Email forwarding script

A cure for all your hardware/software ailments.

Moderators: SCUMBAG, INKoRP, spud, GURU, Clan Leader

User avatar
Saratoga
Clan Leader
Posts: 1767
Joined: Tue Oct 03, 2006 10:20 pm

Email forwarding script

Postby Saratoga » Fri Feb 24, 2017 9:44 pm

Heya guys-n-gals

A friend here in Vanuatu suspects his computer has been compromised.
His wife caught a so called friend mucking around on his laptop when he was out of the office.
As confirmation of his suspicions, confidential information sent only to me was verbally referred to by a 3rd party.

My question, what and where would I look to investigate if any such forwarding script, or the like, has been installed on his computer ?
His email account is with Gmail, so its not likely any script was uploaded through a cpanel backend.

EDIT* To clarify, I do know about Gmail settings to forward emails. Are there other means to do so I should be looking for??

TIA
Cheers
In Loving Honour & Memory of =PiT= Baldrick
><((((º>`·.¸¸.·´¯`·.¸.·´¯`·.¸.·´¯`·.><((((º>
Quote="SCUMBAG" Yes Baldy was a fuckin legend and will always live on here !! =etouQ

User avatar
INKoRP
Posts: 1861
Joined: Fri Feb 10, 2012 1:43 am
Location: Perth
Contact:

Postby INKoRP » Sun Feb 26, 2017 6:59 am

Hey Dude,

Once a forwarding address has been setup it can be turned into a 'Filter' (without forwarding being turned on in the other screen) and used to send copies of all incoming/outgoing emails to one of those addresses. Check for those Filters maybe? see if there's anything suss there, assuming you haven't already?

Assuming the culprit isn't tech savvy the only other thing I can think of would require username and password knowledge and that would be to use POP/IMAP to settings to view the emails using an external app like Outlook etc.

Another way to check for evidence of illicit activity is on the bottom of most pages on the right hand side under the listed Emails, real small is:

Last account activity: 3 minutes ago
Details

Click on "Details" and see if there are any suspicious IP's or times that can be attributed solely to a 3rd party. Maybe something might point out a method/culprit?

I'd also recommend you click "Sign out all other web sessions" and then change password, just in case.

And even if it's temporary, go to the My Account by clicking the profile picture and changing the Google accounts settings to include 2 step verification. You'll need a verified mobile with cellular network access (initially) to input a 6 digit code either each login OR it can be set to remember a device for 30 days.

Anything other then that I can't help with without having access to the computer to check for processes and stuff that looks suss, even then they can be well disguised.

I think Blink or Kami would be best poised to help further.


Return to “Spud n GURU's Tech Topics”

Who is online

Users browsing this forum: No registered users and 1 guest