Home |
Search |
Today's Posts |
|
UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
#1
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Coincidence or....?
A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Suggestions? -- Tim Lamb |
#2
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Are you or they on Yahoo or have any of you ever been
? Its not much to do with Iphones as far as I can tell. They are probably one of the most secure portable devices there are. Look at the actual email addresses used though, as often you will find them different. Not a new problem. Brian -- ----- -- This newsgroup posting comes to you directly from... The Sofa of Brian Gaff... Blind user, so no pictures please Note this Signature is meaningless.! "Tim Lamb" wrote in message ... Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Suggestions? -- Tim Lamb |
#3
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , "Brian Gaff (Sofa)"
writes Are you or they on Yahoo or have any of you ever been ? Its not much to do with Iphones as far as I can tell. They are probably one of the most secure portable devices there are. Look at the actual email addresses used though, as often you will find them different. Not a new problem. They are both on Yahoo as is my wife. I have an disused Yahoo mail address. The lack of sensible message and incorrect send addresses are pretty obvious on Thunderbird but might fool a phone user. The usual content is a URL. -- Tim Lamb |
#4
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
On 22/12/2019 11:23, Tim Lamb wrote:
Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Suggestions? First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one. Look for a SPF record in the header as well, and see what status is attached to it (e.g. "Pass" or "Soft fail"). -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#5
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Tim Lamb wrote:
They are both on Yahoo as is my wife. I have an disused Yahoo mail address. The lack of sensible message and incorrect send addresses are pretty obvious on Thunderbird but might fool a phone user. The usual content is a URL. At some point, possibly a decade ago or more, somebody got their mail hacked. Might have been you, them, or anyone you corresponded with. They hoovered up the addressbook and any correspondances (eg if you sent a mail to Fred CC daughter, then Fred's account knows you both and knows that you know each other). They then send out messages purporting to be from someone you might know. The illusion will likely fall apart if they try to write text (because it's quite likely they won't sound like Fred), so they just send a URL and hope someone is gullible to click on it. (I'd guess the URL would forward to a fake Gmail/Yahoo/Outlook/etc login page, in the hope of snaffling your email credentials) Not a lot you can do about it, except change email addresses and maybe blackhole mail claiming to come from the old one. Theo |
#6
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
"Tim Lamb" wrote in message ... Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. Contacting them how ? I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Very unlikely to be their end infected. The iphone is very very difficult to infect because of the walled garden approach to apps only being able to see what you allow them to see. Of course its possible they have allowed an app to have access to their contacts and that's how its happening. Suggestions? Ask them if others get a similar result after contacting them. |
#7
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Brian Gaff (Sofa) wrote
Are you or they on Yahoo or have any of you ever been ? I am and don’t have a problem with junk mail. Its not much to do with Iphones as far as I can tell. They are probably one of the most secure portable devices there are. Yes, but it is still possible to allow an app access to your contacts. Look at the actual email addresses used though, as often you will find them different. But that doesn’t help with stopping it happening in future. Not a new problem. "Tim Lamb" wrote in message ... Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Suggestions? -- Tim Lamb |
#8
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , John
Rumm writes On 22/12/2019 11:23, Tim Lamb wrote: Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Suggestions? First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one. Look for a SPF record in the header as well, and see what status is attached to it (e.g. "Pass" or "Soft fail"). I have yet to find my way around T bird headers. This might be the incentive. They display marked as probable junk but I would check anyway because of the lack of content. -- Tim Lamb |
#9
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , %
