Jump to content

Someone's impersonating me to my customers


Recommended Posts

Last week, one of my customers replied to an email I had sent them. The subject line read "Invoices" and the body was as follows:

Good Morning AP,

 

Kindly update me on payment status on the attached invoices.

 

Thank you.

 

Mark

The problem is-- I never wrote that email. I don't write like that and I never use non-descriptive one-word subject lines. The email also doesn't appear in my "sent items" either online (office.com) or in Outlook. The weirdest part is that the email had two PDF files attached-- two valid invoices which I had submitted to this customer many weeks prior-- in two totally separate emails. Other than the customer, I am the only one who has access to these files.

I asked the customer to send me the original email so I could look at the headers (attached). About halfway down, you'll notice that the message was received by "looklarson.mymailsrvr.com" and that the authenticated sender is listed as "brianeudy@looklarson.com". looklarson.com is the domain for a car dealership in Washington with which I've never had any dealings whatsoever. Further down, you'll see that the Reply-To was set to "invoiceinquiries@gmail.com". No idea who that belongs to, but a Google search turns up zero results.

Bottom line-- I am completely stumped as to how this happened and am looking for any ideas as to how to prevent it from happening again.

Thank you!

 

headers.txt

Link to post
Share on other sites

  • 2 weeks later...

There are a few possibilities...

  • Your email was compromised
  • The Headers were forged
  • Your email address was harvested and then used

I am not too sure about the email Header.  It purports to be from Microsoft but the Header seems incomplete for Microsoft.  I also see an IP for RackSpace but the header's Microsoft IPv6 addresses are from Microsoft in the UK.  Thus I am leaning towards the header being forged.  Just in case... I suggest that you change your email password and make sure it is a Strong Password preferably containing 2 x Uppercase, 2 x lowercase, 2 x numbers and 2 x special characters.

If you can post the headers of a legitimate email you sent or send me and email to my Verizon address ( in my Post Signature), I can compare a legitimate email header with the attached and obtain more information. 

 

 

Link to post
Share on other sites

  • 2 weeks later...

Apologies for the delay. Been out of the country.

 

David: Passwords changed and email sent. Thank you for offering to help!

Firefox: I would think the same thing, except like I mentioned, the attachments were two PDFs that I had previously sent to the recipient. I checked both documents. They were the exact ones I sent.

 

Thanks for your help!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.