Advertisement
How to add spoiler tags, edit posts, add images etc. How to - a user's guide to the new version of Boards
Mods please check the Moderators Group for an important update on Mod tools. If you do not have access to the group, please PM Niamh. Thanks!

Spam Mega Thread

2»

Comments



  • Vinculus wrote: »
    Thanks FSL for responding.

    I'm checking the headers of the mails now and I'm not seeing any other location other than the Uk.
    I'm used to receiving and dealing with spam but these three mails arrived within moments of each other. Starting with flight confirmation, then a booking receipt and finally a ticket number.
    They looks so much like the real thing, I'm worried they might be.
    Would contacting the company by phone not be the easiest way to check it's legitimacy?




  • Easier said than done, I would imagine. I'll go that route if I have to.




  • I just got in touch with the company and they confirmed that it was indeed spam.
    Thanks for the suggestion Blowfish.




  • Began getting emails with Apple ID...never ever owned an Apple product but they don't know that!
    Sent an email over to Peats,asking for information how my email landed on a spam list.

    Subject:

    Apple ID Expired ✔

    Headers:

    Received: from gmy2-mh.smtproutes.com (94.186.192.15) by
    email.myserver.lan with Microsoft SMTP Server id 8.1.240.5;
    Tue, 8 Dec 2015 10:22:03 +0000
    X-Katharion-ID: 1449570112.99878.gmy2-mh828 (unfiltered-unk)
    Return-Path: <[email protected]>
    Received: from seevent.ch ([46.163.71.158]) by gmy2-mh.smtproutes.com
    [(94.186.192.15)] with ESMTP via TCP; 08 Dec 2015 10:21:52 +0000
    Received: from [151.236.58.219] ([127.0.0.1]) by seevent.ch with hMailServer ;
    Tue, 8 Dec 2015 04:53:40 +0100
    From: Apple <[email protected]>
    To: "peats2011" <[email protected]>
    Subject: Apple ID Expired =?UTF-8?Q?=E2=9C=94_?=
    Message-ID: <[email protected]>
    Date: Tue, 8 Dec 2015 03:52:38 +0000
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0001_9BD889C8.61F5F84C"
    X-Priority: 3
    X-Mailer: Microsoft Office Outlook 12.0
    X-hMailServer-Spam: YES
    X-hMailServer-Reason: The host name specified in HELO does not match IP address.

    Link in the email,DO NOT OPEN OR CLICK:

    [url]httpx://redirectedme.tantes.ns11-wistee.fr/cgi-bin/connectvrif1.php[/url]

    371022.jpg




  • Would be safer to put hxxp or similar in the link to make it non-clickable but still obvious where it goes.

    Bring back the :pac: !



  • Advertisement


  • I got a fairly sophisticated "Eir" phishing email earlier.

    It used the following wording:

    Dear Customer,
    We experienced an overnight nationwide outage that impacted our broadband customers from approximately 1:30am to 3:00am. The cause of this issue is currently unknown and remains under investigation.

    As a security measure some of your information need to be updated before you can continue with our services please login to my eir (malicious link) and follow the instruction to update your account.

    Thank you for your patience during this time and apologies for the inconvenience.
    eir care
    This is an automated email so please do not reply to it as you will not receive a response.


    The email was fully branded and the above wording (with the addition of the line about logging into your account) is taken from a legitimate notice sent out by Eir of the 20th of May.




  • not sure if it is a new one (i think i've seen a variant of it before).

    395102.PNG

    Being delivered through the eircom.net mail servers too.




  • AnCatDubh wrote: »
    not sure if it is a new one (i think i've seen a variant of it before).

    395102.PNG

    Being delivered through the eircom.net mail servers too.

    Yep, it's new. The ISC flagged it up today.




  • Linkedin hacked again!??

    Go an email to my dedicated and unique linkedin email address wih Bank of Ireland content ! Very strange !



