Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Spam Mega Thread

2»

Comments

  • Registered Users Posts: 5,112 ✭✭✭Blowfish


    Vinculus wrote: »
    Thanks FSL for responding.

    I'm checking the headers of the mails now and I'm not seeing any other location other than the Uk.
    I'm used to receiving and dealing with spam but these three mails arrived within moments of each other. Starting with flight confirmation, then a booking receipt and finally a ticket number.
    They looks so much like the real thing, I'm worried they might be.
    Would contacting the company by phone not be the easiest way to check it's legitimacy?


  • Registered Users Posts: 369 ✭✭Vinculus


    Easier said than done, I would imagine. I'll go that route if I have to.


  • Registered Users Posts: 369 ✭✭Vinculus


    I just got in touch with the company and they confirmed that it was indeed spam.
    Thanks for the suggestion Blowfish.


  • Registered Users Posts: 357 ✭✭Ctrl Alt Del


    Began getting emails with Apple ID...never ever owned an Apple product but they don't know that!
    Sent an email over to Peats,asking for information how my email landed on a spam list.

    Subject:

    Apple ID Expired ✔

    Headers:

    Received: from gmy2-mh.smtproutes.com (94.186.192.15) by
    email.myserver.lan with Microsoft SMTP Server id 8.1.240.5;
    Tue, 8 Dec 2015 10:22:03 +0000
    X-Katharion-ID: 1449570112.99878.gmy2-mh828 (unfiltered-unk)
    Return-Path: <admin_upl@costumers.com>
    Received: from seevent.ch ([46.163.71.158]) by gmy2-mh.smtproutes.com
    [(94.186.192.15)] with ESMTP via TCP; 08 Dec 2015 10:21:52 +0000
    Received: from [151.236.58.219] ([127.0.0.1]) by seevent.ch with hMailServer ;
    Tue, 8 Dec 2015 04:53:40 +0100
    From: Apple <Appie_meinfo@cotumers.com>
    To: "peats2011" <peats2011@mydomain.lan>
    Subject: Apple ID Expired =?UTF-8?Q?=E2=9C=94_?=
    Message-ID: <fa030bcb57f4be468602bbc8958749b3@ID15362>
    Date: Tue, 8 Dec 2015 03:52:38 +0000
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0001_9BD889C8.61F5F84C"
    X-Priority: 3
    X-Mailer: Microsoft Office Outlook 12.0
    X-hMailServer-Spam: YES
    X-hMailServer-Reason: The host name specified in HELO does not match IP address.

    Link in the email,DO NOT OPEN OR CLICK:

    [url]httpx://redirectedme.tantes.ns11-wistee.fr/cgi-bin/connectvrif1.php[/url]

    371022.jpg


  • Registered Users Posts: 33,650 ✭✭✭✭Hotblack Desiato
    Restaurant at the End of the Universe


    Would be safer to put hxxp or similar in the link to make it non-clickable but still obvious where it goes.

    It took a while but I don't mind. How does my body look in this light?



  • Advertisement
  • Registered Users Posts: 486 ✭✭Treepole


    I got a fairly sophisticated "Eir" phishing email earlier.

    It used the following wording:

    Dear Customer,
    We experienced an overnight nationwide outage that impacted our broadband customers from approximately 1:30am to 3:00am. The cause of this issue is currently unknown and remains under investigation.

    As a security measure some of your information need to be updated before you can continue with our services please login to my eir (malicious link) and follow the instruction to update your account.

    Thank you for your patience during this time and apologies for the inconvenience.
    eir care
    This is an automated email so please do not reply to it as you will not receive a response.


    The email was fully branded and the above wording (with the addition of the line about logging into your account) is taken from a legitimate notice sent out by Eir of the 20th of May.


  • Registered Users Posts: 6,392 ✭✭✭AnCatDubh


    not sure if it is a new one (i think i've seen a variant of it before).

