Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Platinum Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    5,646
    Thanks
    54
    Thanked 9 Times in 8 Posts

    Very strange vermin mail

    I just received an e-mail from a friend that has a Yahoo e-mail address. I responded to the e-mail pressing "reply." But it didn't got to him. It went to account-22@live.com.

    When I initiate e-mail to this person, it goes to the right e-mail address.

    Is his e-mail coming in infected, or is it something in my reply process? I've seen this address before, but no idea where it originates.

    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    I would be suspicious of the email and delete it forthwith. Send this person an email from your contacts list to see if they did indeed send you the mail. If they have been hacked it would be good for them to know as well.

    Run your AV/AM scans as well to ensure you are not infected.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,613
    Thanks
    2
    Thanked 625 Times in 558 Posts
    It it very likely that your friend's name & email address have been harvested by a spammer. Just delete the email.

    Joe

  4. #4
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,874
    Thanks
    68
    Thanked 557 Times in 505 Posts
    Your friends Email address was probably spoofed. It is very unlikely that you were infected with anything unless you clicked on a link within the email or it contained a file attachment.

    Jerry

  5. #5
    Platinum Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    5,646
    Thanks
    54
    Thanked 9 Times in 8 Posts
    Joe/Ted;

    Yea, I though maybe as well. I did send them an e-mail from my list, and will run the scan. I found the address showing in my Contacts, so it had put itself on my "Safe List" as well.

    Argh!

    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  6. #6
    Lounger
    Join Date
    Aug 2011
    Posts
    33
    Thanks
    0
    Thanked 3 Times in 3 Posts
    It is possible, even for you, to specify that your return email (what shows when someone presses reply) is different from the one you display in an inbox. It is not good practice to do this as most spammers use this. Contact your friend and make sure he does not have his outgoing emails setup this way ... trash the email for now.

  7. #7
    Platinum Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    5,646
    Thanks
    54
    Thanked 9 Times in 8 Posts
    Got it, I think. Thanks guys.

    Regards,
    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  8. #8
    Star Lounger johjue's Avatar
    Join Date
    Dec 2009
    Location
    Chicago,Illinois
    Posts
    99
    Thanks
    1
    Thanked 9 Times in 9 Posts
    A few weeks ago I received an e-mail from a friend and opened it without much thought, until I saw the message (see below). I had heard about this rather crude phishing attempt before, but had never received one. I immediately called my friend who was aware as others had already contacted him about it. His Yahoo account had been hacked and everyone in his address book had received the same e-mail. Of interest here is that "Roy" did not have a Laffndad at sbcglobal dot net account. He did have a Laffndad at yahoo dot com account, which is the account that was hacked. The "Reply to" is to Lafndad at yahoo dot com (note that one "f" is missing from "Laffndad"). So apparently the hacker accessed Roy's e-mail address book, sent e-mails to everybody in the address book with the very similar-looking sbcglobal account, and set the "Reply to" to go to a probably newly set up yahoo account, which was also very similar to Roy's actual yahoo account. Roy told me that he had received an e-mail notice the day prior, ostensibly from yahoo, saying that he needed to update his e-mail account. You can guess the rest.

    I'll have to admit that I was intensely tempted to reply to the phishing attempt just to see what the next step would be ( I really wanted to see how the attempt to get the money would be laid out), but couldn't figure out a way to safely do so, so I chickened out.

    I hope this is related enough to this topic so as not to be seen as a hijacking of this thread; that is not my intent.

    Scam1.jpg

    Please forgive my crude altering of the actual e-mail!

    John
    Last edited by johjue; 2011-08-12 at 21:30. Reason: Disable unintended e-mail links.
    Dell Inspiron 530 Intel Pentium E2180 dual core @2.00 GHz 4GB Ram Win7 64 bit

  9. #9
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    I think it's very much on target. It just shows how these people (I use that term very loosely in this case) will try anything to part hard workers from their hard earned cash. It points out the fact that we can not let our vigile down for one moment even from those people we know, because they may not take security as seriously as we do. Never automatically assume emails from people we know are safe.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  10. #10
    Platinum Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    5,646
    Thanks
    54
    Thanked 9 Times in 8 Posts
    Ted/John, I think you guys are right on target. The only reason I caught this was that the "Mail Delivery" kicked one back as undeliverable.

    I have a yahoo account, but never actually use it for anything.

    I think I recall, I could surely be wrong, that ZoneAlarm checked mail going out, but I suppose not checking each against your address book. How, without actually checking every To and From in every e-mail, can a person protect again this? As I said, this one I've seen before, so this whoever is pretty persistent.

    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  11. #11
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 932 Times in 853 Posts
    I guess there is really no way to totally protect yourself without being suspicious of every email. Checking every mail for those things you describe, AND keeping your security tools updated and enabled.
    Last edited by Medico; 2011-08-13 at 19:41.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  12. #12
    Platinum Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    5,646
    Thanks
    54
    Thanked 9 Times in 8 Posts
    I thought Ted, that "previewing" mail as in Outlook's window was pretty much the same as opening it. It's not? It's "safe"?
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  13. #13
    Platinum Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    5,646
    Thanks
    54
    Thanked 9 Times in 8 Posts

    How do I stop this?

    Guys;

    I found the e-mail address that is causing the account-22 vermin. But I'm not sure if/how to stop it.

