Phishing scheme?

classic Classic list List threaded Threaded
17 messages Options
Reply | Threaded
Open this post in threaded view
|

Phishing scheme?

sinarades
I have recently received four suspect emails — three from one friend and one from another

They are addressed to me.  They do not use the friend’s email address, but random addresses that I do not recognize.  The body of the message always contains text and a clickable link.  I have never followed the links.

This obviously seems like a phishing situation.  When I’ve sent a screen shot to my friends,  their reaction has been “Meh, this is not from me”.  The friends are both in my contact list and are FaceBook friends.

My question is who has been hacked?  My friends or me?

Thanks, 

Nathan Duke



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Dave Scocca

> On Oct 20, 2016, at 5:24 PM, [hidden email] wrote:
>
> My question is who has been hacked?  My friends or me?

 Neither of you, probably. The scammers used Facebook or some other means to associate the friend's name with your email. You can put any "name" you want with an email address, so they used this knowledge to increase the likelihood that you would click the link.

This is why, when the OS tries to be clever about detecting data in your email, needs to be cautious: it is far more common that a bad guy is trying to fool you into thinking a message is from your friend than that your friend has actually changed email addresses.

Dave



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Lynne Adema-2
In reply to this post by sinarades

Good question, It could go either way. I would suggest you change your email account password.


On 10/20/2016 4:24 PM, [hidden email] wrote:
I have recently received four suspect emails — three from one friend and one from another

They are addressed to me.  They do not use the friend’s email address, but random addresses that I do not recognize.  The body of the message always contains text and a clickable link.  I have never followed the links.

This obviously seems like a phishing situation.  When I’ve sent a screen shot to my friends,  their reaction has been “Meh, this is not from me”.  The friends are both in my contact list and are FaceBook friends.

My question is who has been hacked?  My friends or me?

Thanks, 

Nathan Duke



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

-- 
Lynne Adema
When we meet what we're afraid of, we find out what we're made of.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Marilyn Matty
In reply to this post by sinarades

---- [hidden email] wrote:
> I have recently received four suspect emails — three from one friend and one from another
>
> They are addressed to me.  They do not use the friend’s email address, but random addresses that I do not recognize.  The body of the message always contains text and a clickable link.  I have never followed the links.
>
> This obviously seems like a phishing situation.  When I’ve sent a screen shot to my friends,  their reaction has been “Meh, this is not from me”.  The friends are both in my contact list and are FaceBook friends.
>
> My question is who has been hacked?  My friends or me?

If you were hacked, the chances are that you'd be getting spoofed addresses sent with at least almost all of the names in from your contacts. You've a gmail addy, and if gmail or Facebook was hacked, we'd have heard about it already.

It could be a third party; names can be harvested from forwarded emails. If your friends are being hacked, they'd have been hearing from more than just you.

Marilyn



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Al Varnell
In reply to this post by sinarades
Usually one of your friends who's e-mail account contacts have been compromised. Also usually not a phishing attempt, just expose you to advertising of some sort. The sender gets paid when you click the link, whether you buy anything or not.

Sent from Janet's iPad

-Al-

On Oct 20, 2016, at 2:24 PM, sinarades wrote:
I have recently received four suspect emails — three from one friend and one from another

They are addressed to me.  They do not use the friend’s email address, but random addresses that I do not recognize.  The body of the message always contains text and a clickable link.  I have never followed the links.

This obviously seems like a phishing situation.  When I’ve sent a screen shot to my friends,  their reaction has been “Meh, this is not from me”.  The friends are both in my contact list and are FaceBook friends.

My question is who has been hacked?  My friends or me?

Thanks, 

Nathan 



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Charles Hawkins
I’m not sure this is the same sort of thing or not, but…

I received *two* friend invitations from an acquaintance who (1) I was already frineds with and (2) had passed away over a year prior to the invitations!

I don’t recall now whether there were links in the message other than to FB itself, but needless to say I didn’t follow any!

Chuck

On Oct 20, 2016, at 6:23 PM, Al Varnell <[hidden email]> wrote:

Usually one of your friends who's e-mail account contacts have been compromised. Also usually not a phishing attempt, just expose you to advertising of some sort. The sender gets paid when you click the link, whether you buy anything or not.

Sent from Janet's iPad

-Al-

On Oct 20, 2016, at 2:24 PM, sinarades wrote:
I have recently received four suspect emails — three from one friend and one from another

They are addressed to me.  They do not use the friend’s email address, but random addresses that I do not recognize.  The body of the message always contains text and a clickable link.  I have never followed the links.

This obviously seems like a phishing situation.  When I’ve sent a screen shot to my friends,  their reaction has been “Meh, this is not from me”.  The friends are both in my contact list and are FaceBook friends.

My question is who has been hacked?  My friends or me?