    395102.PNG

    Being delivered through the eircom.net mail servers too.


  • Registered Users Posts: 1,931 ✭✭✭ItHurtsWhenIP


    AnCatDubh wrote: »
    not sure if it is a new one (i think i've seen a variant of it before).

    395102.PNG

    Being delivered through the eircom.net mail servers too.

    Yep, it's new. The ISC flagged it up today.


  • Closed Accounts Posts: 3,362 ✭✭✭rolion


    Linkedin hacked again!??

    Go an email to my dedicated and unique linkedin email address wih Bank of Ireland content ! Very strange !



    395199.jpg



    Received: from

    Wed, 24 Aug 2016 11:22:14 +0100
    Return-Path: <msprvs1=17044d0x7lva1=bounces-77338@bounce.fntv.com>
    Delivered-To:
    Received: (qmail 28236 invoked by uid 399); 24 Aug 2016 11:20:05 -0000
    Delivered-To: linkedin
    Received: (qmail 28230 invoked by uid 399); 24 Aug 2016 11:20:05 -0000
    Received: from unknown (HELO mta53a.sparkpostmail.com) (54.244.48.130)
    (de-)crypted with TLSv1: DHE-RSA-AES256-SHA [256/256] DN=unknown by
    mail1.myisp.ie with ESMTPS; 24 Aug 2016 12:20:05 -0000
    X-Originating-IP: 54.244.48.130
    Received-SPF: pass (mail1.myisp.ie: SPF record at _spf.sparkpostmail.com designates 54.244.48.130 as permitted sender)
    identity=mailfrom; client-ip=54.244.48.130;
    envelope-from=<msprvs1=17044d0x7lva1=bounces-77338@bounce.fntv.com>;
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fntv.com;
    s=scph0816; t=1472041188; i=@fntv.com;
    bh=ga8atk7QEsB9WZQGUEnmDZZs09FVl/SzT8ZqLX+Xt28=;
    h=Reply-To:From:To:Subject:Date:List-Unsubscribe:List-Id;
    b=DQVmdTvDUqnA/GK6Pqu3ewvEVhVRfEM0WNYJVBNPddTyNhmafTwpVvLso46CPrTgC
    So1iBA4VVss/W3WXcW9huTaT9RZyQHO7WeX8GO3XDT/kA+6kIfHDkvlqWzZLZsBLR2
    rFrXQYaJ4ouuRiIiyKrx7pc3mB7CZfJd7bQA5AnY=
    X-MSFBL: bEbD7POqYWg71xy+GmfSu/xCdYWQYPcrGZEkZqkA1/s=|eyJ0ZW5hbnRfaWQiOiJ
    zcGMiLCJnIjoiYmdfbmV3Iiwic3ViYWNjb3VudF9pZCI6IjAiLCJpcF9wb29sIjo
    ic2hhcmVkIiwibWVzc2FnZV9pZCI6IjAwMDFlMzkwYmQ1NzIxMTAxMDgzIiwicmN
    wdF90YWdzIjpbIF0sInNlbmRpbmdfaXAiOiI1NC4yNDQuNDguMTMwIiwidGVtcGx
    hdGVfaWQiOiJzbXRwXzMwMzYyMTUxMzMxODQ1NjIxIiwicmNwdF9tZXRhIjp7fSw
    iZnJpZW5kbHlfZnJvbSI6InBvc3RtYXN0ZXJAZm50di5jb20iLCJyIjoibGlua2V
    kaW5fMjAxNEBjdHJsYWx0ZGVsZXRlLmllIiwiY3VzdG9tZXJfaWQiOiI3NzMzOCI
    sInRyYW5zbWlzc2lvbl9pZCI6IjMwMzYyMTUxMzMxODQ1NjIxIiwiaXBfcG9vbF9
    yYXciOiJuZXciLCJiIjoiaXBfNTQuMjQ0LjQ4LjEzMCIsInRlbXBsYXRlX3ZlcnN
    pb24iOiIwIn0=
    Content-Transfer-Encoding: 7bit
