browser hijacking or virus?
Hello,
I work in a computer store and I’ve dealt with many customers who think they’ve been hacked - but usually it’s just a browser extension that’s been installed that sends phishing alerts and such.
Today i had a customer come in saying her email had been hacked. she said friends are getting emails from her that she’s never sent.
went through her sent folder, no unusual activity, so at first I thought it was a case of someone spoofing her email address. except then I noticed something weird on the sent emails from today. they all had a line about the Reply to address being different than her actual email.
So as a test, we sent an email to our work - when it arrived in our inbox, the reply to email was totally different than the one it was sent from.
she has her email synced on her phone, so we tested from there as well - and it sends emails like normal, no strange fake reply to email.
I went though her email settings and didn’t see anything unusual besides an unknown device the account was logged into (we removed it promptly) … since it’s not occurring on her phone, and only from her laptop, I’m guessing it’s something in her browser. I’m running a virus removal tool on it, and double checking the browser …
but has anyone seen anything like this before? is it a hijacking via a hidden extension, or is it a virus?