Thanks, 

Nathan 


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____

Charles E. Hawkins                                  Ask Questions
Professor Emeritus of Physics                Seek Answers
Department of Physics and Geology       Question the Answers
Northern Kentucky University Question the Questions
Highland Heights, Kentucky
Phone:    859-572-0925
FAX:        859-572-6092




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Rodney
In reply to this post by Al Varnell

On Oct 21, 2016, at 00:23, Al Varnell <[hidden email]> wrote:

Also usually not a phishing attempt, just expose you to advertising of some sort.

Maybe usually, but certainly not always. Yes, I get the occasional, “You won’t believe this great web site I found!” However, I’ve also gotten messages similar to, “I’m in London, and I was robbed. My money and credit cards were stolen. Could you send me $2,000 so I can get home?”

That particular example had a friend’s valid email address as the “From” address, although a look at the smtp headers showed that the message didn’t originate with her ISP. It was conceivable that she could have been in London, but I knew the message was false because it didn’t mention my name, and I did not know her nearly well enough for her to ask me for money. It turns out that she had gotten a virus. Many of her other friends and family received similar messages, and some of them did know her well enough for her to ask them for money. Fortunately, the ones who would’ve sent money also knew her whereabouts and also had her phone number to verify the message. Nobody fell for the trick.

Even after wiping her computer and changing passwords, variations on that theme kept occurring for some time. The scammers had harvested her name and all the addresses in her address book so they didn’t need access to her computer or her email account in order to send fake email.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Paul Bradstreet
“I’m in London, and I was robbed. My money and credit cards were stolen. Could you send me $2,000 so I can get home?”

A friend 'sent us' a very similar message.  It was extremely sophisticated:

1.) He was travelling at the time;

2.) The message used his exact vernacular. Someone had carefully studied his past emails.

Like a spate of other phishing emails around that time, it came via Yahoo.

Three other friends here in Oz have had their Yahoo accounts hacked.

Paul Bradstreet,
W.  Australia


On Fri, Oct 21, 2016 at 7:04 AM, Rodney <[hidden email]> wrote:

On Oct 21, 2016, at 00:23, Al Varnell <[hidden email]> wrote:

Also usually not a phishing attempt, just expose you to advertising of some sort.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

John Robinson-3
Years ago, after becoming disgusted with Yahoo's treatment of groups, I kept one Yahoo address. I use it when I'm unsure about joining lists or company newsletters. Have had the address since 1989ish. With only one Yahoo address, I lately see 300+ emails in the Junk folder. It's amazing the little blonde girl gets millions of $ yearly for millions of junk mail.

Sent from JRs iPad Air

On Oct 20, 2016, at 6:32 PM, Paul Bradstreet <[hidden email]> wrote:

“I’m in London, and I was robbed. My money and credit cards were stolen. Could you send me $2,000 so I can get home?”

A friend 'sent us' a very similar message.  It was extremely sophisticated:

1.) He was travelling at the time;

2.) The message used his exact vernacular. Someone had carefully studied his past emails.

Like a spate of other phishing emails around that time, it came via Yahoo.

Three other friends here in Oz have had their Yahoo accounts hacked.

Paul Bradstreet,
W.  Australia


On Fri, Oct 21, 2016 at 7:04 AM, Rodney <[hidden email]> wrote:

On Oct 21, 2016, at 00:23, Al Varnell <[hidden email]> wrote:

Also usually not a phishing attempt, just expose you to advertising of some sort.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Dr Digby L. James
In reply to this post by Paul Bradstreet
> “I’m in London, and I was robbed. My money and credit cards were stolen. Could you send me $2,000 so I can get home?”

I always respond to these with “Sorry to hear that. Is Antonia with you?” or some such, knowing that his wife’s name is Margaret. I always offer to help, but there are problems getting into my PayPal account; Western Union’s system is down today; etc., etc. Wastes their time and gives me a smug feeling.

I usually also e-mail the real person and suggest they send an e-mail to all their friends saying they are alive and well and still living at home in Grytviken.

Dr Digby L. James
Quinta Press
www.quintapress.com
Meadow View
Weston Rhyn
Oswestry
Shropshire
England
SY10 7RN
Phone (44) (0)1691 778659
Mobile (44) (0)7970 678144





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Derek Cross
Surely if you reply you are confirming your details phishers!

Derek


> On 21 Oct 2016, at 11:02, Dr Digby L. James <[hidden email]> wrote:
>
>> “I’m in London, and I was robbed. My money and credit cards were stolen. Could you send me $2,000 so I can get home?”
>
> I always respond to these with “Sorry to hear that. Is Antonia with you?” or some such, knowing that his wife’s name is Margaret. I always offer to help, but there are problems getting into my PayPal account; Western Union’s system is down today; etc., etc. Wastes their time and gives me a smug feeling.
>
> I usually also e-mail the real person and suggest they send an e-mail to all their friends saying they are alive and well and still living at home in Grytviken.
>
> Dr Digby L. James
> Quinta Press
> www.quintapress.com
> Meadow View
> Weston Rhyn
> Oswestry
> Shropshire
> England
> SY10 7RN
> Phone (44) (0)1691 778659
> Mobile (44) (0)7970 678144
>
>
>
>
>
> ____________TidBITS Talk Participation Guidelines____________
> Post only when you have something substantive to contribute.
> Be polite and constructive, and comment on posts, not people.
> Quote sparingly, if at all. We all read the previous message.
> Start threads with a new message to [hidden email].
> Read archives at: http://tidbits.com/pipermail/tidbits-talk/
> Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
> ____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Dr Digby L. James
> Surely if you reply you are confirming your details phishers!

