Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: I received and odd email security notice:confused:

  1. #1
    Join Date
    Mar 2007
    Beans
    829

    I received and odd email security notice:confused:

    I received an odd email today purporting to be from a large national company, who we have done work for in the past.
    • The message identifies our company.
    • It identifies certain files related to some past projects that are claimed to be exposed on the Internet.
    • The domain is legit, the email addresses could be from that company.
    • All of the contact phone numbers are offshore.
    • The information portion of the message looked like an email but it is an image, not text.
    • As far as we know this company was not involved in the projects identified but are projects we worked on.
    • There is no information identifying the server by DNS or IP address.
    • There is no information identifying the nature of the exposure like an open port or some protocol.

    I have in the past received notices from an ISP identifying open ports, but they included specific information about the issue.

  2. #2
    Join Date
    May 2010
    Beans
    980

    Re: I received and odd email security notice:confused:

    Check email headers and if SPF failed or passed. Check the location of the IP address. Check the WHOIS of the domain.

  3. #3
    Join Date
    May 2010
    Beans
    980

    Re: I received and odd email security notice:confused:

    If in doubt, don't reply to the email but call the sender to see if they sent it or craft a new email to someone on the inside to see if they sent it.

  4. #4
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    15,494
    Distro
    Kubuntu 20.04 Focal Fossa

    Re: I received and odd email security notice:confused:

    Use the option in your mail client to show all the headers. Look at the Received entries and make sure the message came from it alleged source. First thing I do with any suspicious email is reveal all the headers. There may be SPF and DKIM headers that will provide useful clues as well.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  5. #5
    Join Date
    Mar 2007
    Beans
    829

    Re: I received and odd email security notice:confused:

    I did check the whois and the domain is legit, although it could be spoofed. I was thinking of sending something to the admin contact for the domain.

  6. #6
    Join Date
    Mar 2007
    Beans
    829

    Re: I received and odd email security notice:confused:

    Quote Originally Posted by rsteinmetz70112 View Post
    I did check the whois and the domain is legit, although it could be spoofed. I was thinking of sending something to the admin contact for the domain.
    All of the phone numbers in the email are offshore, so I'm not sure who I'd get or if they were legit. The company is big enough that I don't have a clue what verifiable number I could call to get someone who would care.

  7. #7
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    15,494
    Distro
    Kubuntu 20.04 Focal Fossa

    Re: I received and odd email security notice:confused:

    Have you looked at the headers yet?
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  8. #8
    Join Date
    Mar 2007
    Beans
    829

    Re: I received and odd email security notice:confused:

    Quote Originally Posted by ActionParsnip View Post
    Check email headers and if SPF failed or passed. Check the location of the IP address. Check the WHOIS of the domain.
    OK the IP address 207.82.80.112 it seems to be Mimecast Services Limited, and the mail was passed through prod.outlook.com
    I don't think that tells me anything.

  9. #9
    Join Date
    Sep 2014
    Location
    United States
    Beans
    362
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: I received and odd email security notice:confused:

    Quote Originally Posted by rsteinmetz70112 View Post
    OK the IP address 207.82.80.112 it seems to be Mimecast Services Limited, and the mail was passed through prod.outlook.com
    I don't think that tells me anything.
    Are you certain it wasn't forwarded from Mimecast? Sometimes that header can become difficult to follow.

    Without the full information, it's hard for us to provide much more advice.
    I'm the Sisyphus in security engineering.

    Read about 14.04 ESM and Puppet inside of Docker Containers.

  10. #10
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: I received and odd email security notice:confused:

    When in doubt, treat it like it's a live hand grenade. If it turns out that you are over‑reacting, the company in question will appreciate your abundance of caution. If the threat turns out to be real, you will have saved yourself a world of hurt.

    You state:
    Quote Originally Posted by rsteinmetz70112 View Post
    …the email addresses could be from that company…
    …so contact those email addresses. When you initiate clean virgin emails—vs clicking some "reply" button—you can be sure that it goes directly to that recipient. If you still question the veracity of the reply, then the next measure would be to simply contact your client's security department. I don't believe that any "large national company" will lightly wave off security threats these days.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •