Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

LinkedIn - compromissed again !?

Options
  • 05-12-2016 3:38pm
    #1
    rolion
    Closed Accounts Posts: 3,362 ✭✭✭


    Hi,

    Today I've started receiving Bord Gais spam emails to my DEDICATED LinkedIn email address.It can't be from another account as it has unique email address field.

    "Received: from unknown (HELO o1.7qt.s2shared.sendgrid.net) (167.89.106.76)"
    From: "Bord Gais Energy" <refund@newsletter.secondderivative.com> "

    Any one in the same boat,seems very peculliar.



    [Links to [url]httpX://tracking.secondderivative.com/wf/click?upn=bllablabladfdsfsfsfew436536terw[/url]



    Hey there!

    Please accept our sincere apologies for the recent error in your recent Bord Gais Energy bill. We are working to fix this and refund you as soon as possible.
    Customer Email: frstname surname
    Refund Amount: 57.22 Euro 

    Click here[Links to [url]httpX://tracking.secondderivative.com/wf/click?upn=bablablablbla-3D-3D_ZeIiZ1o59zkYyT-2B8HrseqQMGUmGB4Wvo7ukUx-2Fid2oThRnqR33SKILvVP0YhPoEZlY0mefNssV-2FBjcWrdRVJW0QoBarJM1TnXv7rcV2Di95YgotrEOJCWZkdDhl-[/url]
    ] to claim your refund.

    We are sorry for any inconvenience this may have caused you.

    Yours sincerely,
    Bord Gais Energy Limited


    This email is a part of Bord Gáis Energy customer support. 

    Bord Gáis Energy Limited is a registered company in Ireland.
    Our company registration number is 463078 and our registered office is One Warrington Place Dublin 2.


    Bord Gáis Energy Limiyed


Comments

  • Options
    #2
    [Deleted User]
    Posts: 0 [Deleted User]


    Is your email public on LinkedIn? Do you accept request from anybody?


  • Options
    #3
    rolion
    Closed Accounts Posts: 3,362 ✭✭✭rolion


    Deleted User wrote: »
    Is your email public on LinkedIn? Do you accept request from anybody?

    No,is not public and do not use it for anything !


  • Options
    #4
    seamus
    Registered Users Posts: 68,317 ✭✭✭✭seamus


    If that email address was in the original LinkedIn hack, then it has been made public and is being used by spammers. They don't have to be compromised a second time.


  • Options
    #5
    rolion
    Closed Accounts Posts: 3,362 ✭✭✭rolion


    Today,a second email,sent to same linkedin !!
    What i saw is that the spammer is using a dedicated bounce back account,probable to eliminate emails that are invalid !?

    Received-SPF: pass (mail1.novara.ie: SPF record at sendgrid.biz designates 167.89.106.76 as permitted sender)
    identity=mailfrom; client-ip=167.89.106.76;
    envelope-from=<bounces+4051146678-f7c3-My-LinkedIn-mail-Addres@newsletter.regina-barrett.com>;
    DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=regina-barrett.com;
    h=reply-to:from:to:subject:mime-version:content-type:content-transfer-encoding;
    s=s1; bh=fOQ4Ug3LCq2AUsNJqIDM10FBusA=; b=HeK3ZHh/BoCWy3mTzKX5kxC
    K1DYH2HjJkT15OQIkPLKn1Ie6vbBbsJ4Jkj9ZwZI/BF/CfFNUS5VZuHUEXN8S70/
    g27IJVhX68c8KDUbnMks9jp+KFRgcPiHx66lz1UkB/ZeS4sewzlEQfyJKDDDokgp
    a1+FOtBeZYyR6uS+XqW8=
    Received: by filter0152p1las1.sendgrid.net with SMTP id filter0152p1las1-2493-5847BE21-29
    2016-12-07 07:41:38.08457871 +0000 UTC
    Received: from newsletter.regina-barrett.com (83-136-253-90.uk-lon1.host.upcloud.com [83.136.253.90])
    by ismtpd0002p1lon1.sendgrid.net (SG) with ESMTP id B_QOG2DGQ3Wm6lx-9cKKUQ
    for <MyLinkedinEmailAddress>; Wed, 07 Dec 2016 07:36:37.850 +0000 (UTC)
    Reply-To: service@newsletter.regina-barrett.com

    Received: (qmail 3162 invoked by uid 399); 7 Dec 2016 08:xx:04 -0000
    Received: from unknown (HELO o1.7qt.s2shared.sendgrid.net) (167.89.106.76)

    Return-Path: <bounces+4051146678-f7c3-MyLinkeInEmailAddress@newsletter.regina-barrett.com>


    Hey there!

