- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Email hacked
Posted on 6/2/25 at 3:46 pm
Posted on 6/2/25 at 3:46 pm
Is it possible to hack into an email thread? Guy that was emailing claims that he didn't say certain things in some of the emails in a long thread.
Sure enough on close inspection the emails were almost exact except for one hard to spot letter.
Example: blahblah@abcdefg.com vs bahlbah@abcdefgs.com
But they were all in one single very long thread. How is this possible?
Sure enough on close inspection the emails were almost exact except for one hard to spot letter.
Example: blahblah@abcdefg.com vs bahlbah@abcdefgs.com
But they were all in one single very long thread. How is this possible?
5
Posted on 6/2/25 at 8:31 pm to TigerGman
It’s super easy to fake an email but virtually all decent providers have a lot of safeguards against it such as requiring reverse DNS and so-forth. Thats why I have to use mailgun proxy to send email via my own domain. That way people actually get my mail.
If you got the mail, it’s very likely it came from him or someone with his password.
Oops didn’t read close enough. Who is your email provider? Sounds like an exploit. Could be a scam test if you work for a bigger company. You may have some training to do if you clicked on anything.
If you got the mail, it’s very likely it came from him or someone with his password.
Oops didn’t read close enough. Who is your email provider? Sounds like an exploit. Could be a scam test if you work for a bigger company. You may have some training to do if you clicked on anything.
This post was edited on 6/2/25 at 8:42 pm
Posted on 6/3/25 at 12:33 am to Dallaswho
quote:
Oops didn’t read close enough. Who is your email provider? Sounds like an exploit. Could be a scam test if you work for a bigger company. You may have some training to do if you clicked on anything.
No. His email was hacked. Not mine.
He even told me it's happened before.
I'm dumbfounded by this. How is it done? Switching from one email to another in the same thread?
ETA: any suggestions on where to ask, somewhere on Reddit?
If so, where on Reddit?
It's important because it's a business email, and I need to figure out if he's lying to me.
This post was edited on 6/3/25 at 5:17 am
Posted on 6/3/25 at 7:39 am to TigerGman
quote:
No. His email was hacked. Not mine.
He even told me it's happened before.
I'm dumbfounded by this. How is it done? Switching from one email to another in the same thread?
I sign into Email dot com with one account. Within that one account, I have multiple addresses I can send from or receive email to, that all go into the same mailbox. I have one for personal (Lemmy@email), one for job hunting (MrKilmister@email) another for when I bitch at the local assessment district (Youguyssuck@email) for a total of about seven email aliases. Sometimes someone will send me an email to the job inbox, and I accidentally reply from the personal. This starts injecting both email addresses into the entire conversation, and I can switch back and forth with every email.
"My email has been hacked, repeatedly" is usually code for people that email while drunk, or are just hotheaded assholes. Unfortunately, to prove it one way or the other, you're going to need access to his account (sent items with full message details, login history to see if someone accessed his account from Turkmenistan, etc.)
For a stranger to respond and try to phish you in the middle of a conversation about which they know nothing about (pipe fitting versus pipe welding or whatever) isn't impossible, but it's much less likely that the other guy being disingenuous.
Posted on 6/3/25 at 7:53 am to TigerGman
I've seen a compromised account address book where you could respond all day long to TigerGman@isp.com but the address its really going to is corpoespi@gotyourass.com...
The ONLY way it was caught was because the user CCd themselves on something and it showed as the second one on their side
The ONLY way it was caught was because the user CCd themselves on something and it showed as the second one on their side
Posted on 6/3/25 at 8:04 am to TigerGman
Anyone can send an email from any address. However they do this so they can get you to respond and it goes to the new fake address.
Emails get hacked all the time. Bad guys read said email and grab a few important ones. They then create a similar domain and then a mail account and start replying to the emails they stole. Good guys then think it is real and do stupid shite like change ACH invoice info and send bad guys money.
Emails get hacked all the time. Bad guys read said email and grab a few important ones. They then create a similar domain and then a mail account and start replying to the emails they stole. Good guys then think it is real and do stupid shite like change ACH invoice info and send bad guys money.
Posted on 6/3/25 at 8:19 am to LemmyLives
quote:
"My email has been hacked, repeatedly" is usually code for people that email while drunk, or are just hotheaded assholes. Unfortunately, to prove it one way or the other, you're going to need access to his account (sent items with full message details, login history to see if someone accessed his account from Turkmenistan, etc.)
For a stranger to respond and try to phish you in the middle of a conversation about which they know nothing about (pipe fitting versus pipe welding or whatever) isn't impossible, but it's much less likely that the other guy being disingenuous.
Ok. Good info. Thanks man. Appreciate it.
Posted on 6/3/25 at 8:45 am to TigerGman
quote:
It's important because it's a business email, and I need to figure out if he's lying to me.
As long as your inbox server has the most basic protections in place, all mail you receive is sent from an authorized account from a send mail server authorized by the sending domain for sending the mail.
If the “fake” email has a domain name with a letter changed for the obvious purpose of spoofing emails within your organization, this is a crime and the FBI should be notified.
