Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

Dodgy emails, that are apparently from friends

Seek assistance with all types of tech. - computer, phone, TV, heating controls etc.
Clariman
Lemon Quarter
Posts: 3268
Joined: November 4th, 2016, 12:17 am
Has thanked: 3077 times
Been thanked: 1557 times

Dodgy emails, that are apparently from friends

#449777

Postby Clariman » October 13th, 2021, 11:20 am

From time to time I get emails that apparently come from friends that have no message or an obvious spammy message and a URL (usually something like https// .... bit.ly/xxx). I routinely just delete them and would never click on the link.

However, what does it indicate in relation to my email account or the apparent sender's email account? Does it imply that the sender's account has been hacked or does it imply that mine has and I am receiving spoofed emails?

They don't come all that often but I used to get a lot from a couple of contacts. This morning I had the first from someone else I know although the spoofed email address wasn't quite correct.

Thanks
Clariman

pje16
Lemon Half
Posts: 6050
Joined: May 30th, 2021, 6:01 pm
Has thanked: 1843 times
Been thanked: 2066 times

Re: Dodgy emails, that are apparently from friends

#449790

Postby pje16 » October 13th, 2021, 11:52 am

I get the same from time to time
It normally means been their email has become hacked, not yours
The trick for your friends to use if they use Outlook (I don't) is to create a contact using an exclamation mark, or some other punctuation mark, it will sit top of the address book and prevent the hack trawling through the rest of it

PS I use gmail, and I never get this type of spam from anyone else using that
it's quite often btinternet or hotmail (the main culprit for all sorts of nasty things)

ReformedCharacter
Lemon Quarter
Posts: 3120
Joined: November 4th, 2016, 11:12 am
Has thanked: 3591 times
Been thanked: 1509 times

Re: Dodgy emails, that are apparently from friends

#449792

Postby ReformedCharacter » October 13th, 2021, 11:59 am

Clariman wrote:From time to time I get emails that apparently come from friends that have no message or an obvious spammy message and a URL (usually something like https// .... bit.ly/xxx). I routinely just delete them and would never click on the link.

However, what does it indicate in relation to my email account or the apparent sender's email account? Does it imply that the sender's account has been hacked or does it imply that mine has and I am receiving spoofed emails?

They don't come all that often but I used to get a lot from a couple of contacts. This morning I had the first from someone else I know although the spoofed email address wasn't quite correct.

Thanks
Clariman

I get these too from time to time. It's nothing to do with you I suspect. Some years ago various viruses trawled the email contacts on an infected machine (belonging to the people who now appear to be mailing you) and these addresses ended up on spammers lists. There are two people who appear to be emailing me occasionally despite the fact that they had viruses about 20 years ago, but they still crop up infrequently. If I look at the actual senders' addresses they are something implausible and totally unrelated to the addresses that those people actually used.

RC

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Dodgy emails, that are apparently from friends

#449795

Postby Infrasonic » October 13th, 2021, 12:09 pm

If you look at the message source headers you'll see if has come from a contacts real email address or a spoofed address.
If you don't know how to analyse headers there are readers that will break it down for you...https://mxtoolbox.com/EmailHeaders.aspx

If the former they may have been hacked. As many people have contacts databases online with their email accounts then spam may start going out to their entire database. I've had this happen with a couple of my contacts and even though they regained control of their accounts and changed their passwords I still get spam that is spoofed to look like their address.

Most spam is the result of your email address just being out there 'in the wild'. If it's been involved in any data breaches then you'll be on multiple spammers lists -it's an entire industry in itself. Email isn't E2E encrypted by default.

One way to minimise it is to have multiple email addresses or aliases in front of real addresses and dump them when they become compromised.

Gmail have just issued an alert to thousands of users that they detected an intrusion attempt from a state level actor (believed to be Russian) - aimed at activists/sensitive targets but even the average user can get hit by this level of sophistication.

I've noticed quite a few Gmail addresses being used for sending spam - Gmail uses ARC forwarding authentication which helps spammers maintain their legitimacy with forwarded spam.

Google Groups is also being used - make sure you change your settings to stop you being signed up to Google Groups without express permission - the default is anyone can set up a group and add your Google account + any email addresses they have for you!

Ironically the email big players like Gmail/Outlook.com having fully certificated SPF/DKIM/DMARC email environments is helping spammers achieve inbox delivery.

If you can make your inbox exclusive so only saved contacts can achieve delivery - it does mean you'll have to check the spam folder more often.

Blocking addresses or domains confirms your address is actively managed to the spammers and will increase your spam volumes. I've done a fair bit of A/B'ing around this and it's a consistent result.

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Dodgy emails, that are apparently from friends

#449825

Postby mc2fool » October 13th, 2021, 1:53 pm

Clariman wrote:From time to time I get emails that apparently come from friends that have no message or an obvious spammy message and a URL (usually something like https// .... bit.ly/xxx). I routinely just delete them and would never click on the link.

However, what does it indicate in relation to my email account or the apparent sender's email account? Does it imply that the sender's account has been hacked or does it imply that mine has and I am receiving spoofed emails?

It could be either, or it could be that the addresses have just been "guessed" at by persistent bots which just try out masses of addresses and note any that succeed at the first check, i.e. with the receiver not rejecting it with "no such user", and then sell them in bunches to spammers.

E.g. I have my own domain and checking the email server history I see that in the past few days attempts (all failed) have been made to send to the following (non existent) addresses @mydomain.com

accounting, aguilar, alexander, alexandern, alexandra20763, alexandrafwcm, arnold.812, avery, averydd, bailey, baileyd, baileydd, ball,
barnes, barnesd, barry, barryd, barrydd, battle.corina, bell, bennett, best211, blevins, blevinsd, blevinsdd, bob, boyd, branch, brendels,
brewer, bryant, butler, butlerd, byrd, cabrera, cabreradd, cannon, cardenas, cardenasn, carolcurrenxikfw, carolcurrenxomz, cervantes,
cervantesd, chambers, chan, chandler, chann, chen, chenn, cherry, cherrynn, church, cobb, cohen, cole, coleman, colemann, conner, cook,
cooperd, coxn, craig, crawford, curry, curtis, daniel, day, dean, delgado, diaz, diazn, diaznn, dickson, dodson, dodsond, dodsondd, dotson,
dotsonn, douglas, duncan, dunn, eagle, elliott, estes, everett, farmer, flores, flowers, islah, kline, natijaid, newspapers, pwhitney,
sales, sbaghirova, schmidt, server

Each attempt comes from a different IP, all over the planet. A "let's try 'f's" bot seems to be running at the moment 'cos since I extracted that list just a few minutes ago it's been added to with: floresd, foster, fosterd, ford, fowler, frazier & francis....

Infrasonic
Lemon Quarter
Posts: 4479
Joined: November 4th, 2016, 2:25 pm
Has thanked: 644 times
Been thanked: 1260 times

Re: Dodgy emails, that are apparently from friends

#449828

Postby Infrasonic » October 13th, 2021, 2:12 pm

Another neat trick I've spotted is that some spammers are using specific IP address blocks to send to addresses on that service.
e.g Microsoft IP's to send to Microsoft email addresses (Outlook.com in my case).

I presume they are doing that as MS are unlikely to block list their own IP addresses - although they are turning up briefly on other third party block lists when I've checked, that doesn't mean MS or Google will take any notice as they have the vast majority of traffic and will rely on their own black boxed internal control lists for security.


Return to “Technology - Computers, TV, Phones etc.”

Who is online

Users browsing this forum: No registered users and 12 guests