One of the gentlemen that works in ministry with me recently had his email account hacked.
Here are postings on this material :-
- Phishing – “How are you? I need a favor from you”
One of the steps we took immediately is for him to change his current password.
The hacker’s ability to carry on full duplex conversation over his email was sure proof that the hacker was not just spoofing his email address; he has his credentials.
His username and current password.
And, was able to connect to his email account, send, and receive emails from it.
Emails flowing directly to Archive Folder
The man is an electrical engineer and his acutely aware of normal processing.
He noticed that emails were not long coming to his in-box. Everything was been directly to his archive folder.
Let us re-route back from Archive to his Inbox.
- Access Filters
- Review each filter
- If known
- If unknown
- If known
- Using GUI
- On the top right side of the screen, please click on “Settings” link
- In the Settings panel, please click on “More Settings“
- Using URL
Review each filter
Review the count of active filters.
And, the listed filters
In our case, it appears that filters are not listed.
Reason being they are named ….
The giveaway is that under “Your Filters” we have a numeric count of
3 of 500 used
Filter – Subject
Filter – Subject – Specific Subject
Filter – From Contains
Filter – From – Specific From Address
We can see the filters are specific and that their specificity affords the hacker a bit of cover.
He is strategically hiding :-
- Emails bearing specific subjects
- Emails from specific email addresses