On Tue, Sep 29, 2015 at 05:35:02AM +0000, Brian May wrote:
Somehow somebody is copying my relatives outgoing emails, replacing the contact details with their (very similar) contact details, and replacing the bank account details with their bank account details. All the other unique details in the invoice are the same and customized for the client. The attacker responds to emails to the new (but almost identical) email address that was in the email, and impersonates my relative in email conversations.
Recommendations for your relative; - Gather as much evidence as possible - Report the crime to their State/Territory Police - Consider one of the following compromised + Their mail client and/or desktop OS + Their credentials for POP/IMAP + The path to their SMTP server - From a fresh up-to-date install + Ensure they have TLS enabled for SMTP on their mail client + Ensure they have TLS enabled for POP3/IMAP + Verify that TLS has been enabled and verify that it's working + Update their password again, making sure not to "remember password" - If the Windown MUA du juor verifies S/MIME signatures by default, perhaps they could investigate the use of S/MIME rather than GPG? + Note: This would probably require a 3rd party certificate, which may or may not have a financial cost associated) ~ Joel