targetted.

Nevr reply to a dodgy email however genuine it looks.

But dont take my word for it. Ask the IT guru's.

Thanks (0)
avatar
By ScribbleD
08th Aug 2017 15:01

These hacks are getting more and more sophisticated by the day. It's no surprise millions are caught out everyday. We just need to continue to be vigilant. Thank you for sharing mabzden.

Thanks (0)
avatar
By mabzden
08th Aug 2017 15:18

Yes, it seemed to be a step up from the normal spam rubbish.

Thanks (0)
Tornado
By Tornado
08th Aug 2017 15:20

Roll on MTD.

I am sure there will be no such problems with MTD and it will be perfectly safe digitalising the whole tax administration system, especially when Accountants are bypassed and the Government deals directly with the public, particularly those who are not really that digitally savvy.

Great stuff

Thanks (2)
Replying to Tornado:
avatar
By Chris Mann
08th Aug 2017 15:58

If the internet is as temperamental as today, I simply can't wait and, tomorrow, I spend the afternoon at home, waiting for Openreach to fix the home (broadband) system! How efficient is that?
As I've said before, the UK is almost a third world country, in some respects, these days. And, that saddens me.

Thanks (1)
avatar
By martinclay
10th Aug 2017 10:32

The safest way to do this is if you think the email is dodgy and you really have to reply in some way:

DO NOT reply to the email but start a new email thread by typing in the address yourself into the email. I know it is a pain to do it manually, but any other approach leaves you open to problems.

Thanks (0)
Replying to martinclay:
By SteveHa
10th Aug 2017 10:47

If the server itself has been compromised as in this case, then this wouldn't actually make a difference. The hackers would still gain access to it.

Thanks (0)
avatar
By SXGuy
13th Aug 2017 06:53

It's called email spoofing. If you had looked at the mail server or email header data you would have seen it wasn't from the real firm. Only made to look like it was. Old trick from many moons ago.

Thanks (0)
Replying to SXGuy:
avatar
By mabzden
15th Aug 2017 12:03

Email spoofing is easy to spot by spam filters, the email client or a reasonably tech-savvy recipient. An incoming message may claim to have a reply address of [email protected], but with a bit of detective work you can see it's sending to [email protected].

This example was more sophisticated, with nothing untoward in the headers or the reply address. The hacker seemed to have control of the user's account.

Thanks (0)
Replying to mabzden:
Stepurhan
By stepurhan
15th Aug 2017 13:02

mabzden wrote:

Email spoofing is easy to spot by spam filters, the email client or a reasonably tech-savvy recipient.


As you say, it is possible to spot spoofing if you are aware of it. Also, in this particular case, the actual address had been compromised.

But, for the less tech-savvy user, it is important to know that from/reply addresses can be faked. Weird e-mails should be queried by another route if there is any suspicion.

Thanks (0)
Share this content