Dear all,

I am IT Support in a SI company that maintain SME IT network/mail/server. Recently I have encounter two of my client (Comp A & B/Not related) their company client (From Italy and Holland) received email from them that asked the client to update/pay to another Bank account and this particular email also contain of their previous email conversation history and attachment of their valid company letterhead, chop and signature. Luckily both of my client's client call them to double confirm only found out it is a fraud/scam mail. The sender email address looks almost identical, i.e john@abc.com.my (valid) change to john@abc.com

I am sure that their system have been hacked however I just dunno how it happen or whether it hacked to the users pc, mail server (host outside) or maybe hacked in the company client mail system. They are protected with firewall appliance on their network and kaspersky antivirus. I have scan their pc with Kaspersky antivirus, Spybot, malwarebyte, hijackthis and found nothing. Other than this, I also changed the affected users mail password. Planing to call the mail hosting tomorrow to check with them any possibility it is hacked from their side. Of course, if it was hacked from my client's client, then it is out of my control dy.

I have googled and found out most of this case happen due to hacker penetrated to the supplier mail account.

http://qualityinspection.org/china-scam-email/

Any IT security sifu or users that have experience bout this. Appreciate and many thanks for your sharing.

not necessarily need a hack to your client mail server to do this. e mail can be spoofed easily (looks like coming from company A but actually coming from the scammer) and scammer always do that (like phishing) to deceive the receiver...

heard bout it but never actually handled such a case, yet...

yeah...the last steps you need to check is hosting company. you must provided that email contents also in order for them to check.

my clients also face the same problem.

I would suggest you to add an extra security, which is email ssl certificate to encrypt the email.

Comodo email certificate is free.

duh! SSL email certificate is for sender to confirm their identity, prevent modification during transmission and prevent non recipient from reading it.

how does that prevent other people from setting a dummy name and e-mail in their email client and send it to the said client?

The email ssl certificate has to be installed in both the sender and recipient email client.

even though the scammer mimic your identity or fake your email, but without your ssl certificate installed on their device, your client will get non-encrypted email.

so they can be aware of it, since both of you have agreement to send encrypted email.

if your client did not install your ssl email certificate, they can't read the email you sent them, that's why I suggest you to use encrypted email.

Or you can consider SPF or PTR record.

btw, comodo ssl email certificate is not longer free now.

for extra information about emails scam

alll paypal users make sure u ignore email if it greet you with dear user/sir/miss or etc. this is fake email even the content look original

edi verify with paypal, it official email with greet it customers with customers name registered with paypal. Paypal also said, pls do contact them first by referring contact in its website first before do anything ask in the received email first