We want to hire some professional to assess the vulnerability of our current web site.
We need to prove or disprove the following possibilities:
1. Our competitor is diverting all our new customer's email to themselves by intercepting their message sent from our web form.
2. In order for their operation to be successful they must keep me from detecting or knowing such an attack is taking place.
3. They can do so (keep this entire operation stealth) by detecting the user's ip and other rules for them to differentiate between genuine new customer and our anti-hacker engineer. such as:
1. Only intercept and redirect their email if they are from our Google Adwords account.
2. Must from a local ip.
3. Do not intercept those on my address book and those in their address book.
So that all my friends will tell me my site is not under attack.
4. Fake our SSL certificate.
Even though we are using SSL certificate, we are still not getting email from our web form while our web log clearly shows that these people been to our contact-us page.
May be I am being paranoid. But I need to prove or disprove the possibility. I need someone to replicate this situation and tell me it is possible for someone to hire a hacker to accomplish such while keeping me completely unaware.