writes "Tim Lamb" wrote in message .. . Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. Contacting them how ? CCd in a mail for the last one. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Very unlikely to be their end infected. The iphone is very very difficult to infect because of the walled garden approach to apps only being able to see what you allow them to see. Of course its possible they have allowed an app to have access to their contacts and that's how its happening. Suggestions? Ask them if others get a similar result after contacting them. OK. -- Tim Lamb |
#10
Posted to uk.d-i-y
|
|||
|
|||
Lonely Auto-contradicting Psychotic Senile Ozzie Troll Alert! LOL
On Mon, 23 Dec 2019 04:23:54 +1100, clinically insane, pedophilic, serbian
bitch Razovic, the resident psychopath of sci and scj and Usenet's famous sexual cripple, making an ass of herself as "jew pedophile Ron Jacobson (jew pedophile Baruch 'Barry' Shein's jew aliash)", farted again: Are you or they on Yahoo or have any of you ever been ? I am and don¢t have a problem with junk mail. NOBODY asked you ANYTHING, you retarded piece of trolling senile ****! tsk -- Website (from 2007) dedicated to the 85-year-old trolling senile cretin from Oz: https://www.pcreview.co.uk/threads/r...d-faq.2973853/ |
#11
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
On 22/12/2019 18:59, Tim Lamb wrote:
In message , John Rumm writes On 22/12/2019 11:23, Tim Lamb wrote: Coincidence or....? Â*A few times recently I have had junk mails purportedly from my daughtersÂ* shortly after contacting them. Â*I post to a number of other folk without this happening. Is it my endÂ* (limited anti-virus protection) or their end ( i-phone users)? Â*Suggestions? First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one. Look for a SPF record in the header as well, and see what status is attached to it (e.g. "Pass" or "Soft fail"). I have yet to find my way around T bird headers. This might be the incentive. They display marked as probable junk but I would check anyway because of the lack of content. In thunderbird, just hit CTRL + U to display the full message source. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#12
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , John
Rumm writes On 22/12/2019 18:59, Tim Lamb wrote: In message , John Rumm writes On 22/12/2019 11:23, Tim Lamb wrote: Coincidence or....? *A few times recently I have had junk mails purportedly from my daughters* shortly after contacting them. *I post to a number of other folk without this happening. Is it my end* (limited anti-virus protection) or their end ( i-phone users)? *Suggestions? First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one. Look for a SPF record in the header as well, and see what status is attached to it (e.g. "Pass" or "Soft fail"). I have yet to find my way around T bird headers. This might be the incentive. They display marked as probable junk but I would check anyway because of the lack of content. In thunderbird, just hit CTRL + U to display the full message source. Right! 4 pages of gobbledegook:-) Sent from jumbo.zone but otherwise nothing I understand. It obviously passed all the authentication checks. -- Tim Lamb |
#13
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Yes this is a historic problem. Nearly everyone who used Yahoo mail in the
online way, rather than using a client and has done it for some years seems to have been hacked partially, ie they know who certain email addresses were associated with from the address books hacked. I regularly see their names but filter them via incorrect email addresses in the line with the right name. Normally they are of the type. I'm sorry to contact you but I've had my card stolen and am in (insert place name here) and wondered if you could give me some money, Or it might be, Hey found this great site, then they put a graphic of the innocent looking site obscuring the address of the one with the malware on it. The latter never works for me as the graphic is not 'read' for obvious reasons. Brian -- ----- -- This newsgroup posting comes to you directly from... The Sofa of Brian Gaff... Blind user, so no pictures please Note this Signature is meaningless.! "Tim Lamb" wrote in message news In message , "Brian Gaff (Sofa)" writes Are you or they on Yahoo or have any of you ever been ? Its not much to do with Iphones as far as I can tell. They are probably one of the most secure portable devices there are. Look at the actual email addresses used though, as often you will find them different. Not a new problem. They are both on Yahoo as is my wife. I have an disused Yahoo mail address. The lack of sensible message and incorrect send addresses are pretty obvious on Thunderbird but might fool a phone user. The usual content is a URL. -- Tim Lamb |
#15
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Well most devices these days can be set up so that you are informed when
