Targeted attacks

D

dazzazzad

Expert Member
Joined
Dec 14, 2006
Messages
1,015
Reaction score
9
So I'm in Germany and my dad's company has had some serious issues. 2 weeks ago a company sent emails out from their address telling clients to pay into a new ABSA account. Dad sorted that out with the fraud team and we changed passwords.

Yesterday another email was sent out with an attachment to the address book. The secretary also admitted clicking on a dropbox link from a client yesterday and she thinks it was a fake email.

I logged into the gmail account and saw a login from Pretoria.

I changed to 2 factor login (secretary's phone). I changed the backup/linked email to my own. I changed the password (gave it to secretary via whatsapp). I removed trusted devices. I asked her to run Malwarebytes - she claims it scanned but then wanted her to upgrade to remove issues - is it not free anymore?

This morning I checked the account and when I click on last account details at the bottom everything looks fine, but when I go to account - sign in security - recently used devices, the pretoria windows login is there again this morning.

Not sure how they can be logging in now that 2 factor is in place...even with keylogging surely the pin can only be used once?

Any ideas on how to secure her PC and gmail account? And stop her from opening links/attachments that she shouldn't in future? I guess a really pro anti virus suite would be a start. Any good guys I can contact in the CT area as I obviously can't sort this out from here.
 
She installed the Pro version.

Locations are not accurate. Gmail states I'm in Hermanus right now, which I'm not.

Eset Smart Security.
 
Madman88 said:
You do know that you can use a custom domain with Gmail right?
Click to expand...

yes but why not have your own stuff, apart from gmail? doesn't seem to be secure. second instance on here the past two weeks. both involve gmail.
 
akescpt said:
yes but why not have your own stuff, apart from gmail? doesn't seem to be secure. second instance on here the past two weeks. both involve gmail.
Click to expand...

The problem is not with Gmail, the problem is with people.
 
akescpt said:
yes but why not have your own stuff, apart from gmail? doesn't seem to be secure. second instance on here the past two weeks. both involve gmail.
Click to expand...

LazyLion said:
The problem is not with Gmail, the problem is with people.
Click to expand...

Yep, do you think you would have all the security tools on your own domain? Gmail is awesome. I've been using it for almost 10 years without a security issue.
 
simm_card said:
She installed the Pro version.

Locations are not accurate. Gmail states I'm in Hermanus right now, which I'm not.

Eset Smart Security.
Click to expand...

Ah, will get her to get the free one thanks.

On location, the Pretoria computer that was connected this morning has a different IP address and she says she only connected via the work PC this morning (not her personal laptop).
 
Generally speaking, if more people would use Gmail (which has some of the most effective spam and malware filters in the world) then I wouldn't have to spend so much time removing viruses from people's computers who have clicked on fake emails infected with ransomware and phishing attacks.
 
LazyLion said:
Generally speaking, if more people would use Gmail (which has some of the most effective spam and malware filters in the world) then I wouldn't have to spend so much time removing viruses from people's computers who have clicked on fake emails infected with ransomware and phishing attacks.
Click to expand...

Does it make any difference that she doesn't use the web browser, rather her gmail account works with windows live mail.
 
akescpt said:
yes but why not have your own stuff, apart from gmail? doesn't seem to be secure. second instance on here the past two weeks. both involve gmail.
Click to expand...

Surely this billion dollar company's email service is secure
 
The other device is still logging into gmail according to the recently used devices on the accounts page in gmail but not according to the details tab at the bottom of gmail. Which one to trust?
 
dazzazzad said:
So I'm in Germany and my dad's company has had some serious issues. 2 weeks ago a company sent emails out from their address telling clients to pay into a new ABSA account. Dad sorted that out with the fraud team and we changed passwords.

Yesterday another email was sent out with an attachment to the address book. The secretary also admitted clicking on a dropbox link from a client yesterday and she thinks it was a fake email.

I logged into the gmail account and saw a login from Pretoria.

I changed to 2 factor login (secretary's phone). I changed the backup/linked email to my own. I changed the password (gave it to secretary via whatsapp). I removed trusted devices. I asked her to run Malwarebytes - she claims it scanned but then wanted her to upgrade to remove issues - is it not free anymore?

This morning I checked the account and when I click on last account details at the bottom everything looks fine, but when I go to account - sign in security - recently used devices, the pretoria windows login is there again this morning.

Not sure how they can be logging in now that 2 factor is in place...even with keylogging surely the pin can only be used once?

Any ideas on how to secure her PC and gmail account? And stop her from opening links/attachments that she shouldn't in future? I guess a really pro anti virus suite would be a start. Any good guys I can contact in the CT area as I obviously can't sort this out from here.
Click to expand...

Under Last account activity at the bottom of Gmail sign out of all sessions. Run a Security checkup. No need to pay for an AV. Just install Microsoft Security Essentials. It comes free with Windows 8 and 10.

To remove any existing viruses etc. use http://www.superantispyware.com/
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X