3. Possible Security Flaw Within Gmail & Pop Accounts

Possible Security Flaw Within Gmail & Pop Accounts

I'm going to try my best here as his is still a bit new to me:

Here is what happened. Client get's a new website. Goes to the server and creates new e-mail accounts for himself. He sets the password to something simple like "Dog" (over simplifying it here) He now has hiswebsite.com/webmail to access his e-mail accounts.

Someone found out he was using webmail and brute forced their way into his account since Webmail doesn't appear to have any type of "3 attempts and you're locked out". Once they had the password. He they went to Gmail and setup a new account with the credentials.

The way they did it was by setting up the "inbount" account first and selected the option to import all e-mail and not to leave future copies on hiswebsite.com/webmail account. Gmail doesn't notify the user that someone setup a new e-mail to take in the inbox.

Next, they setup the outbound. Gmail notifies the user that someone is trying to send mail using their e-mail and to please type the Pin Number that was e-mailed to the primary account. This pin number should have gone to hiswebsite.com/webmail but instead, it went to the newly setup Gmail account box. The attacker verified the pin number and then returned to the "inbound account settings" he edited the settings and selected the "Leave e-mail copy on the server".

Once all of this was done, our client had no idea that Gmail was literally copying the e-mails to someone else's account. He only found out after someone brought up to his attention that they were receiving e-mails from "my client" trying to get information from his clients using his e-mail account.

--- all of this could have been avoided by following basic security protocols on my client's behalf, but at the same time, I think Gmail should send out pin numbers when you're trying to setup a new account - Inbound or Outbound.

Granted, now that I'm thinking more about it, If they had his password, they could very easily erased the e-mail anyway so it doesn't have much of an effect anyway :/

/r/security Thread Parent
Previous
Next

Recently removed from /r/security

Does this sound like a hacked phone? My Firewall software is reporting multiple MITM attacks per day and My Network Monitor shows several IP addresses connecting to my network. Is this normal? Should I be worried? Cyber researchers confirm Russian government hack of Democratic National Committee

More Random Comments

I hate conformist/sheep What alt coins do you suggest investing in? A Disabled Person on Why They Dont Like the Combat Wheelchair When you are becoming depressed do you also get these kinds of memories? Seeking advice - engagement ring Malapit na akong mag-resign because of office politics $GME Daily Discussion - May 03, 2021 Teen nudges woman under train at Howth Station seeking support, wife of newly out MtF My parents and I immigrated to the US and had to wait on a waitlist. it is not fair that people from Mexico can just walk over when they feel like it to immigrate here. Please join! Hello. Came across this subreddit after some searching. I joined reddit recently and participated in the main india subreddit. Why are senseless posts like these encouraged? I am not religious or a bjp supporter but this is just too weird Anybody know if there was a car that had a generator mode? Has anyone wrongfully assumed you were dumb and in the process made themselves look really dumb? What's your story? This sign outside a small retail store