Brian May wrote:
Hello All,
I have a windows based family member who is sending out going invoices via email, I think using a Telstra Bigbond email account.
Somehow somebody is copying my relatives outgoing emails, replacing the contact details with their (very similar) contact details, and replacing the bank account details with their bank account details. All the other unique details in the invoice are the same and customized for the client. The attacker responds to emails to the new (but almost identical) email address that was in the email, and impersonates my relative in email conversations.
Brian, I assume closing the BigPond account and openning a newone is not an option, because the old one has extensive circulation ? You're certain the attacker couldn't have just cracked the email adrress and altered configuration settings, to achieve the current exploit ? I did a quick google for "Big Pond email man-in-the-middle " nothing came up; perhaps you could you check the header details on a faked email (by getting the relative to send you an invoice); with those, on some much older email from the same relative prior to the scam ? regards Rohan McLeod