There may be situations when suspicious letters arrive in mailboxes, where the same mailbox is specified as the sender where the letter came. In such letters, most often it is reported that the mailbox is allegedly hacked, and money is being extorted. The most common reasons for such situations:
To determine the most probable and suitable cause, you should check all the points in turn.
Sender spoofing is a very common situation, the solution to which is quite simple. For the domain name, within which you send and receive letters, you need to configure SPF and DMARCto protect yourself and other recipients from spoofing emails.
To determine who exactly sent the letter, check its headers... The email headers contain all the information you need to analyze. Pay attention to the servers indicated in the first block Received:
in line by
, they are listed from bottom to top, starting from the sender and ending with the recipient. It is important that sending from our servers will always be made from one of the domains default-host.net
, and if there is none, then the letters were sent with the substitution of the sender.
Be sure to check the exact match of characters in the name of the recipient and the sender. Sometimes there may be situations with the substitution of some characters that are visually similar to each other. For example, these symbols include: 0
and O
, I
and l
, etc. It is also worth checking for the presence of characters from other languages, for example, Latin characters can be replaced with Cyrillic ones, that is: o
and about
and so on. If there are any changes, use WebMail filters or blacklisted to block such senders.
Unauthorized access to the mailbox is a pretty big problem. To fix it, do the following:
If it was noticed that access to the mailbox was obtained, then it is important to check all devices for viruses, as well as use completely different passwords, since the password to the mailbox was like–it is obtained by intruders. We also recommend that you familiarize yourself with useful tips to protect against hacking.
When you get access to the hosting control panel, you will also get access to mailboxes. To understand if access was obtained, check for suspicious attempts to log into your account in authorizations report... Account security should be respected even if no attempts to login from third-party addresses were noticed. We advise you to read and follow the recommendations for account protection.
If you suspect that someone else may have gained access to your account, you should take appropriate action: