| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 142380 | 2016-06-22 22:17:00 | Spam Bomb!!! | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1422305 | 2016-06-29 23:22:00 | . Somebody here might be able to interpret it and/or confirm that the coordinates listed are the actual source, but they look kosher to me. Cheers Billy 8-{) OK, heres the bottom line. You are on the internet. Spammers now have your email address . They will also send emails pretending to be you (spoofing) these spams will never go away or stop, they will only get worse. There is nothing you can do to stop it . DO NOT open spam emails to try & figure out what happening So either you have to accept it, or get a spam filter , either software or better via a 3rd party provider . Honestly, this is nothing new . Been happening to the rest of us for umpteen years now. You are lucky that its taken this long for you to be targeted in a big way. :) |
1101 (13337) | ||
| 1422306 | 2016-06-29 23:25:00 | Hi...I set up mailwasher yesterday. Have not seen any activity yet. Hope I have set it up right. PJ | Poppa John (284) | ||
| 1422307 | 2016-06-30 00:07:00 | as I said - they will most probably be spoofed, the same as the one from "yourself" was... How does 'spoofing' work? (in principle) I realise that they did not actually use my details, but I'm curious to know whether the 'countries of origin' that I extract from the headers are genuine. I had just one email yesterday, but another 4 (zip files) overnight as follows. Errol Byrd (India / Bengaluru) Hattie10 (Pakistan) Jeff Schneider (Phillipines) Luz (no location) I won't post any more of these, my principal objective was to alert members to the different modus operandi of this exploit, in particular the number of emails sent. That alone would arouse suspicions, so they must be either greedy or desperate! I note also that their operating location is walking distance from the Bangalore Cyber-Crime Police Station! I assume that the source location details in the example below are genuine. The text was extracted via Mailwasher, and I have overwritten my personal details. Return-path: <Byrd.8020@tsuhandaigaku.com> [Note: This server is hosted in the USA. Billy T] Envelope-to: james@xxxxxx. Delivery-date: Wed, 29 Jun 2016 23:18:45 +1200 Received: from nct-clb.nz ([10.253.37.253] helo=mail..net.nz) by mail-mda01.orcon.net.nz with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <Byrd.8020@tsuhandaigaku.com> ) id 1bIDW1-00086J-EV for james@; Wed, 29 Jun 2016 23:18:45 +1200 Received: from [117.198.127.236] ([117.198.127.236]) by mail.orcon.net.nz (8.14.3/8.14.3/Debian-9.4) with ESMTP id u5TBIfAg011090 for <nz>; Wed, 29 Jun 2016 23:18:42 +1200 Received: by localhost (Postfix, from userid 070) id 58968D43976; Wed, 29 Jun 2016 04:18:37 -0700 Date: Wed, 29 Jun 2016 04:18:37 -0700 From: "Errol Byrd" <Byrd.8020@tsuhandaigaku.com> To: Subject: Financial report Message-ID: <20162906041837.UJ98984@nz> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="/gmIu/uQepjydEMj" Content-Disposition: inline User-Agent: Mutt/1.5.4i X-Bayes-Prob: 0.9999 (Score 5, tokens from: xxxxxx@nz, base:default, @@RPTN) X-Spam-Score: 6.27 (******) [Hold at 8.00] RDNS_NONE:1.274,TO_NO_BRKTS_NORDNS:0.001,SPF(neutr al:0),Bayes(0.9999:5.0) X-CanIt-Geo: ip=117.198.127.236; country=IN; region=Karnataka; city=Bengaluru; latitude=12.9833; longitude=77.5833; maps.google.com X-CanItPRO-Stream: base:.nz (inherits from base:default) X-Canit-Stats-ID: 01RcziFPc - ed80927335c2 - 20160629 X-Scanned-By: CanIt (www . roaringpenguin . com) --/gmIu/uQepjydEMj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello James, I have attached the financial report you requested. Regards Errol Byrd Sales and Marketing Director --/gmIu/uQepjydEMj Content-Type: application/zip; name="james_freport_151037.zip" Content-Disposition: attachment; filename="james_freport_151037.zip" Content-Transfer-Encoding: base64 |
Billy T (70) | ||
| 1422308 | 2016-06-30 00:48:00 | Hi...I set up mailwasher yesterday. Have not seen any activity yet. Hope I have set it up right. PJWhen you setup mail washer for the first time it should pick up any current accounts you have. Once setup, when checking your email make sure you click on the mailwasher Icon NOT your email program. Mail washer opens and looks at what's on your email server, any mail that's there will show, so you can see what's waiting to come through. You tick the ones you don't want, then click on wash Mail - it deletes all the ticked mails, your email program opens and allows the ones you didn't tick to come through. Easiest way to see, is open your mail as normal, then send yourself 3-4 mails quickly, close the mail and depending on the time your isp turns them around they will show in mailwasher. You can select 3 of the 4 ( tick them) click wash mail, those 3 will disappear, and your email program should open and allow the one remaining through. The biggest mistake some people make is they click on their email program instead of Mailwasher, that's why I change the Icon on mailwasher to what ever program is being used. |
