-2

I know I don't have much info on this problem/question so I will delete if everyone downvotes or votes to close/delete.

Is it possible for someone to make an email look like I sent it simply by me opening an email from them? I'm not a IT expert so I might be asking a very stupid question.

The situation is this: my friend was accused of sending an email to everyone in his office, airing some dirty laundry of a high up exec. My friend said he didn't send it but doesn't know how to deal with the accusation from the high up exec.

At his office, there's one central computer that everyone by policy is supposed to log into 1-2x a day to check email. He said all he did was go to this computer, logged in as himself to check email per the office policy, saw this message and clicked on it. The message he clicked on/read was the exact same email everyone else received, yet he's accused to be the one who sent it because the time he logged in on the community computer was around the same time the email was to have been sent (according to some "logs"). My friend isn't technical so I don't know the mail system, OS, or network of the office.

What might have allowed someone to do this to him? For this situation, with a common community computer, I thought about a keystroke logger and after stealing his pwd, someone installing some script that executes on login. I also thought about a malicious email payload and that he got unlucky and was the first one to click on it.

Classified
  • 163
  • 2
  • 6

1 Answers1

1

Unless there's another fault, like a browser exploit, lack of AV, or something like that, a link alone can't exploit you. Maybe the email server (if it's dedicated) was hacked but that, to me, seems the least likely.

That being said, I could easily spoof an email by bouncing it off of my own server and signing it as such. A likely thing is that clicking the link triggered something saying "This is an active email." How they got contacts is a different story. Email spoofing is possible because email inherently isn't secure. Popular sites like Gmail generally alert the user if they detect email spoofing. This can often be investigated by looking at is called the "email header" or "original email". A detected email kinda looks like this in Gmail. The header should just be plaintext.

People like forensic analysts or pretty good security people (hell I probably could look at it) can look at the link, the email and tell you to a degree of accuracy what happened.

Sounds like something for your IT/Infosec guy to get involved in. Intrusions basically always comes with logs.

Michael Bailey
  • 462
  • 2
  • 12
  • Thx for the answer. I'll let my friend know what you said and to see what he can do to defend himself. We're assuming it's an inside job and that someone else has an axe to grind with the exec but didn't want to be blamed so whoever this tech savvy person is somehow aired the dirty laundry as well as place the blame on someone else. – Classified Jul 06 '15 at 03:30
  • 1
    I mean I don't see why they wouldn't investigate this honestly, shouldn't take too long to investigate. In the event they don't, however, try to get a copy of the original email from someone's account. The full one. Getting the full one depends on the email client. Are you aware of Antivirus on the machine? – Michael Bailey Jul 06 '15 at 03:33
  • 1
    Here's how to get the headers in Outlook 2010 for example. They may be different if you don't actually get them from the receiver. http://blogs.msdn.com/b/theothersteve/archive/2010/04/15/how-to-view-full-email-headers-in-outlook-2010.aspx – Michael Bailey Jul 06 '15 at 03:35
  • Not sure if there's AV on the machine but I told my friend I found it funny that EVERYONE is required to sign in on ONE machine to check email. It sounded like upper management was trying to catch someone (or set someone up). Hopefully they'll do a fair investigation. It sounded like they came out of left field with this accusation w/o showing any proof. – Classified Jul 06 '15 at 16:10
  • That is super weird. It doesn't surprise me they didn't show any proof however, because regardless of if they have any, the vaguer they are the less inclined people are to mount a defense. – Michael Bailey Jul 06 '15 at 16:24
  • Edited a clarification – Michael Bailey Jul 08 '15 at 21:37