Assume Mallory knows the server, username and password that Alice uses to send email via smtp. Can Mallory read Alice’s email? Does it depend on the specific system or configuration?
First of all, I have thoroughly read the answers to the following questions and none of them answer my queries:
- Can Google Chrome read/scan my ProtonMail inbox page?
- Can my IT department read my Google Hangouts chats while at work?
- Does company email can access hangouts and private emails?
I am a student at one of the highest ranking universities of the UK (even though I avoid giving much credence to rankings). A couple of days ago, someone found a way to send emails to every single student, masquerading as the Vice Chancellor (the emails appeared to be from his own university email address).
The email body was basically a silly hoax, appearing to have been executed by teenagers (“Dear students, just got off the phone with the prime minister, the University of [censored] will close indefinitely, exams are cancelled, go out and party, etc“).
The same day after a few hours, all the received emails had been deleted from all of our inboxes; a few people had replied to that email though and still had the original ‘hoax’ email. The next day, the email they had sent was deleted as well.
The University evidently has access to our email accounts, but:
- Are they allowed to Access/View/Edit out accounts?
- Is this legal?
- Do I have any say in it? As in, can I refuse using the University email for any type of correspondence and can I demand that they contact me only through my personal email address? If not, is there any way I can preserve my privacy?
- If this was not disclosed clearly to any form of “Terms & Conditions” that I agree to by studying here, then what are my rights?
- Does GDPR have any effect here, or is the university allowed to do whatever they feel like?
- What else do they possibly have access to?
The university uses Office365 (Outlook).
I understand that generally email communication is insecure by default and would like to know if its possible to setup email servers so that the emails get encrypted when sent between hosts.
I want to know if there is actually a way to include personal information in emails and keep it secure in a Business to Business Scenario (B2B). This usually involves a scenario where and email is generally generated or typed that gives instructions on who to contact or follow up with. It is intended for a human to read and not intended to be processed by a machine
I’d also appreciate any relevant explanation particularly details of commonly known approaches so that i can investigate further. Even if its at the level of a pattern and common strengths and weaknesses.
So, I have Google alerts set for a few words, and one of these alerts had a link to the site “chatsosedi.ru” which I opened. I found out the site isn’t https. I clicked on it before realizing. Is it safe, & what can I do to secure my email and phone now? Thanks
Do E-Mail proxy services exists to improve privacy and security?
Privacy in the sense that one wouldn’t need to give a website his/her username (possibly even in the email@example.com form) and in a security sense that the used e-mail couldn’t be used to log into the e-mail service (thereby making it useless for a leaked password, because the e-mail address couldn’t be used to login).
firstname.lastname@example.org could be someone’s e-mail. If there were a Google Privacy/Proxy service then one could generate as many random e-mails as possible and if one would be sent spam to, or leaked, it could be disabled:
could both redirect mail to email@example.com.
One could be blocked/disabled/removed if wanted without abandoning the real account (e.g. because
firstname.lastname@example.org has been compromised or spam is being sent to it).
Would it really improve security and privacy? Or am I missing something?
And does such a service exist? (as a bonus, replying from such proxy e-mails would be even better, converting the real account
from field to the proxy mail address)
I keep on receiving email which is intend to be received by a gmail id similar to be mine, with no dots(.) in gmail id of other party. For example : my email id is email@example.com the inbox of above email ids, get emails intended to be received by firstname.lastname@example.org
Question 1: The other party will also be receiving my emails ? Question 2: How can i get rid of this problem?
Just before Christmas I received the following message in one of my GMail accounts:
Sign-in attempt was blocked
********@gmail.com [redacted by me]
Someone just used your password to try to sign into your account. Google blocked them, but you should check what happened.
I signed into that account and looked at the activity (not by clicking the link in the message, of course) and indeed there was a sign in attempt blocked from the Philippines.
I gather this means that an attacker entered the correct user name and password for my account, but was likely blocked because they couldn’t pass the MFA challenge. Or maybe Google’s fraud detection is actually decent and it knows I’ve never been to the Philippines? Either way, I immediately changed the password and (as far as I know) the attacker didn’t gain control of the account.
However, in the 2 weeks since then, I have received several email verification requests from various online services that I never signed up for — Spotify, OKCupid, a Nissan dealership in Pennsylvania (that one’s interesting), and a few others I’ve never heard of before. Someone out there is actively using my GMail address to enroll for these services.
The account in question is not my main account, and while the password on it was admittedly weak, it was also unique (I never used it on anything else). I changed it to a password that’s much stronger now.
Should I be concerned about this?
Also, if the attacker didn’t gain control of the account, why use it to enroll in all these services?
In the case of social engineering attack vector is an email sent with a malicious attachment like XSL file, I am not really understanding where we will need Sandbox solution if we can just use CDR (content disarm and reconstruction) solution (in many cases much cheaper for organization)
the Email Scraper (Crawl Loaded List) does not work anymore.
This happens: Work threads running goes down from 100 to 1. Sites in queue varies between 40 and 370.
I have a URL list to process of 99 (depth level 2).
What could be the reason?
I want to create a function/module that corrects common email typos on new orders.
For example to auto correct gmail.con, hotmail.con to .com, and many many more common typos.
Is there any hook or filter that user data, specifically email address, is passed through on new order creation, so that we can modify it before it’s inserted into the database?