Each QuickFile account has a unique email address linked to it, which is used as a reply address. This approach helps with the deliverability of emails (e.g. when emailing an invoice to your client).
This part, in particular, makes me wonder if your client is aware this email was sent from their address. Have you asked them about this?
Yes I have and they did send another email to me with a similar attachment.
So I do believe their account may have been hacked. They are looking at it.
I assume the message I received with the invoice in it was really from 01000178c6fb9c52-0da936bc-6e52-4934-9dd5-45074819b352-000000@amazonses.com and not your system?
This was the only reason I raised the query as I didn’t know if your system used amazonsess.com to send from?
Thanks
Anthony
All our outgoing emails, and the account emails (@post.quickfile.co.uk) are handled by Amazon SES, so yes, that part is legitimate. We forward the emails to the account holder and we add a line at the top to show the original email address that sent it, like the one in your post above -
Ah, ok, so the person the invoice was sent to has a hacked email account, the hacker then used that link in the email (to the invoice) to send an email from your system, to me, with the attachment in it?
Anyone can send an email directly to your account specific email address, but they’re a mix of random letters/numbers and your QuickFile account number, so not straightforward to guess.
Chances are, if an email comes through, it’s likely to have been revealed somewhere. In your case however, it seems like it’s a direct reply. But hopefully your client can investigate this on their end too.