Forum Discussion
ConcernedSon wrote:Today it seems scammers from Nigeria accessed my father's blueyonder email account.
I deduce this from the mail hedder containing:X-Originating-IP: 102.88.111.43
if that header is from an email message sent to your Dad, apparently from his email account, then you can check whether his email account has actually been hacked by looking for this section of the header:
X-Authenticated-Sender: xxxxxxxxxt@blueyonder.co.uk
1) If that section reports your father's email address as being the authenticated-sender then his account has definitely been hacked. That header is saying that the email really was sent from his Blueyonder email account using his email address and password.
2) On the other hand, if that X-authenticated section is missing or has a different address in it,, then the From address in the email has just been spoofed (faked) by a scammer to make it look as if the email was sent from his email account.
In that case the scammer has not accessed your father's email account even though they may have quoted a password in the email itself. They gather the passwords from third party sites that have suffered a data breach.
Coenoby
Related Content
- 4 months ago
- 10 months ago
- 2 months ago
- 5 months ago
- 3 months ago