How do I know which mail server was compromised?
Hi everyone,
I realise this might be a bit of a noob question, but a client of mine's emails recently got intercepted, edited, and sent on to her again. The only way we found out was that the hacker had changed the bank account details on an invoice in the email. My question is, how do I find out which mail server was responsible? And how do I find out if it was an internal job or an exploit in one of the servers?
Thank you so much!