email is being sent. Even way back in the Outlook Express days as I still am, you can set a flag to let you know when something tries to send email behind the scenes. Many pcs particularly get themselves boted, but greylisting has actually stopped a lot of that. The server always rejects the first attempt to send the email, hoping that the botted machine just sends the lot fast to avoid detection, hence they all get rejected, but a proper email from your own client will retry. Brian -- ----- -- This newsgroup posting comes to you directly from... The Sofa of Brian Gaff... Blind user, so no pictures please Note this Signature is meaningless.! "Tim Lamb" wrote in message ... In message , John Rumm writes On 22/12/2019 11:23, Tim Lamb wrote: Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Suggestions? First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one. Look for a SPF record in the header as well, and see what status is attached to it (e.g. "Pass" or "Soft fail"). I have yet to find my way around T bird headers. This might be the incentive. They display marked as probable junk but I would check anyway because of the lack of content. -- Tim Lamb |
#16
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
You need to selectively read the things, even the from line can be very
interesting if you compare it to the one you see on a good valid message. Normally the email client is also listed which can be a give away straight away. Brian -- ----- -- This newsgroup posting comes to you directly from... The Sofa of Brian Gaff... Blind user, so no pictures please Note this Signature is meaningless.! "Tim Lamb" wrote in message ... In message , John Rumm writes On 22/12/2019 18:59, Tim Lamb wrote: In message , John Rumm writes On 22/12/2019 11:23, Tim Lamb wrote: Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Suggestions? First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one. Look for a SPF record in the header as well, and see what status is attached to it (e.g. "Pass" or "Soft fail"). I have yet to find my way around T bird headers. This might be the incentive. They display marked as probable junk but I would check anyway because of the lack of content. In thunderbird, just hit CTRL + U to display the full message source. Right! 4 pages of gobbledegook:-) Sent from jumbo.zone but otherwise nothing I understand. It obviously passed all the authentication checks. -- Tim Lamb |
#17
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Yes well, I think a sensible approach to what you let have access to your
address book is in order. I know for example that in order to use the amazon echo devices to make calls you need to allow it to have access to the mobiles address book. I have yet to see any problems from this. The main things I do see with mobiles are the location services being used to try to get you to go to shops etc. The Tile App does this on its free to use app, but of course you can ignore them or turn off location services sharing so it only works when you want to find something. There is no such thing as a free lunch, and to be fair they do tell you in their voluminous terms and conditions which nobody reads of course! There are a lot of things to be wary of out there, never post pictures unedited to facebook while on holiday, as unless you are careful they reveal where you are and what time you were there in the metadata, allowing the canny crook to go and do over your home address while you are away. Brian -- ----- -- This newsgroup posting comes to you directly from... The Sofa of Brian Gaff... Blind user, so no pictures please Note this Signature is meaningless.! "Tim Lamb" wrote in message ... In message , % writes "Tim Lamb" wrote in message . .. Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. Contacting them how ? CCd in a mail for the last one. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Very unlikely to be their end infected. The iphone is very very difficult to infect because of the walled garden approach to apps only being able to see what you allow them to see. Of course its possible they have allowed an app to have access to their contacts and that's how its happening. Suggestions? Ask them if others get a similar result after contacting them. OK. -- Tim Lamb |
#18
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
On 23/12/2019 08:54, Tim Lamb wrote:
In message , John Rumm writes On 22/12/2019 18:59, Tim Lamb wrote: In message , John Rumm writes On 22/12/2019 11:23, Tim Lamb wrote: Coincidence or....? Â*A few times recently I have had junk mails purportedly from my daughtersÂ* shortly after contacting them. Â*I post to a number of other folk without this happening. Is it my endÂ* (limited anti-virus protection) or their end ( i-phone users)? Â*Suggestions? First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one.Â* Look for a SPF record in the header as well, and see what status isÂ* attached to it (e.g. "Pass" or "Soft fail"). Â*I have yet to find my way around T bird headers. This might be the incentive. They display marked as probable junk but I would check anywayÂ* because of the lack of content. In thunderbird, just hit CTRL + U to display the full message source. Right! 4 pages of gobbledegook:-) Sent from jumbo.zone but otherwise nothing I understand. It obviously passed all the authentication checks. Past em here or email them to me, and I can probably get you a bit more info - like where it came from, whether its using a compromise account or just spoofing etc. (we only need the headers - you can snip the actual body, and react any real mail addresses etc) -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#19
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , "Brian Gaff (Sofa 2)"
writes Yes this is a historic problem. Nearly everyone who used Yahoo mail in the online way, rather than using a client and has done it for some years seems to have been hacked partially, ie they know who certain email addresses were associated with from the address books hacked. I regularly see their names but filter them via incorrect email addresses in the line with the right name. Normally they are of the type. I'm sorry to contact you but I've had my card stolen and am in (insert place name here) and wondered if you could give me some money, Or it might be, Hey found this great site, then they put a graphic of the innocent looking site obscuring the address of the one with the malware on it. The latter never works for me as the graphic is not 'read' for obvious reasons. Other than exercise caution, there doesn't seem much can be done. -- Tim Lamb |
#20
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , John
Rumm writes On 23/12/2019 08:54, Tim Lamb wrote: In message , John Rumm writes On 22/12/2019 18:59, Tim Lamb wrote: In message , John Rumm writes On 22/12/2019 11:23, Tim Lamb wrote: Coincidence or....? *A few times recently I have had junk mails purportedly from my daughters* shortly after contacting them. *I post to a number of other folk without this happening. Is it my end* (limited anti-virus protection) or their end ( i-phone users)? *Suggestions? First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one.* Look for a SPF record in the header as well, and see what status is* attached to it (e.g. "Pass" or "Soft fail"). *I have yet to find my way around T bird headers. This might be the incentive. They display marked as probable junk but I would check anyway* because of the lack of content. In thunderbird, just hit CTRL + U to display the full message source. Right! 4 pages of gobbledegook:-) Sent from jumbo.zone but otherwise nothing I understand. It obviously passed all the authentication checks. Past em here or email them to me, and I can probably get you a bit more info - like where it came from, whether its using a compromise account or just spoofing etc. (we only need the headers - you can snip the actual body, and react any real mail addresses etc) OK John. I'll have a go this evening. Somebody wants the woodwork bench they lent me 15 years ago returned! -- Tim Lamb |
#21
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Brian Gaff (Sofa 2) wrote
Yes this is a historic problem. Nearly everyone who used Yahoo mail in the online way, rather than using a client and has done it for some years seems to have been hacked partially, That would certainly explain why I have never seen it even tho yahoo has always been my main email address that I have used for decades now. I don’t use the online system at all and have no address book there. ie they know who certain email addresses were associated with from the address books hacked. I regularly see their names but filter them via incorrect email addresses in the line with the right name. Normally they are of the type. I'm sorry to contact you but I've had my card stolen and am in (insert place name here) and wondered if you could give me some money, Or it might be, Hey found this great site, then they put a graphic of the innocent looking site obscuring the address of the one with the malware on it. Never got any of either type. The latter never works for me as the graphic is not 'read' for obvious reasons. "Tim Lamb" wrote in message news In message , "Brian Gaff (Sofa)" writes Are you or they on Yahoo or have any of you ever been ? Its not much to do with Iphones as far as I can tell. They are probably one of the most secure portable devices there are. Look at the actual email addresses used though, as often you will find them different. Not a new problem. They are both on Yahoo as is my wife. I have an disused Yahoo mail address. The lack of sensible message and incorrect send addresses are pretty obvious on Thunderbird but might fool a phone user. The usual content is a URL. -- Tim Lamb |
