Thread: Hacked mail
View Single Post
  #35   Report Post  
Posted to uk.d-i-y
Tim Lamb[_2_] Tim Lamb[_2_] is offline
external usenet poster
  
Posts: 6,938
Default Hacked mail
In message , John
Rumm writes
On 23/12/2019 20:47, Tim Lamb wrote:

In message , Tim Lamb
writes
In message HZudnSRANIrfP53DnZ2dnUU78RmdnZ2d@brightvi
ew.co.uk, John Rumm writes
In thunderbird, just hit CTRL + U to display the full message source.
Right! 4 pages of gobbledegook:-)
Sent from jumbo.zone but otherwise nothing I understand. It
obviously passed all the authentication checks.

Past em here or email them to me, and I can probably get you a
bit more info - like where it came from, whether its using a
compromise account or just spoofing etc.

(we only need the headers - you can snip the actual body, and
react any real mail addresses etc)

OK John. I'll have a go this evening.

Somebody wants the woodwork bench they lent me 15 years ago returned!
Try this:-
From - Mon Dec 9 08:05:17 2019

Ta, [snip]

ok, that is just a straight spoof - and not a very good attempt either
- it makes no attempt to hide its actual origin and even the from
address is not disguised in any way. (which ironically improves its
chances of successful delivery)

It definitely did not originate from Hannah's yahoo account. So all the
spammer would need to send that message are the email addresses "to"
and "from".

Having said that, if you visit

https://haveibeenpwned.com/

and enter Hannah's real email address, then (assuming I have un-munged
it correctly), it appears in 12 databases of compromised addresses
(i.e. the email address and other details have been breached from
compromised web sites in the past). So if any of these hacked sites
revealed password details (almost certainty), and the same details were
used for things like her Yahoo account, then you will need to assume
that is also compromised, and the email addresses contained therein
also made public, along with any other sensitive content in the emails)

(Moral of that story, never re-use passwords between sites, no matter
how insignificant you feel them to be).


BTW, if want something to help analyse headers for you, MS have a tool he

https://mha.azurewebsites.net/

Regarding potentially dangerous links in messages, go to:

https://www.virustotal.com/gui/home/url

and paste them into the URL scanner. It will firstly unravel any URL
minimisations and find the actual target address, it will then scan
what it find there and give a report without you needing to access the
site yourself.

Thanks for this John.

She will be here over Christmas and can experiment.

--
Tim Lamb
Reply With QuoteReply With Quote