If sender domain is within your org and your IT has purposely gone out of their way to discard even the most basic email safeguards, they need to be replaced immediately after they tell you where those emails came from.
All this said, the “hack” you are describing is extremely high effort for an outside party and has at least a $10 cost to execute. Probably the guy himself or someone he knows.
There is also a narrow window in types of hacks where a hacker could even possibly participate in a conversation but still need a fake address. One example might be someone able to see his screen but nothing else.
It sounds more than anything like IT is trying to test you or the counterparty is trying to create deniability.
Also “getting hacked” carries a lot of self accountability in most organizations and typically isn’t a good excuse.
Posted on 6/3/25 at 8:55 am to Dallaswho
quote:
If sender domain is within your org and your IT has purposely gone out of their way to discard even the most basic email safeguards, they need to be replaced immediately after they tell you where those emails came from.
All this said, the “hack” you are describing is extremely high effort for an outside party and has at least a $10 cost to execute. Probably the guy himself or someone he knows.
There is also a narrow window in types of hacks where a hacker could even possibly participate in a conversation but still need a fake address. One example might be someone able to see his screen but nothing else.
No, it's nothing like that as far as for my IT, I am My IT.
It's basic Apple mail and outlook through GoDaddy servers.
Thanks. I appreciate all the the advice. The more I learn the easier it is to call his bullshite out.
Posted on 6/3/25 at 9:27 am to LemmyLives
quote:
f it involved money, use the Cybercrimes Fraud Task Force, we got reminded to do that a couple of weeks ago by an agent.
Oh yes it does. Will do. Thanks man.
Posted on 6/3/25 at 1:59 pm to TigerGman
The TO and FROM fields of email can be spoofed. You need to look at the headers directly to see the source of the email.
The method to examine headers is depend on your client or you can dig through the logs if you have access to the server.
The method to examine headers is depend on your client or you can dig through the logs if you have access to the server.
Posted on 6/3/25 at 2:18 pm to TigerGman
quote:
Oh yes it does. Will do. Thanks man.
It was interesting, the agent was essentially begging hundreds of us to report financial crimes, no matter how small we thought they were.
From publicly facing material at the conference, this was him. He works in the Houston field office. There was a guy from the FBI that spoke as well, and did not disagree with him.
quote:
Clarke Skoby
Secret Service Agent
Posted on 6/3/25 at 3:07 pm to hob
quote:
The TO and FROM fields of email can be spoofed. You need to look at the headers directly to see the source of the email.
The method to examine headers is depend on your client or you can dig through the logs if you have access to the server.
Ok . I got to the headers but it's just a long string of numbers and letters before the .com. What do I do next?
Posted on 6/3/25 at 3:36 pm to TigerGman
The header is like the e-mails envelope. It contains information about the email’s origin, routing, authentication, and other technical details. Copy and paste the header into Grok and it will explain it to you.
Posted on 6/3/25 at 6:21 pm to TigerGman
The sending email server should be in the header. If it's a wonky server name or one with a non-us domain I'd consider it suspicious.
You can even google the server name and see if it's know for sending phish attempts.
You can even google the server name and see if it's know for sending phish attempts.
Posted on 6/3/25 at 8:08 pm to Dallaswho
I was partially wrong. A lot of servers honor the sender’s DMARC policy by default.
Microsoft
This is total gross actually. Make sure any email you receive requires the senders DMARC policy to be “strict” or “p=reject”. This was standardized 10 years ago and there is no excuse for not having this policy. Never accept an email from anyone without this policy. You won’t be the first to reject their lazy asses if legitimate I promise.
This doesn’t protect against emails from new domains if the hacker puts in the work to create one, but it’s common sense protection.
Microsoft
This is total gross actually. Make sure any email you receive requires the senders DMARC policy to be “strict” or “p=reject”. This was standardized 10 years ago and there is no excuse for not having this policy. Never accept an email from anyone without this policy. You won’t be the first to reject their lazy asses if legitimate I promise.
This doesn’t protect against emails from new domains if the hacker puts in the work to create one, but it’s common sense protection.
This post was edited on 6/3/25 at 8:11 pm
Posted on 6/5/25 at 1:30 pm to TigerGman
Appears others have you pointed in the right direction, but I have a question.
I have seen where emails get spoofed and redirected by the “hacker” making some minor change in the email address. However, how would the guy you were going back & forth with reinsert himself into the conversation? He was hacked, then “unpacked” and he just jumped back in? Makes me question if he doesn’t have a dummy account so he can pull the “I was hacked” card when his arse writes checks it can’t cash
I have seen where emails get spoofed and redirected by the “hacker” making some minor change in the email address. However, how would the guy you were going back & forth with reinsert himself into the conversation? He was hacked, then “unpacked” and he just jumped back in? Makes me question if he doesn’t have a dummy account so he can pull the “I was hacked” card when his arse writes checks it can’t cash
Page 1 of 1
Popular
Back to top
Follow TigerDroppings for LSU Football News