#22
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Brian Gaff (Sofa 2) wrote
Well it does if you use offline clients on pop3, It does what ? also Many I-phones can be easily set up to see the email address it came from which is seldom yahoo. I never really go to sites from emails, unless I've checked the send address first these days, I just check the url that it wants to go to. though the malware infected sits are fewer And my email client and anti virus software finds those and reports a few of them. and as has been said, the phishing aspect has increased, I guess because there are so many gullible people about I don’t get caught by those. One trick of course is to viesw email in plain text, this reveals the real web addresses in the email, I can see that when hovering over the link. but means links do not work and for many badly configured email newsletters the content appears either blank or just with the the footer on it as the dweeb who sent it did not send anything but the html. Don’t read any newsletters like that. I do read a few professionally produced ones. "Rod Speed" wrote in message ... Brian Gaff (Sofa) wrote Are you or they on Yahoo or have any of you ever been ? I am and don’t have a problem with junk mail. Its not much to do with Iphones as far as I can tell. They are probably one of the most secure portable devices there are. Yes, but it is still possible to allow an app access to your contacts. Look at the actual email addresses used though, as often you will find them different. But that doesn’t help with stopping it happening in future. Not a new problem. "Tim Lamb" wrote in message ... Coincidence or....? A few times recently I have had junk mails purportedly from my daughters shortly after contacting them. I post to a number of other folk without this happening. Is it my end (limited anti-virus protection) or their end ( i-phone users)? Suggestions? -- Tim Lamb |
#23
Posted to uk.d-i-y
|
|||
|
|||
Lonely Auto-contradicting Psychotic Senile Ozzie Troll Alert! LOL
On Tue, 24 Dec 2019 00:54:38 +1100, cantankerous trolling geezer Rodent
Speed, the auto-contradicting senile sociopath, blabbered, again: FLUSH troll**** 00:54 in Australia??? Now what? Did you just get out of bed and START with your trolling or did you just stop it before you went to bed, you abnormal senile asshole troll? I'll soon find out! LOL -- Richard addressing Rot Speed: "**** you're thick/pathetic excuse for a troll." MID: |
#24
Posted to uk.d-i-y
|
|||
|
|||
UNBELIEVABLE: It's 01:03 am in Australia and the Senile Ozzietard has been out of Bed and TROLLING since 00:54 already!!!! LOL
On Tue, 24 Dec 2019 01:03:03 +1100, cantankerous trolling geezer Rodent
Speed, the auto-contradicting senile sociopath, blabbered, again: FLUSH troll**** REALLY??? 01:03??? AGAIN??? LMAO! And you are up and trolling ALREADY??????? ROTFLOL! Just HOW clinically insane are you, senile Rodent? -- Bill Wright addressing senile Ozzie cretin Rot Speed: "Well you make up a lot of stuff and it's total ******** most of it." MID: |
#25
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , Tim Lamb
writes In message HZudnSRANIrfP53DnZ2dnUU78RmdnZ2d@brightvi ew.co.uk, John Rumm writes In thunderbird, just hit CTRL + U to display the full message source. Right! 4 pages of gobbledegook:-) Sent from jumbo.zone but otherwise nothing I understand. It obviously passed all the authentication checks. Past em here or email them to me, and I can probably get you a bit more info - like where it came from, whether its using a compromise account or just spoofing etc. (we only need the headers - you can snip the actual body, and react any real mail addresses etc) OK John. I'll have a go this evening. Somebody wants the woodwork bench they lent me 15 years ago returned! Try this:- From - Mon Dec 9 08:05:17 2019 X-Account-Key: account4 X-UIDL: 21366 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Received: from LO2P265MB1421.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:5a::14) by CWLP265MB0962.GBRP265.PROD.OUTLOOK.COM with HTTPS via CWLP265CA0338.GBRP265.PROD.OUTLOOK.COM; Mon, 9 Dec 2019 03:24:06 +0000 Received: from LO2P265CA0401.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::29) by LO2P265MB1421.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:94::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.14; Mon, 9 Dec 2019 03:24:06 +0000 Received: from AM5EUR02FT010.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e1e::202) by LO2P265CA0401.outlook.office365.com (2603:10a6:600:f::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.14 via Frontend Transport; Mon, 9 Dec 2019 03:24:06 +0000 Authentication-Results: spf=none (sender IP is 118.97.118.130) smtp.mailfrom=onigiri.co.id; marfordfarm.demon.co.uk; dkim=none (message not signed) header.d=none;marfordfarm.demon.co.uk; dmarc=none action=none header.from=onigiri.co.id;compauth=fail reason=001 Received-SPF: None (protection.outlook.com: onigiri.co.id does not designate permitted sender hosts) Received: from mx5-siagan-mbaru-g12-itu.indomaguro.co.id (118.97.118.130) by AM5EUR02FT010.mail.protection.outlook.com (10.152.8.