Legacy


  1. Home
  2. Legacy
  3. Email
  4. Mailbox Compromise – Common Causes
Click here for full details

Mailbox Compromise – Common Causes

This blog post is for everyone who’s suffered a recent compromise of their mailbox security or those considering how to improve their overall mailbox security.


What is a mailbox compromise?

We define a mailbox compromise as one where the mailbox username (something@domain.ext) combined with the password for that specific mailbox, has been disclosed to a third party and/or has been used to send spam or other malicious communication.

How can a mailbox compromise occur and how to prevent?

Your username/password can be disclosed to malicious third parties through one or more of the following:

Insecure Password

  • Cause: If your password is too simple, based on a dictionary word/username/domain or otherwise not very unique or complex then you could suffer a brute force attack where malicious attacker is able to guess/verify the password and then use it for no good.
  • Resolution: Use a secure password or one based on a memorable phrase rather than word.

Non-Unique Password

  • Cause: If you use the same password for multiple services or locations, then it is possible/likely that if a third party service is compromised where the same details have been used, the same details will be checked for other exploit avenues. Most commonly, we have seen people using the same email address and password when registering for phpBB forums as their actual email address and password…
  • Resolution: Use a unique password for every service. This limits the scope/impact of any disclosure and may allow you to identify the source of any disclosure.

Compromise of Local Computer

  • Cause: Your local computer may have malware or virus either now, or at a time in the past. This software could be sending or have sent your account details to a remote location, to be used immediately or some time in the future.
  • Resolution: Use local anti-virus protection, install a firewall, be careful what you download and execute.

Compromise of Local Network

  • Cause: Your local network may have a device connected to it which is compromised, sniffing for data and relaying this to malicious parties. This can include your (A)DSL modem itself, especially Linksys.
  • Resolution: Check all devices on your local network for issues and that the firmware on your modem or wireless access points is updated to the latest versions. Ensuring you are using SSL protection on your email communications is a simple way to minimise this risk.

Insecure use on Public Network

  • Cause: Like with a compromise of a local network, public networks (particularly those in Hotels, Coffee Shops and Airports) can themselves be compromised or be configured in such a way to allow other users to snoop your email.
  • Resolution: Ensure you are using SSL protection your email communications, or for more advanced protection contact Pipe Ten about VPN solutions.

Insecure use on Internet Network

  • Cause: Between your local network and our mail server network lay other internet networks or hops which are not direct providers of either yourself or Pipe Ten. These networks/hops/providers can change frequently and their security is not guaranteed. This can result in a MitM (man in the middle attack) where the mailbox details are disclosed if not sufficiently protected.
  • Resolution: Ensure you are using SSL protection your email communications, or for more advanced protection contact Pipe Ten about VPN solutions.

How to recover from a mailbox compromise?

You’ll most likely hear of a mailbox compromise when we have changed its password after seeing unusual activity or having received spam reports. To recover from this you should:

    1. Consider and check all of the above only proceeding when sure no further insecurity exists / risks are reasonably minimised.
    2. Change your mailbox password in the hosting control panel to be something known and secure, if you used your password in more than one place you should update all passwords.
    3. Update your email client with the new password.
Click here for full details

Classification: Public
Last saved: 2023/05/17 at 10:40 by Jamie

How can we help?