Evidence of E-mail tampering?

At 10:03 PM last night I received a confirmation e-mail from a service provider showing that they had automatically renewed my subscription. The confirmation e-mail was legitimate and included an invoice number, my name, my user name, my address and the last four digits of a credit card. This is nothing out of the ordinary.  I’m sure that most of you get similar e-mails all the time as you go about your business shopping on the web.

Now for the scary part…

Less than 5 minutes later I received another e-mail from the same service provider notifying me that someone had requested to reset of my password. The e-mail indicated that if it wasn’t me that requested the change I should simply ignore the message and the request would time out in 48 hours.  If I did request it, all I had to do was click a link to confirm I actually made the request. The e-mail also included the IP address from which the password change request was initiated. Of course I had made no such request. I subsequently did a reverse DNS lookup on the IP address and found it was from a network in Australia! Given the timing, I think it’s obvious that this attempt to hack the account was triggered by someone intercepting the unsecured e-mail sent from the web service provider.

Even though all of this was a benign incident, it clearly demonstrates the fact that anything you send in an open e-mail can be intercepted and potentially used against you. Just another reminder that if something is really important you don’t send it via unencrypted e-mail.

If you aren’t yet using a form of encrypted e-mail (e.g. PGP, S/MIME, Voltage, HushMail, etc.) you may wish to review some of my previous posts on the topic. You may also want to review our Security Check List for other tips on reducing your security risks.