Frequently Asked Question
Has my email been intercepted and used to impersonate me?
Last Updated 7 years ago
A common question to the helpdesk, so let me answer it here and explain how this can happen.
Firstly, Email is a two party transaction, meaning that there is a sender and receipient (Sometimes more than one receipient) and an interception can be at any point in the chain but most commonly either at the sender or receipient's computer via Malware.
Malware is a type of computer virus that spreads from computer to computer often via email but sometimes via other methods and 'steals' information from that computer such as email contacts, email messages, documents, and so on. Some Malware will search the computer for things that look like credit card numbers, accounts, invoices, and so on and just steal those.
Another point of compromise, which is sometimes Malware facilitated is that the username and Password of the senders or receipients mailbox is stolen, either by Malware extracting it from the client software or by brute forcing the password by trying every possible combination over a period until its discovered. GEN protects against this type of brute force by blocking IP's who do this, but other providers especially free ones do not.
The least likely but still possible point of compromise is in the conversation between mail servers. A technique called DNS Poisoning can mis-direct emal communication to a fraudsters server, or if the receipients mail server does not support end to end encryption then email's will traver beween servers 'in the clear' meaning they are unencrypted and an agency with sufficient resources to intercept traffic at the backbone can intercept this although very unlikely.
Identifying the point of compromise requires a detailed forensic analysis of the senders and receipients mail server logfiles, email clients and computers and in many cases the cost of this is prohibitive but we can carry this out if required. Contact your account manager.
So what's the solution if you fear you've been compromised?
Well, first of all change your email password. This can be done easily by logging into the GENZone portal at www.genzone.net and then going to Options.
Mitigate any further losses by contacting anyone you suspect may be a victim or future victim and advise them accordingly.
You should ensure you have a functional antivirus solution such as GEN BSS and use that to run a full scan of your computer.
Finally, consider using something like S/MIME to validate your email's to your receipients and ensure that no one can impersonate you in the future. GEN already uses SPF and DKIM but suggest your receipients also use S/MIME, SPF and DKIM to ensure validated, uncompromised communication in the future.
Firstly, Email is a two party transaction, meaning that there is a sender and receipient (Sometimes more than one receipient) and an interception can be at any point in the chain but most commonly either at the sender or receipient's computer via Malware.
Malware is a type of computer virus that spreads from computer to computer often via email but sometimes via other methods and 'steals' information from that computer such as email contacts, email messages, documents, and so on. Some Malware will search the computer for things that look like credit card numbers, accounts, invoices, and so on and just steal those.
Another point of compromise, which is sometimes Malware facilitated is that the username and Password of the senders or receipients mailbox is stolen, either by Malware extracting it from the client software or by brute forcing the password by trying every possible combination over a period until its discovered. GEN protects against this type of brute force by blocking IP's who do this, but other providers especially free ones do not.
The least likely but still possible point of compromise is in the conversation between mail servers. A technique called DNS Poisoning can mis-direct emal communication to a fraudsters server, or if the receipients mail server does not support end to end encryption then email's will traver beween servers 'in the clear' meaning they are unencrypted and an agency with sufficient resources to intercept traffic at the backbone can intercept this although very unlikely.
Identifying the point of compromise requires a detailed forensic analysis of the senders and receipients mail server logfiles, email clients and computers and in many cases the cost of this is prohibitive but we can carry this out if required. Contact your account manager.
So what's the solution if you fear you've been compromised?
Well, first of all change your email password. This can be done easily by logging into the GENZone portal at www.genzone.net and then going to Options.
Mitigate any further losses by contacting anyone you suspect may be a victim or future victim and advise them accordingly.
You should ensure you have a functional antivirus solution such as GEN BSS and use that to run a full scan of your computer.
Finally, consider using something like S/MIME to validate your email's to your receipients and ensure that no one can impersonate you in the future. GEN already uses SPF and DKIM but suggest your receipients also use S/MIME, SPF and DKIM to ensure validated, uncompromised communication in the future.