    When I look at the address that is the "initiator" of the problem, it looks fine. If I right-click the e-mail address, everything looks as it should. But when I hit "Reply" it changes to the "account-22" address.

    So how, aside from starting a reply to the **many** emails I get daily can I stop this nasty? I'm assuming it has somehow gotten to more than just that one address, but how or how I can tell which...?

    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  14. #14
    Platinum Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    5,646
    Thanks
    54
    Thanked 9 Times in 8 Posts
    OK...

    When I looked at the properties, in the details, of one of the emails, here's what I saw/see

    Return-Path: <timothy_t1@yahoo.com>
    Delivery-Date: Sat, 14 May 2011 19:08:53 -0400
    Received: from nm8.bullet.mail.sp2.yahoo.com (nm8.bullet.mail.sp2.yahoo.com [98.139.91.78])
    by mx.perfora.net (node=mxus0) with ESMTP (Nemesis)
    id 0LvTlT-1Pcngs1jPf-010WeW for cwbillow@componentics.com; Sat, 14 May 2011 19:08:53 -0400
    Received: from [98.139.91.62] by nm8.bullet.mail.sp2.yahoo.com with NNFMP; 14 May 2011 23:08:53 -0000
    Received: from [98.139.91.41] by tm2.bullet.mail.sp2.yahoo.com with NNFMP; 14 May 2011 23:08:52 -0000
    Received: from [127.0.0.1] by omp1041.mail.sp2.yahoo.com with NNFMP; 14 May 2011 23:08:52 -0000
    X-Yahoo-Newman-Property: ymail-3
    X-Yahoo-Newman-Id: 896364.4795.bm@omp1041.mail.sp2.yahoo.com
    Received: (qmail 2573 invoked by uid 60001); 14 May 2011 23:08:52 -0000
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1305414532; bh=bLRbxPE1rJzvwnEJMIji6AV775+mg0AAEYHbl83mvmI=; h=Message-ID:X-YMail-OSG:Received:X-Mailerate:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=u2V44KqEXQMm7sscfhlnUh2Okw1gsOknA+dzoLGVI3ZnrSvw dkcmLFizn1GXG9oqIoSeMI4UmcilTCdnBRTipxZyTvxcU24ApX m/PRpJzr+3stwjP32Kl8QD99I4nrJon80d4+TtXSemLlweSLJGu/5Zp9SG1BpRIkdxaKDZqLk=
    DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
    s=s1024; d=yahoo.com;
    h=Message-ID:X-YMail-OSG:Received:X-Mailerate:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type;
    b=0SsFLHJrg+sQ4+9yPTvW0RxAYMZ15kuyyNSIx3yH37wx5UnH 11n2W2A5V/hs6VSExMK88l5efXY1NR0kZTyET3cu3L7knsdbn9eLF/jIB9bvFnz7FLCq8ucMJ/UOyyIVuNqklmMLuLJRYXuUmw9ioz+dIN4LfaymnnJvurgTdYw= ;
    Message-ID: <226015.50027.qm@web110304.mail.gq1.yahoo.com>
    X-YMail-OSG: xll7ydwVM1n7z1NEsrXVKe6oiw7l_LIKLX.VNFsadOwhMl8
    l49mn5fsmGtXcu0shV9czlO._N_bV9rMY2MBMcMAYRam.ZSLr. 9J.aVbqilV
    73zX4F3188YD9cif3vfVTph5FGZ0J45F.ga38X.kWJIp1dzayq HfTBr1f6tv
    mOPRGAkocY764wyNatbamcPIdPin6PrTGA1AWNYfTuF3Yjiu2b tq3dRqwU71
    BGE8IkzVS7C3UlQndtoIprnhVZ_vlqgSZ9HQ3wfAxhD0mEjSd6 A50wnsVjig
    9VIvueo9kuBV7_nc4_Kj1bhg4TOZPG.uG9WMlukE0q1LC_H9J3 e9hWSbeLat
    13l59Dbj95hgJzfBQEvJgOfQZFqAFgDEdWqKr2ogBeJ5bHZ42A 74sf2CPINp
    HpYNpWhLT1XaZYI.nlGkKvBv4zR2idYnHpLyJFpwINg4sqIApN n7n1K8rnk_
    6sn1gM6fbcyYhoIuv29dIcg--
    Received: from [75.210.211.2] by web110304.mail.gq1.yahoo.com via HTTP; Sat, 14 May 2011 16:08:52 PDT
    X-Mailer: YahooMailClassic/12.0.2 YahooMailWebService/0.8.111.303096
    Date: Sat, 14 May 2011 16:08:52 -0700 (PDT)
    From: timothy thornton <timothy_t1@yahoo.com>
    Reply-To: account-22@live.com
    Subject: Re: Proof-reading is a dying art
    To: Charles W Billow <cwbillow@componentics.com>
    In-Reply-To: <02f801cc11ad$c5212580$4f637080$@componentics.co m>
    MIME-Version: 1.0
    Content-Type: multipart/alternative; boundary="0-336689181-1305414532=:50027"
    Envelope-To: cwbillow@componentics.com

    So there's the account-22. but is that part of what's coming into me, or is the change happening at my end?

    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  15. #15
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    20,613
    Thanks
    2
    Thanked 625 Times in 558 Posts
    The email header is what is delivered to you. It is a normal part of any email. It is the contents that have been manipulated. As I've said before, any part of the email header is trivial to change.

    Joe

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •