Someone's impersonating me to my customers

[meast]

Last week, one of my customers replied to an email I had sent them. The subject line read "Invoices" and the body was as follows:

Good Morning AP,

 

Kindly update me on payment status on the attached invoices.

 

Thank you.

 

Mark

The problem is-- I never wrote that email. I don't write like that and I never use non-descriptive one-word subject lines. The email also doesn't appear in my "sent items" either online (office.com) or in Outlook. The weirdest part is that the email had two PDF files attached-- two valid invoices which I had submitted to this customer many weeks prior-- in two totally separate emails. Other than the customer, I am the only one who has access to these files.

I asked the customer to send me the original email so I could look at the headers (attached). About halfway down, you'll notice that the message was received by "looklarson.mymailsrvr.com" and that the authenticated sender is listed as "brianeudy@looklarson.com". looklarson.com is the domain for a car dealership in Washington with which I've never had any dealings whatsoever. Further down, you'll see that the Reply-To was set to "invoiceinquiries@gmail.com". No idea who that belongs to, but a Google search turns up zero results.

Bottom line-- I am completely stumped as to how this happened and am looking for any ideas as to how to prevent it from happening again.

Thank you!

 

headers.txt

[meast]

Nobody?

[David H. Lipman]

There are a few possibilities...

• Your email was compromised
• The Headers were forged
• Your email address was harvested and then used

I am not too sure about the email Header.  It purports to be from Microsoft but the Header seems incomplete for Microsoft.  I also see an IP for RackSpace but the header's Microsoft IPv6 addresses are from Microsoft in the UK.  Thus I am leaning towards the header being forged.  Just in case... I suggest that you change your email password and make sure it is a Strong Password preferably containing 2 x Uppercase, 2 x lowercase, 2 x numbers and 2 x special characters.

If you can post the headers of a legitimate email you sent or send me and email to my Verizon address ( in my Post Signature), I can compare a legitimate email header with the attached and obtain more information. 

 

 

[Firefox]

Just to David's expert advice...

The email also looks to be one of those fake phishing scams or intended to infect the recipient. Check with your customer and verify they did not open the attachment.

[meast]

Apologies for the delay. Been out of the country.

 

David: Passwords changed and email sent. Thank you for offering to help!

Firefox: I would think the same thing, except like I mentioned, the attachments were two PDFs that I had previously sent to the recipient. I checked both documents. They were the exact ones I sent.

 

Thanks for your help!

[meast]

---

Edited May 31, 2018 by meast
Double post

[David H. Lipman]

Received email and I compared Headers and it looks like the original email had forged headers. 

 

[meast]

Which would indicate that it was not sent from my machine. Any other clues?