    Content-Type: text/html; charset="iso-8859-1"
    Authentication-Results: momentum3.platform1.us-west-2.aws.cl.messagesystems.com smtp.user=smtp_injection; auth=pass (LOGIN)
    Received: from [188.212.109.10] ([188.212.109.10:57334] helo=fntv.com) by
    momentum3.platform1.us-west-2.aws.cl.messagesystems.com (envelope-from
    <msprvs1=17044d0x7LVA1=bounces-77338@bounce.fntv.com>) (ecelerity
    4.2.24.56718 r(Core:4.2.24.5)) with ESMTPSA (cipher=AES256-SHA) id
    01/38-04129-3E09DB75; Wed, 24 Aug 2016 12:19:48 +0000
    Reply-To: postmaster@fntv.com
    From: Bank of Ireland 365 Online <postmaster@fntv.com>
    To: first_email.ie, second_email.ie,
    linkedinXXX
    Subject: 3D Secure Service Disabled linkedin_myemail
    Date: Wed, 24 Aug 2016 12:19:46 +0200
    Message-ID: <20160824141945.ECE08F0D1A@fntv.com>
    MIME-Version: 1.0
    List-Unsubscribe: <mailto:unsubscribe@unsub.spmta.com?subject=unsubscribe:2IFt0wN5kKeoz3MXqh22grMueNwrlman2KwoazqbJM4~|eyAicmNwdF90byI6ICJsaW5rZWRpbl8yMDE0QGN0cmxhbHRkZWxldGUuaWUiLCAicmNwdF9tZXRhIjogInt9IiwgInJjcHRfdGFncyI6ICJbIF0iLCAiZnJpZW5kbHlfZnJvbSI6ICJwb3N0bWFzdGVyQGZudHYuY29tIiwgInRlbXBsYXRlX2lkIjogInNtdHBfMzAzNjIxNTEzMzE4NDU2MjEiLCAibWVzc2FnZV9pZCI6ICIwMDAxZTM5MGJkNTcyMTEwMTA4MyIsICJzZW5kaW5nX2lwIjogIjU0LjI0NC40OC4xMzAiLCAidGVtcGxhdGVfdmVyc2lvbiI6ICIwIiwgIm1haWxmcm9tIjogIm1zcHJ2czE9MTcwNDRkMHg3TFZBMT1ib3VuY2VzLTc3MzM4QGJvdW5jZS5mbnR2LmNvbSIsICJpcF9wb29sIjogInNoYXJlZCIsICJpcF9wb29sX3JhdyI6ICJuZXciLCAiY3VzdG9tZXJfaWQiOiAiNzczMzgiLCAic3ViYWNjb3VudF9pZCI6ICIwIiwgInRlbmFudF9pZCI6ICJzcGMiLCAidHJhbnNtaXNzaW9uX2lkIjogIjMwMzYyMTUxMzMxODQ1NjIxIiB9>


  • Banned (with Prison Access) Posts: 1,012 ✭✭✭2RockMountain


    rolion wrote: »
    Linkedin hacked again!??

    Go an email to my dedicated and unique linkedin email address wih Bank of Ireland content ! Very strange !

    Why 'again'? Could they have got your email from the hack a few months back?


  • Advertisement
  • Closed Accounts Posts: 3,362 ✭✭✭rolion


    Why 'again'? Could they have got your email from the hack a few months back?

    That email,before hack,was _2012.I created a new email with _2014 in the name field.
    So,how the 2014 created email got in the spammers database !???

    Even more...yesterday i got an email from Netflix inform me that i failed to renew my never had service... AND at the same email.
    Send an email to GoDaddy as the domain "@fntv&quot; is registered with them.

    Peculiar world of IT...

    395506.jpg


Advertisement