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2495.18 via Frontend Transport; Mon, 9 Dec 2019 03:24:05 +0000 Received: from localhost (localhost [127.0.0.1]) by mx5-siagan-mbaru-g12-itu.indomaguro.co.id (Postfix) with ESMTP id 7BC5A12256D for ; Mon, 9 Dec 2019 10:19:11 +0700 (WIB) Received: from mx5-siagan-mbaru-g12-itu.indomaguro.co.id ([127.0.0.1]) by localhost (mx5-siagan-mbaru-g12-itu.indomaguro.co.id [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id Wns20PcwSrH6 for ; Mon, 9 Dec 2019 10:19:11 +0700 (WIB) Received: from localhost (localhost [127.0.0.1]) by mx5-siagan-mbaru-g12-itu.indomaguro.co.id (Postfix) with ESMTP id 1C03012256B for ; Mon, 9 Dec 2019 10:19:11 +0700 (WIB) X-Virus-Scanned: amavisd-new at mx5-siagan-mbaru-g12-itu.indomaguro.co.id Received: from mx5-siagan-mbaru-g12-itu.indomaguro.co.id ([127.0.0.1]) by localhost (mx5-siagan-mbaru-g12-itu.indomaguro.co.id [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id EwNacX-0Qg_V for ; Mon, 9 Dec 2019 10:19:11 +0700 (WIB) Received: from sp.onigiri.co.id (unknown [191.55.76.13]) by mx5-siagan-mbaru-g12-itu.indomaguro.co.id (Postfix) with ESMTPA id ED7FB122570 for ; Mon, 9 Dec 2019 10:19:09 +0700 (WIB) From: "Hannah Lamb" To: "Pa" Reply-To: "Hannah Lamb" Subject: Hello Pa Thread-Index: Ky1lejU1cXY1d20uOWU3Ki51eTZmMQ== Date: Mon, 9 Dec 2019 06:23:31 +0300 Message-Id: 10U6HCH5TFTN4ZZXP7FT5DUSS0RP83PZ0M4N0T2N@HU0US2NY 2HF3HH7.namprd14.prod.o utlook.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_10U6HCH5TFTN4ZZXP7FT5DUSS0RP83PZ0M4 N0T2NHU0US2NY2H F3HH7_" Return-Path: X-MS-Exchange-Organization-ExpirationStartTime: 09 Dec 2019 03:24:05.5006 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit X-MS-Exchange-Organization-Network-Message-Id: 08def035-c0b7-433d-ddc6-08d77c573ede X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: b58b9882-6915-43fd-93c2-085d389cfee5:0 X-MS-Exchange-Organization-MessageDirectionality: Incoming X-Forefront-Antispam-Report: CIP:118.97.118.130;IPV:NLI;CTRY:ID;EFV:NLI;SFV:SPM ;SFS10001);DIR:INB;S FP:;SCL:5;SRVR:LO2P265MB1421;H:mx5-siagan-mbaru-g12-itu.indomaguro.co.id; FPR:;SPF:None;LANG:en;CAT:SPOOF; X-MS-Exchange-Organization-AuthSource: AM5EUR02FT010.eop-EUR02.prod.protection.outlook.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 08def035-c0b7-433d-ddc6-08d77c573ede X-MS-TrafficTypeDiagnostic: LO2P265MB1421: X-MS-Oob-TLC-OOBClassifiers: OLM:1728; X-MS-Exchange-Organization-SCL: 6 X-Microsoft-Antispam: BCL:0; X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2019 03:24:05.1073 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 08def035-c0b7-433d-ddc6-08d77c573ede X-MS-Exchange-CrossTenant-Id: b58b9882-6915-43fd-93c2-085d389cfee5 X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P265MB1421 X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.5773365 X-MS-Exchange-Processed-By-BccFoldering: 15.20.2516.000 X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG20160513016)(7 50127)(52000205 0)(701014)(944506383)(944626516) -- Tim Lamb |
#26
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
Tim Lamb wrote:
Try this:- the spammer is making no attempt to claim their address is anything other than an indonesian one the only yahoo address there is in the message is however they've set the descriptive part of the send to "Hannah ****" which presumably matches your daughter, and obviously they know your demon address is one she has corresponded with previously, so they know who to spam She (like almost every yahoo email user I know) clearly had her accounted hacked and details hoovered from it at some time in the past. clearly the emails you've received so far have been easy to spot, not much you can do but keep a suspicious eye on them, or encourage her to change email provider. |
#27
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
On 23/12/2019 11:38, Tim Lamb wrote:
