0

I got an email from what I thought is my family member, when I viewed the email it said it was from "heiner@heiner-starp.de" (no idea who this is). However the label that this email is under is my mother's name.

Does this mean my email account may have been hacked? Or my mother's email?

Maldred
  • 103
  • 4
  • What do you mean by label? – dFrancisco Feb 08 '18 at 20:31
  • @SteffenUllrich but how did the spoofer know the connection between the 2 people to be able to spoof this particular relationship? – schroeder Feb 08 '18 at 20:52
  • @schroeder: one thing might be just guessing the right name. Other things might be looking at social networks for personal information. – Steffen Ullrich Feb 08 '18 at 20:55
  • @SteffenUllrich and also possible that the mom's account was breached, mined, and the data exfil'ed to another launch point. – schroeder Feb 08 '18 at 20:56
  • @schroeder: yes, it might also be the account of some other person which has received mails from both. Too much unknowns. I've excluded the hack of the mothers account mainly because the mail was obviously not sent from this account. – Steffen Ullrich Feb 08 '18 at 20:59

1 Answers1

2

An attacker can easily spoof the name appearing in the from field. This could have either been guessed, found from other information about yourself online (e.g. Social Media profile where your family is listed), or indeed someone has gotten into your Mother's email account and exported the contacts.

I would personally not think it was the latter however, as you'd think an attacker would just use the compromised Mother's email account to send the email rather than using a completely different one.

Probably best to get your Mother to change her email password anyway just in case, and set up a rule that sends all messages from the heiner email address straight to your trash.

Daleish
  • 36
  • 1
  • The mother's account is not under the attacker's control unless they take it over. Mining the data and using an account that is under the attacker's control reduces the number of complications for the attacker. – schroeder Feb 09 '18 at 17:25