Doesn’t increase the amount coming through.

Sometimes I use an anonymous account just for this kind of thing. So it only confirms that the e-mail account exists. That one gets lots of rubbish which I check once a month and clear out.

Dr Digby L. James
Quinta Press
www.quintapress.com
Meadow View
Weston Rhyn
Oswestry
Shropshire
England
SY10 7RN
Phone (44) (0)1691 778659
Mobile (44) (0)7970 678144





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Fritz Mills
In reply to this post by Marilyn Matty

> On Oct 20, 2016, at 5:10 PM, <[hidden email]> <[hidden email]> wrote:
>
>
>
> If you were hacked, the chances are that you'd be getting spoofed addresses sent with at least almost all of the names in from your contacts. You've a gmail addy, and if gmail or Facebook was hacked, we'd have heard about it already.
>

Your email  credentials can be harvested if you check your email from a public wifi network like Starbucks, and it wouldn’t matter if it was a gmail address. So it wouldn’t be a hack of gmail that we’d have heard about already, it would just have been someone trolling customers of the public network.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

@lbutlr
In reply to this post by Derek Cross
On 21 Oct 2016, at 04:14, Derek Cross <[hidden email]> wrote:
> Surely if you reply you are confirming your details phishers!

No spammers are cleaning invalid emails off their lists. They don’t care, it would simply take more time.






____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Rodney

On Oct 24, 2016, at 22:17, @lbutlr <[hidden email]> wrote:

No spammers are cleaning invalid emails off their lists. They don’t care, it would simply take more time.

True, but unless things have changed in the last few years, confirmed good email addresses are more valuable for resale.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

@lbutlr
On Oct 24, 2016, at 3:44 PM, Rodney <[hidden email]> wrote:
>> On Oct 24, 2016, at 22:17, @lbutlr <[hidden email]> wrote:
>>
>> No spammers are cleaning invalid emails off their lists. They don’t care, it would simply take more time.
>
> True, but unless things have changed in the last few years, confirmed good email addresses are more valuable for resale.

Things have changed. Most spam lists are programmatically generated lists of millions of possible email addresses.

I run a mailserver, and I see thousands of attempts every day to sent emails to addresses that have never existed in over 20 years. Some are obvious, like “sales” or “support” but others are just names like “bobsmith” “robsmith” “robertsmith” “bob.smith” etc etc. And, to top it all off and really prove how little attention is being paid, I will sometimes get thousands of connection attempts from a single server, all of which are rejected nearly instantly. If the spammers cared at all, they’d move on from a host that is never going to accept the mail.

But they don’t. They are sending out billions of emails every day and using a distributed network of infected Windows machines. There is no way for them to know what addresses they even tried to send to.

Emails that ARE harvested are taken from all those sites that have handed over their users contact information to whatever low-level script kiddie has come knocking, then those addresses are broken into and all that email scanned for anything that looks like an email (so we also get a LOT of messages sent to obvious Message-ID strings like [hidden email] or [hidden email].

Yahoo’s criminally negligent breech and inexcusable decision to sit not that information for 2 years means that a whole lot of spearfishing in the last two years (and probably the next five or so) will be much more effective since at least half a billion users and ALL THEIR EMAIL have been compromised, and the email addresses of all their contacts as well, so it doesn’t matter if you never used Yahoo mail, as long as you know someone (or know someone who knows someone) that did use Yahoo mail.





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Phishing scheme?

Rodney

On Oct 25, 2016, at 08:21, @lbutlr <[hidden email]> wrote:

Things have changed. Most spam lists are programmatically generated lists of millions of possible email addresses.

True, for people with big enough botnets, but even then it take a while to try all possible addresses, and yesterday’s invalid address might be today’s valid address.

However, not every wannabe spammer has access to a huge botnet, so selling lists of known good addresses is another source of income. Why leave money on the table?

The most valuable list of all, and the list you don’t want to end up on, is a “sucker list”. This is a list of people who have previously fallen for some scam or other. The theory is, “Once bitten, very gullible,” I reckon. As I understand it, these lists are valuable. I had an elderly friend several years ago who ended up on one. She fell for one of those “help our veterans” scams.

In the “real world™", my friend was as skeptical and level-headed a person as you’re likely to meet, but online was a different matter. She was determined to help our troops. The New York Times did a scathing editorial about the “charity” she was giving to. I looked up the charity and showed her just how much the staff was paying themselves, and her husband tried to reason with her, but nothing made a dent. She and her husband were soon flooded with requests for help from Nigerian princes, “you have won…” messages and phone calls, and every other form of internet scam you can imagine.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____