    395199.jpg



    Received: from

    Wed, 24 Aug 2016 11:22:14 +0100
    Return-Path: <[email protected]>
    Delivered-To:
    Received: (qmail 28236 invoked by uid 399); 24 Aug 2016 11:20:05 -0000
    Delivered-To: linkedin
    Received: (qmail 28230 invoked by uid 399); 24 Aug 2016 11:20:05 -0000
    Received: from unknown (HELO mta53a.sparkpostmail.com) (54.244.48.130)
    (de-)crypted with TLSv1: DHE-RSA-AES256-SHA [256/256] DN=unknown by
    mail1.myisp.ie with ESMTPS; 24 Aug 2016 12:20:05 -0000
    X-Originating-IP: 54.244.48.130
    Received-SPF: pass (mail1.myisp.ie: SPF record at _spf.sparkpostmail.com designates 54.244.48.130 as permitted sender)
    identity=mailfrom; client-ip=54.244.48.130;
    envelope-from=<[email protected]>;
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fntv.com;
    s=scph0816; t=1472041188; i=@fntv.com;
    bh=ga8atk7QEsB9WZQGUEnmDZZs09FVl/SzT8ZqLX+Xt28=;
    h=Reply-To:From:To:Subject:Date:List-Unsubscribe:List-Id;
    b=DQVmdTvDUqnA/GK6Pqu3ewvEVhVRfEM0WNYJVBNPddTyNhmafTwpVvLso46CPrTgC
    So1iBA4VVss/W3WXcW9huTaT9RZyQHO7WeX8GO3XDT/kA+6kIfHDkvlqWzZLZsBLR2
    rFrXQYaJ4ouuRiIiyKrx7pc3mB7CZfJd7bQA5AnY=
    X-MSFBL: bEbD7POqYWg71xy+GmfSu/xCdYWQYPcrGZEkZqkA1/s=|eyJ0ZW5hbnRfaWQiOiJ
    zcGMiLCJnIjoiYmdfbmV3Iiwic3ViYWNjb3VudF9pZCI6IjAiLCJpcF9wb29sIjo
    ic2hhcmVkIiwibWVzc2FnZV9pZCI6IjAwMDFlMzkwYmQ1NzIxMTAxMDgzIiwicmN
    wdF90YWdzIjpbIF0sInNlbmRpbmdfaXAiOiI1NC4yNDQuNDguMTMwIiwidGVtcGx
    hdGVfaWQiOiJzbXRwXzMwMzYyMTUxMzMxODQ1NjIxIiwicmNwdF9tZXRhIjp7fSw
    iZnJpZW5kbHlfZnJvbSI6InBvc3RtYXN0ZXJAZm50di5jb20iLCJyIjoibGlua2V
    kaW5fMjAxNEBjdHJsYWx0ZGVsZXRlLmllIiwiY3VzdG9tZXJfaWQiOiI3NzMzOCI
    sInRyYW5zbWlzc2lvbl9pZCI6IjMwMzYyMTUxMzMxODQ1NjIxIiwiaXBfcG9vbF9
    yYXciOiJuZXciLCJiIjoiaXBfNTQuMjQ0LjQ4LjEzMCIsInRlbXBsYXRlX3ZlcnN
    pb24iOiIwIn0=
    Content-Transfer-Encoding: 7bit
    Content-Type: text/html; charset="iso-8859-1"
    Authentication-Results: momentum3.platform1.us-west-2.aws.cl.messagesystems.com smtp.user=smtp_injection; auth=pass (LOGIN)
    Received: from [188.212.109.10] ([188.212.109.10:57334] helo=fntv.com) by
    momentum3.platform1.us-west-2.aws.cl.messagesystems.com (envelope-from
    <[email protected]>) (ecelerity
    4.2.24.56718 r(Core:4.2.24.5)) with ESMTPSA (cipher=AES256-SHA) id
    01/38-04129-3E09DB75; Wed, 24 Aug 2016 12:19:48 +0000
    Reply-To: [email protected]
    From: Bank of Ireland 365 Online <[email protected]>
    To: first_email.ie, second_email.ie,
    linkedinXXX
    Subject: 3D Secure Service Disabled linkedin_myemail
    Date: Wed, 24 Aug 2016 12:19:46 +0200
    Message-ID: <[email protected]>
    MIME-Version: 1.0
    List-Unsubscribe: <mailto:[email protected]?subject=unsubscribe:2IFt0wN5kKeoz3MXqh22grMueNwrlman2KwoazqbJM4~|eyAicmNwdF90byI6ICJsaW5rZWRpbl8yMDE0QGN0cmxhbHRkZWxldGUuaWUiLCAicmNwdF9tZXRhIjogInt9IiwgInJjcHRfdGFncyI6ICJbIF0iLCAiZnJpZW5kbHlfZnJvbSI6ICJwb3N0bWFzdGVyQGZudHYuY29tIiwgInRlbXBsYXRlX2lkIjogInNtdHBfMzAzNjIxNTEzMzE4NDU2MjEiLCAibWVzc2FnZV9pZCI6ICIwMDAxZTM5MGJkNTcyMTEwMTA4MyIsICJzZW5kaW5nX2lwIjogIjU0LjI0NC40OC4xMzAiLCAidGVtcGxhdGVfdmVyc2lvbiI6ICIwIiwgIm1haWxmcm9tIjogIm1zcHJ2czE9MTcwNDRkMHg3TFZBMT1ib3VuY2VzLTc3MzM4QGJvdW5jZS5mbnR2LmNvbSIsICJpcF9wb29sIjogInNoYXJlZCIsICJpcF9wb29sX3JhdyI6ICJuZXciLCAiY3VzdG9tZXJfaWQiOiAiNzczMzgiLCAic3ViYWNjb3VudF9pZCI6ICIwIiwgInRlbmFudF9pZCI6ICJzcGMiLCAidHJhbnNtaXNzaW9uX2lkIjogIjMwMzYyMTUxMzMxODQ1NjIxIiB9>




  • rolion wrote: »
    Linkedin hacked again!??

    Go an email to my dedicated and unique linkedin email address wih Bank of Ireland content ! Very strange !

    Why 'again'? Could they have got your email from the hack a few months back?


  • Advertisement


  • Why 'again'? Could they have got your email from the hack a few months back?

    That email,before hack,was _2012.I created a new email with _2014 in the name field.
    So,how the 2014 created email got in the spammers database !???

    Even more...yesterday i got an email from Netflix inform me that i failed to renew my never had service... AND at the same email.
    Send an email to GoDaddy as the domain "@fntv&quot; is registered with them.

    Peculiar world of IT...

    395506.jpg


Advertisement