[AusNOG] Bigpond email abuse

Ender ender at hostaway.net.au
Wed Jun 2 16:16:42 EST 2021

We've also seen a big uptick in these lately - that is fake replies to 
historical emails stolen from a downloaded mailbox.

I've seen it affect everything from normal IMAP-style hosting, to Gsuite 
accounts and Office365 tenancies.

 From the ones I've personally investigated, usually it seems the victim 
fell for a phishing attack and willingly supplied their credentials 
somewhere - we've certainly seen accounts affected that had no previous 
breach recorded on IHBP or any of the usual leak-checking sources.

Generally, they have taken (at least a partial) dump of the mailbox and 
will continue to send out these 'fake replies' to historical emails for 
a week or so after securing the source account.

Hope that helps clarify some things :)

  Snr. Systems Administrator
  HostAway Pty Ltd

More information about the AusNOG mailing list