In message , John Rumm writes On 23/12/2019 08:54, Tim Lamb wrote: In message , John Rumm writes On 22/12/2019 18:59, Tim Lamb wrote: In message , JohnÂ* Rumm writes On 22/12/2019 11:23, Tim Lamb wrote: Coincidence or....? Â*A few times recently I have had junk mails purportedly from my daughtersÂ* shortly after contacting them. Â*I post to a number of other folk without this happening. Is it myÂ* endÂ* (limited anti-virus protection) or their end ( i-phone users)? Â*Suggestions? First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one.Â* Look for a SPF record in the header as well, and see what status isÂ* attached to it (e.g. "Pass" or "Soft fail"). Â*I have yet to find my way around T bird headers. This might be the incentive. They display marked as probable junk but I would check anywayÂ* because of the lack of content. In thunderbird, just hit CTRL + U to display the full message source. Â*Right! 4 pages of gobbledegook:-) Â*Sent from jumbo.zone but otherwise nothing I understand. It obviouslyÂ* passed all the authentication checks. Past em here or email them to me, and I can probably get you a bit more info - like where it came from, whether its using a compromise account or just spoofing etc. (we only need the headers - you can snip theÂ* actual body, and react any real mail addresses etc) OK John. I'll have a go this evening. Somebody wants the woodwork bench they lent me 15 years ago returned! Some folk are just too impatient. |
#28
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , Andy Burns
writes Tim Lamb wrote: Try this:- the spammer is making no attempt to claim their address is anything other than an indonesian one the only yahoo address there is in the message is however they've set the descriptive part of the send to "Hannah ****" which presumably matches your daughter, and obviously they know your demon address is one she has corresponded with previously, so they know who to spam She (like almost every yahoo email user I know) clearly had her accounted hacked and details hoovered from it at some time in the past. clearly the emails you've received so far have been easy to spot, not much you can do but keep a suspicious eye on them, or encourage her to change email provider. Would simply changing her Yahoo address help? OK So far. Does anyone know if the link was dangerous? The initial giveaway was the extra v in her mail address but T'bird had flagged it as *junk* anyway. -- Tim Lamb |
#29
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , Richard
writes On 23/12/2019 11:38, Tim Lamb wrote: Somebody wants the woodwork bench they lent me 15 years ago returned! Some folk are just too impatient. Quite! The full story is that hid daughter is now at home with children and wants to take up picture framing. Apart from a brush down, all I have actually done so far is to set about repairing the one it replaced. -- Tim Lamb |
#30
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , Tim Streater
writes In article , Tim Lamb wrote: In message , Tim Lamb writes In message HZudnSRANIrfP53DnZ2dnUU78RmdnZ2d@brightvi ew.co.uk, John Rumm writes In thunderbird, just hit CTRL + U to display the full message source. Right! 4 pages of gobbledegook:-) Sent from jumbo.zone but otherwise nothing I understand. It obviously passed all the authentication checks. Past em here or email them to me, and I can probably get you a bit more info - like where it came from, whether its using a compromise account or just spoofing etc. (we only need the headers - you can snip the actual body, and react any real mail addresses etc) OK John. I'll have a go this evening. Somebody wants the woodwork bench they lent me 15 years ago returned! Try this:- From - Mon Dec 9 08:05:17 2019 ... From: "Hannah Lamb" She's in Indonesia. There's a number of server addresses between her and your Outlook stuff, with some having onigiri addresses. I looked at www.onigiri.co.id which seems legit, at first glance. Hmm.. could it just be innocuous spam? -- Tim Lamb |
#31
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
On 23/12/2019 20:47, Tim Lamb wrote:
In message , Tim Lamb writes In message HZudnSRANIrfP53DnZ2dnUU78RmdnZ2d@brightvi ew.co.uk, John Rumm writes In thunderbird, just hit CTRL + U to display the full message source. Right! 4 pages of gobbledegook:-) Sent from jumbo.zone but otherwise nothing I understand. It obviously passed all the authentication checks. Past em here or email them to me, and I can probably get you a bit more info - like where it came from, whether its using a compromise account or just spoofing etc. (we only need the headers - you can snip the actual body, and react any real mail addresses etc) OK John. I'll have a go this evening. Somebody wants the woodwork bench they lent me 15 years ago returned! Try this:- From - Mon Dec 9 08:05:17 2019 Ta, [snip] ok, that is just a straight spoof - and not a very good attempt either - it makes no attempt to hide its actual origin and even the from address is not disguised in any way. (which ironically improves its chances of successful delivery) It definitely did not originate from Hannah's yahoo account. So all the spammer would need to send that message are the email addresses "to" and "from". Having said that, if you visit https://haveibeenpwned.com/ and enter Hannah's real email address, then (assuming I have un-munged it correctly), it appears in 12 databases of compromised addresses (i.e. the email address and other details have been breached from compromised web sites in the past). So if any of these hacked