[AusNOG] Bigpond email abuse
ender at hostaway.net.au
Wed Jun 2 16:16:42 EST 2021
We've also seen a big uptick in these lately - that is fake replies to
historical emails stolen from a downloaded mailbox.
I've seen it affect everything from normal IMAP-style hosting, to Gsuite
accounts and Office365 tenancies.
From the ones I've personally investigated, usually it seems the victim
fell for a phishing attack and willingly supplied their credentials
somewhere - we've certainly seen accounts affected that had no previous
breach recorded on IHBP or any of the usual leak-checking sources.
Generally, they have taken (at least a partial) dump of the mailbox and
will continue to send out these 'fake replies' to historical emails for
a week or so after securing the source account.
Hope that helps clarify some things :)
Snr. Systems Administrator
HostAway Pty Ltd
More information about the AusNOG