We use cookies
We use cookies to optimize our website. By continuing to browse the site, you agree to our use of cookies.
Control panel
  • Русский
  • Українська
  • English
  • UAH
  • USD
  • RUB
  • EUR
  • 0-800-307-307 Hotline
  • +38 (044) 392-74-33 Kiev
  • +38 (057) 728-39-00 Kharkiv
  • +38 (056) 794-38-31 Dnipro
  • +38 (032) 229-58-93 Lviv
  • +38 (048) 738-57-70 Odessa
  • +38(093) 170-15-42  Life
  • +38 (067) 400-88-44 Kievstar
  • +1(888)393-24-51  USA, Toll free
  • +44(131)507-01-14  Great Britain
  • +7 (499) 348-28-61 Moscow

2.24.3.9. Letters from oneself

There may be situations when suspicious letters arrive in mailboxes, where the same mailbox is specified as the sender where the letter came. In such letters, most often it is reported that the mailbox is allegedly hacked, and money is being extorted. The most common reasons for such situations:

To determine the most probable and suitable cause, you should check all the points in turn.

Sender spoofing is a very common situation, the solution to which is quite simple. For the domain name, within which you send and receive letters, you need to configure SPF and DMARCto protect yourself and other recipients from spoofing emails.

To determine who exactly sent the letter, check its headers... The email headers contain all the information you need to analyze. Pay attention to the servers indicated in the first block Received: in line by, they are listed from bottom to top, starting from the sender and ending with the recipient. It is important that sending from our servers will always be made from one of the domains default-host.net, and if there is none, then the letters were sent with the substitution of the sender.

Be sure to check the exact match of characters in the name of the recipient and the sender. Sometimes there may be situations with the substitution of some characters that are visually similar to each other. For example, these symbols include: 0 and O, I and l, etc. It is also worth checking for the presence of characters from other languages, for example, Latin characters can be replaced with Cyrillic ones, that is: o and about and so on. If there are any changes, use WebMail filters or blacklisted to block such senders.

Unauthorized access to the mailbox is a pretty big problem. To fix it, do the following:

  1. Change your password to the hacked mailbox and all available ones. You should change the password for all mailboxes, since due to hacking of one mailbox, it is likely that there may be access to the rest, and changing the password for all mailboxes will be a preventive measure.
  2. Run an antivirus scan the entire account. If the sites were configured to send mail via SMTP, then when the site is hacked, the password from the mailbox is likely to leak. It should also be borne in mind that the antivirus only finds previously found virus signatures. If the site was hacked with the help of new, previously not found viruses, the antivirus may not solve the problem. Also, the site may have security problems, because of which the hacking could occur without visible consequences. Such situations should be checked by the site developer by analyzing access logs to him.
  3. Check log of authorizations in the mailbox. Authorizations in the mailbox can be made from the hosting IP addresses, as well as from the IP addresses where mail clients are configured to connect to them. But it is important to understand that if the emails were sent using site scripts, then this method will not help identify such a problem.

If it was noticed that access to the mailbox was obtained, then it is important to check all devices for viruses, as well as use completely different passwords, since the password to the mailbox was like–it is obtained by intruders. We also recommend that you familiarize yourself with useful tips to protect against hacking.

When you get access to the hosting control panel, you will also get access to mailboxes. To understand if access was obtained, check for suspicious attempts to log into your account in authorizations report... Account security should be respected even if no attempts to login from third-party addresses were noticed. We advise you to read and follow the recommendations for account protection.

If you suspect that someone else may have gained access to your account, you should take appropriate action: