Password theft: a new monitoring system to protect your mailbox

Alessio Cecchi

Malware that infect computers tend to steal the login credentials of webmail users more and more often. These credentials are then used to send other emails containing spam or viruses through their providers’ SMTP servers.

Password theft does not stop in a victim’s inbox, but it usually extends to any username/password pair that the virus can locate in their computer. This can represent a major problem for both an individual user and the service provider that the credentials are connected to.

Damage to the victim

In the case of the passwords theft via email inboxes, the user wouldn’t notice anything if their credentials are used just to send spam from the provider’s SMTP. Sometimes, the user does notice. However, it may be too late and the credentials might have already been used to spy on their emails in order to implement a scam (e.g. to hijack their bank transfers.)

For such reasons, the user or their technical assistance provider should warn about these dangers in advance, so that the user is able to recognize the signs and take preventive action.

Damage to the service provider

On the email service provider’s side, password theft via a user’s mailbox is a big issue. In this case, the major risk is that the service provider may see their SMTP servers end up blacklisted. This is due to too many emails containing spam or malware being sent using the stolen credentials.

Even Qboxmail must thus defend itself against this problem. This is why our SMTP servers are equipped with an Email Security System promptly sending policies and limits, and our antispam is active on sent as well as received mail, to immediately detect anomalous activities.

Purpose: to protect users

We could have stopped here by just protecting our SMTP, but we decided to do more. We have chosen to protect users as well by alerting them as soon as anomalous activities connected to their mailboxes are detected.

Here’s why we developed the Qboxmail Account Takeover Protection system.

The Qboxmail Account Takeover Protection immediately sends a notification to the user —and their reseller, if present— when it detects anomalous activities carried out on a compromised mailbox. In addition, it also inhibits the services involved in the attack, if necessary (e.g. by disabling the SMTP service for that mailbox.)

What happened? An analysis

After notification, the user’s IT department can analyze the situation using tools made available by Qboxmail, such as ETLive, our mail tracking feature. Once the anomalous activity has been confirmed, the IT department can proceed to secure the user’s computer, change their password, and possibly rehabilitating the services blocked preventively. This self-service solution comes in handy for your business, since you won’t need to request Qboxmail’s intervention, which buys you more time to focus on something else.

Resellers and MSPs: enhance your offer of mailing services by sharing information about this IT security feature with potential customers.

Account Takeover Protection by Qboxmail is a security system that allows companies to help prevent cyber threats and reduce the risks associated with password and login credentials theft. At the same time, it offers email service resellers an additional feature to enhance their portfolio and make competitive offers to new potential customers.

We use cookies to provide you a better browsing experience, by continuing you accept their use. For more information visit the Privacy policy page.