Weird Email

[Thomas M.]

Outlook 2007

We have a weird situation with one of my co-workers. He received a message
this morning that has his name in both the To and From fields. He maintains
that he did NOT send the message to himself. The message includes the names
of other people who work for my employer, but some of the names are
misspelled. There are also a number of other misspelled words in the email,
as if someone typed it quickly or if the composer of the message was not a
native English speaker.

It would be easy to think that someone is playing a joke on him. However,
my office sits behind two card access doors to which we control the access.
According to the creation date and time on the email it was created and sent
at a time when multiple people where in the room, and all report that no one
was sitting at that station. Furthermore, it is very unlikely in my opinion
that anyone broke his email password in order to play a joke on him because
where I work people get fired for that kind of thing.

We thought that maybe someone had hacked his machine, but this one message
is the only suspicious message that has gone out from his account, and he
has had no other anomalous things happen on this machine.

Proceeding on the idea that everyone is telling that truth and that no one
is lying to cover themselves on a joke, any ideas as to how this might have
happened, or how to go about finding out how this happened?

--Tom

 

[Diane Poremsky [MVP]]

did you review the message header and the smtp or exchange server logs? this
will show if it came from inside the network.

FWIW, my bet is a spammer or exploit and it came from outside the network.

--
Diane Poremsky [MVP - Outlook]
Need Help with Common Tasks? http://www.outlook-tips.net/beginner/
Outlook 2007: http://www.slipstick.com/outlook/ol2007/



Exchange Messaging Outlook newsletter:
(e-mail address removed)




You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

 

[Thomas M.]

Thanks for the suggestion. I think that we've figured out what happened.
There was a class in our training room last week and after thinking about it
for a while we thought to go check those machines. The employee in question
left a machine logged in under his own ID, and it appears that someone
spotted that and decided to sent the message as a joke. So we feel
comfortable that the how has been solved.

Now comes the who. The message that was sent sounded very ominous and
caused a number of people to expend time and effort trying to figure out
what happened. Fortunately, the machine that we think was used to send the
message sits in a card access controlled room. Apparently, someone doesn't
understand that card access systems store door history. That person has a
surprise coming.

No one will get fired over this, but someone will probably be having an
uncomfortable conversation with a supervisor in the very near future.

--Tom

did you review the message header and the smtp or exchange server logs?
this will show if it came from inside the network.

FWIW, my bet is a spammer or exploit and it came from outside the network.

--
Diane Poremsky [MVP - Outlook]
Need Help with Common Tasks? http://www.outlook-tips.net/beginner/
Outlook 2007: http://www.slipstick.com/outlook/ol2007/



Exchange Messaging Outlook newsletter:
(e-mail address removed)




You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

Outlook 2007

We have a weird situation with one of my co-workers. He received a
message this morning that has his name in both the To and From fields.
He maintains that he did NOT send the message to himself. The message
includes the names of other people who work for my employer, but some of
the names are misspelled. There are also a number of other misspelled
words in the email, as if someone typed it quickly or if the composer of
the message was not a native English speaker.

It would be easy to think that someone is playing a joke on him.
However, my office sits behind two card access doors to which we control
the access. According to the creation date and time on the email it was
created and sent at a time when multiple people where in the room, and
all report that no one was sitting at that station. Furthermore, it is
very unlikely in my opinion that anyone broke his email password in order
to play a joke on him because where I work people get fired for that kind
of thing.

We thought that maybe someone had hacked his machine, but this one
message is the only suspicious message that has gone out from his
account, and he has had no other anomalous things happen on this machine.

Proceeding on the idea that everyone is telling that truth and that no
one is lying to cover themselves on a joke, any ideas as to how this
might have happened, or how to go about finding out how this happened?

--Tom

 

[Susan]

maybe someone should get fired over something like that...that's not really
very funny...but it should also be a good lesson to the person who walked
away from the PC without logging off or locking the console...we've had some
similar incidents here, and I can tell you, it's never the same person twice
who forgets to do that...

--
Susan Conkey [MVP]

Thanks for the suggestion. I think that we've figured out what happened.
There was a class in our training room last week and after thinking about
it for a while we thought to go check those machines. The employee in
question left a machine logged in under his own ID, and it appears that
someone spotted that and decided to sent the message as a joke. So we
feel comfortable that the how has been solved.

Now comes the who. The message that was sent sounded very ominous and
caused a number of people to expend time and effort trying to figure out
what happened. Fortunately, the machine that we think was used to send
the message sits in a card access controlled room. Apparently, someone
doesn't understand that card access systems store door history. That
person has a surprise coming.

No one will get fired over this, but someone will probably be having an
uncomfortable conversation with a supervisor in the very near future.

--Tom

did you review the message header and the smtp or exchange server logs?
this will show if it came from inside the network.

FWIW, my bet is a spammer or exploit and it came from outside the
network.

--
Diane Poremsky [MVP - Outlook]
Need Help with Common Tasks? http://www.outlook-tips.net/beginner/
Outlook 2007: http://www.slipstick.com/outlook/ol2007/



Exchange Messaging Outlook newsletter:
(e-mail address removed)




You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point
your
newsreader to msnews.microsoft.com.

Outlook 2007

We have a weird situation with one of my co-workers. He received a
message this morning that has his name in both the To and From fields.
He maintains that he did NOT send the message to himself. The message
includes the names of other people who work for my employer, but some of
the names are misspelled. There are also a number of other misspelled
words in the email, as if someone typed it quickly or if the composer of
the message was not a native English speaker.

It would be easy to think that someone is playing a joke on him.
However, my office sits behind two card access doors to which we control
the access. According to the creation date and time on the email it was
created and sent at a time when multiple people where in the room, and
all report that no one was sitting at that station. Furthermore, it is
very unlikely in my opinion that anyone broke his email password in
order to play a joke on him because where I work people get fired for
that kind of thing.

We thought that maybe someone had hacked his machine, but this one
message is the only suspicious message that has gone out from his
account, and he has had no other anomalous things happen on this
machine.

Proceeding on the idea that everyone is telling that truth and that no
one is lying to cover themselves on a joke, any ideas as to how this
might have happened, or how to go about finding out how this happened?

--Tom

 

[Brian Tillman [MVP - Outlook]]

No one will get fired over this, but someone will probably be having an
uncomfortable conversation with a supervisor in the very near future.

I agree with Susan, in part. While this doesn't seem like an incident that
should get the joker fired, he's not the only one who deserves a lecture. So
does the person who left the PC unsecured.

 

[Susan]

i suppose I was a little harsh...but with so many "jokers" here to deal
with, my first reaction is "off with their heads"...i suppose it would
depend a great deal on the content of the email sent out under someone
else's name...

 

[K. Orland]

I am in the same boat. How we look at it is that another person should never
have access to your profile whether your share your password or leave your
PC unlocked/not logged off. Either action is a security breach and against
company policy. Repeated incidents lead to progressive discipline which may
lead to termination.

How I taught one user a lesson after repeated incidents without going
through HR since the user was a manager was that I walked into his (shared)
office, used his email to send a lovelorn letter to his boss (a director),
while I was on the phone with said director. The director promptly responded
to the email, asking the user to meet off the premises for coffee since they
had so much to share. It never happened again with this particular user and
we all managed to have a good laugh.

 

[Thomas M.]

I agree with Susan, in part. While this doesn't seem like an incident

that should get the joker fired, he's not the only one who deserves a
lecture. So does the person who left the PC unsecured.

Oh yes! Said employee has been lectured.

--Tom