    Another attempt has been made at processing your current payment, but there still appears to be a problem. If further attempts are unsuccessful, this may prevent the automatic payment. To avoid interruption of your contract, update your payment information. For information on how to do that, see the link below Pay Now by Card.

    We are sorry for any inconvenience this may have caused you.

    Yours sincerely,
    Electric Ireland

    This email is a part of Electric Ireland customer support.

    Electric Ireland is a registered company in Ireland.
    Electric Ireland, PO Box 841, South City Delivery Office, Cork T12C825.

    Electric Ireland 2016


  • Options
    #6
    rolion
    Closed Accounts Posts: 3,362 ✭✭✭rolion


    Today,a second email,sent to same linkedin !!
    What i saw is that the spammer is using a dedicated bounce back account,probable to eliminate emails that are invalid !?
    Also,clickng on the HTML link,validates the email address,message and opens the hell gates !

    httpX://tracking.regina-barrett.com/wf/click?upn=somesmartsillyfcukingcodehere

    Received-SPF: pass (mail1.novara.ie: SPF record at sendgrid.biz designates 167.89.106.76 as permitted sender)
    identity=mailfrom; client-ip=167.89.106.76;
    envelope-from=<bounces+4051146678-f7c3-My-LinkedIn-mail-Addres@newsletter.regina-barrett.com>;
    DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=regina-barrett.com;
    h=reply-to:from:to:subject:mime-version:content-type:content-transfer-encoding;
    s=s1; bh=fOQ4Ug3LCq2AUsNJqIDM10FBusA=; b=HeK3ZHh/BoCWy3mTzKX5kxC
    K1DYH2HjJkT15OQIkPLKn1Ie6vbBbsJ4Jkj9ZwZI/BF/CfFNUS5VZuHUEXN8S70/
    g27IJVhX68c8KDUbnMks9jp+KFRgcPiHx66lz1UkB/ZeS4sewzlEQfyJKDDDokgp
    a1+FOtBeZYyR6uS+XqW8=
    Received: by filter0152p1las1.sendgrid.net with SMTP id filter0152p1las1-2493-5847BE21-29
    2016-12-07 07:41:38.08457871 +0000 UTC
    Received: from newsletter.regina-barrett.com (83-136-253-90.uk-lon1.host.upcloud.com [83.136.253.90])
    by ismtpd0002p1lon1.sendgrid.net (SG) with ESMTP id B_QOG2DGQ3Wm6lx-9cKKUQ
    for <MyLinkedinEmailAddress>; Wed, 07 Dec 2016 07:36:37.850 +0000 (UTC)
    Reply-To: service@newsletter.regina-barrett.com

    Received: (qmail 3162 invoked by uid 399); 7 Dec 2016 08:xx:04 -0000
    Received: from unknown (HELO o1.7qt.s2shared.sendgrid.net) (167.89.106.76)

    Return-Path: <bounces+4051634-f7c3-MyLinkeInEmailAddress@newsletter.regina-barrett.com>


    Hey there!

    Another attempt has been made at processing your current payment, but there still appears to be a problem. If further attempts are unsuccessful, this may prevent the automatic payment. To avoid interruption of your contract, update your payment information. For information on how to do that, see the link below Pay Now by Card.

    We are sorry for any inconvenience this may have caused you.

    Yours sincerely,
    Electric Ireland

    This email is a part of Electric Ireland customer support.

    Electric Ireland is a registered company in Ireland.
    Electric Ireland, PO Box 841, South City Delivery Office, Cork T12C825.

    Electric Ireland 2016


  • Advertisement
  • Options
    #7
    seamus
    Registered Users Posts: 68,317 ✭✭✭✭seamus


    These are actually compromised SendGrid accounts being used for mass spamming.

    I haven't seen that before, it's very clever because it's unlikely that a spam filter will pick it up.

    Forward the full email, including the headers to abuse@sendgrid.com

    https://sendgrid.com/report_spam/


Advertisement