wainuitech (129) | ||
| 1422309 | 2016-06-30 01:37:00 | When you setup mail washer for the first time it should pick up any current accounts you have. Once setup, when checking your email make sure you click on the mailwasher Icon NOT your email program. Mail washer opens and looks at what's on your email server, any mail that's there will show, so you can see what's waiting to come through. You tick the ones you don't want, then click on wash Mail - it deletes all the ticked mails, your email program opens and allows the ones you didn't tick to come through. Easiest way to see, is open your mail as normal, then send yourself 3-4 mails quickly, close the mail and depending on the time your isp turns them around they will show in mailwasher. You can select 3 of the 4 ( tick them) click wash mail, those 3 will disappear, and your email program should open and allow the one remaining through. The biggest mistake some people make is they click on their email program instead of Mailwasher, that's why I change the Icon on mailwasher to what ever program is being used. I understand that better now..Thanks PJ |
Poppa John (284) | ||
| 1422310 | 2016-06-30 02:02:00 | very basically, the answer is... Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead the recipient about the origin of the message. and as you correctly note, the server is located in U.S.A. not India Actually, it's in Mountain View in Santa Clara County, California, and is one of Google's many app servers I think - Definitely owned by Google anyway (for many years) the email address " Byrd.8020@tsuhandaigaku.com " does not exist.... |
bevy121 (117) | ||
| 1422311 | 2016-06-30 03:19:00 | The only time I ever see any of it, is going into gmails server and checking the spam folder. It works very well without need for intervention from me all the time. |
pctek (84) | ||
| 1422312 | 2016-06-30 05:58:00 | This is turning into something quite different to the usual spam problems. A mate just rang me to say he had just cleared 470, that's right 470, spam e-mails from his kinect/trustpower account. Now I used to be with Kinect also, and whilst they were great early in the peace, they later went right down hill so they got the heave/ho. (Their Spam Filters blocked their own accounts/bills and they couldn't fix it as an example.) Anyway, is there any spam programme you can set up yourself? He's using Thunderbird. |
B.M. (505) | ||
| 1422313 | 2016-06-30 06:31:00 | This is turning into something quite different to the usual spam problems. A mate just rang me to say he had just cleared 470, that's right 470, spam e-mails from his kinect/trustpower account. Now I used to be with Kinect also, and whilst they were great early in the peace, they later went right down hill so they got the heave/ho. (Their Spam Filters blocked their own accounts/bills and they couldn't fix it as an example.) Anyway, is there any spam programme you can set up yourself? He's using Thunderbird. Mentioned earlier in this thread-- Mailwasher. Its manual, BUT its also better, simply because many Auto Spam filters will block Legit mails ( as you pointed out with Trustpower - in bold) With Mailwasher you can pick and choose what to let through. You can mark mails as Spam and set a auto bounce back to the sender that way they get their own rubbish back, :devil ( how sad) do it enough and they take you off their send list as they get it all back thinking its an invalid address. Just in case its never been seen, a VERY quick and rough demo linked On Mine (I use Pro) theres a few more options like able to restore deleted mails. In this demo I had opened Mailwasher, you are meant to tick the ones you want to delete, BUT I do it differently :D , since there are a LOT more usually ( 60 -100+) , I tick the "select all" then untick the ones I want to allow through. After a while you get to know whats spam and whats not just by a quick look. As you will see they all disappear apart from 1 when I click Wash Mail. What you cant see ( on purpose) is Outlook opening and that 1 mail coming through. Demo Here (www.screencast.com) |
wainuitech (129) | ||
| 1422314 | 2016-06-30 06:37:00 | The biggest mistake some people make is they click on their email program instead of Mailwasher, that's why I change the Icon on mailwasher to what ever program is being used. What a neat idea WT, excellent for 'set & forget' protection. The user still has to make a value judgement on any incoming mail that might be a bit obscure, but I've only ever deleted two or three incoming emails in error and you can always pull them back from MW's Recycle Bin. Because of the number of emails I get, I prefer to process them first in MW, delete the trash & scams, then just download the genuine mail into Outlook. Incidentally, I had figured that all the traffic was coming from the US or a similar 'almost-english' speaking country, because their names, language, and syntax were too good, however I didn't pick it as US based, but only because the messages had little if any of the classic US idiom or spelling. Cheers Billy 8-{) |
Billy T (70) | ||
| 1 2 3 4 | |||||