Thursday, September 03, 2009

e-mail identity theft?

The more I discover about my e-mail problem, the more I am convinced that I have been the victim of e-mail identity theft or at least attempted e-mail identity theft. The pieces fit together too well for it to be anything else.

First, I set up a mirror email site by forwarding all my email to another web-based server but not removing them from the original Surewest server. That way I could assume that this second site was a control site in that virtually all my email should appear on that site. I also change by Outlook settings so that my email should stay in the Surewest server even after Outlook downloaded it. After a couple of days it became clear that I was indeed losing email. But about the only difference between mail that actually made it to me and mail that didn't was whether or not I had Outlook up and running. If I did, apparently I got to the mail on my Surewest server before the thief did. If Outlook was not running such as overnight or while I was at work, the thief got the mail. When I logged by on with Outlook, there was no mail to pick up.

The obvious solution was to change my email password. As soon as I did, the Surewest server started keeping my email, indicating that the thief was not getting it. The real test will be going overnight with the computer off.

This hypothesis also is consistent with the timing of this problem and the fact that Carolyn never had the problem. On our recent Utah vacation we tried to stay in touch with the world by accessing our email accounts. Both of our hotels had Wifi but one or both of them were "unsecured networks". We could have been giving away our passwords to anyone clever enough to capture our keystrokes. I don't recall accessing any of our banks for bill paying (I don't usually worry about that during vacation) but changing our passwords all around might still be a wise thing to do.

The theft was not only preventable but the thief gave himself away by actually taking the email. If he had left it for me I would never have known that someone was messing with my email account.

Now the question is: Since I don't know who the thief is and to my knowledge have not suffered any loss, should I report this to law enforcement and, if so, to whom?

1 comment:

  1. Seems odd that someone would be phishing for keystrokes in such a remote location but it would give them time to look at things before you get back. My biggest worry is that they use your email to know which sites you use, reset your passwords, and then change the attached email accounts. Hopefully you are able to get into all your accounts still.