jeifabdi 1 Posted March 17 Share Posted March 17 The customer reports a growing increase in malware detections in recent days in the security solution ESET Cloud Office Security, reports sending emails from the email account soporte@yumbolon.com, and this account is used to receive support emails, not for sending emails, that account is used with spyceworks for receiving support cases, the case numbers generated is very different from the numbering used in the production environment of the client. the customer changed the credentials of the account soporte@yumbolon.com, but still continues to report sending emails. The customer indicates that the polylon.com domain is not in use, but in the MXTOOLBOX tool it reports the same TXT record for both domains. The customer is concerned that the protection may have decreased protection Quote Link to comment Share on other sites More sharing options...
ESET Staff Solution product_manager_8 5 Posted March 19 ESET Staff Solution Share Posted March 19 Hi @jeifabdi, it is possible that someone is impersonating the "support" email but the real "from" address is actually different. If you have these emails in quarantine, go there, click on any one of them that says it´s coming from "support", and once you´re in the email´s detail page, you will see a link that says "show headers". If you click that, you will see the email headers and you can compare whether the "sender" field and "return path" fields are the same. If they are completely different, even on a different domain, it is likely that somebody is trying to impersonate the support sender. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.