sites revealed password details (almost certainty), and the same details were used for things like her Yahoo account, then you will need to assume that is also compromised, and the email addresses contained therein also made public, along with any other sensitive content in the emails) (Moral of that story, never re-use passwords between sites, no matter how insignificant you feel them to be). BTW, if want something to help analyse headers for you, MS have a tool he https://mha.azurewebsites.net/ Regarding potentially dangerous links in messages, go to: https://www.virustotal.com/gui/home/url and paste them into the URL scanner. It will firstly unravel any URL minimisations and find the actual target address, it will then scan what it find there and give a report without you needing to access the site yourself. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#32
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
On 24/12/2019 10:19, Tim Lamb wrote:
In message , Richard writes On 23/12/2019 11:38, Tim Lamb wrote: Â*Somebody wants the woodwork bench they lent me 15 years ago returned! Some folk are just too impatient. Quite! The full story is that hid daughter is now at home with children and wants to take up picture framing. Apart from a brush down, all I have actually done so far is to set about repairing the one it replaced. If only you had a working workbench huh :-) -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#33
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
On Tue, 24 Dec 2019 14:14:32 +0000, John Rumm
wrote: snip (Moral of that story, never re-use passwords between sites, no matter how insignificant you feel them to be). Whilst I generally don't, I was wondering if you could recommend a free (ideally) password manager that would sync between Android and Windows? I don't necessarily need many other features (like autofill or password generator) just that it's good at what it needs to do? Cheers, T i m |
#34
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
On 24/12/2019 18:33, T i m wrote:
On Tue, 24 Dec 2019 14:14:32 +0000, John Rumm wrote: snip (Moral of that story, never re-use passwords between sites, no matter how insignificant you feel them to be). Whilst I generally don't, I was wondering if you could recommend a free (ideally) password manager that would sync between Android and Windows? Firefox will do that now... I don't necessarily need many other features (like autofill or password generator) just that it's good at what it needs to do? Some folks quite like commercial solutions like Dashlane. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#35
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , John
Rumm writes On 23/12/2019 20:47, Tim Lamb wrote: In message , Tim Lamb writes In message HZudnSRANIrfP53DnZ2dnUU78RmdnZ2d@brightvi ew.co.uk, John Rumm writes In thunderbird, just hit CTRL + U to display the full message source. Right! 4 pages of gobbledegook:-) Sent from jumbo.zone but otherwise nothing I understand. It obviously passed all the authentication checks. Past em here or email them to me, and I can probably get you a bit more info - like where it came from, whether its using a compromise account or just spoofing etc. (we only need the headers - you can snip the actual body, and react any real mail addresses etc) OK John. I'll have a go this evening. Somebody wants the woodwork bench they lent me 15 years ago returned! Try this:- From - Mon Dec 9 08:05:17 2019 Ta, [snip] ok, that is just a straight spoof - and not a very good attempt either - it makes no attempt to hide its actual origin and even the from address is not disguised in any way. (which ironically improves its chances of successful delivery) It definitely did not originate from Hannah's yahoo account. So all the spammer would need to send that message are the email addresses "to" and "from". Having said that, if you visit https://haveibeenpwned.com/ and enter Hannah's real email address, then (assuming I have un-munged it correctly), it appears in 12 databases of compromised addresses (i.e. the email address and other details have been breached from compromised web sites in the past). So if any of these hacked sites revealed password details (almost certainty), and the same details were used for things like her Yahoo account, then you will need to assume that is also compromised, and the email addresses contained therein also made public, along with any other sensitive content in the emails) (Moral of that story, never re-use passwords between sites, no matter how insignificant you feel them to be). BTW, if want something to help analyse headers for you, MS have a tool he https://mha.azurewebsites.net/ Regarding potentially dangerous links in messages, go to: https://www.virustotal.com/gui/home/url and paste them into the URL scanner. It will firstly unravel any URL minimisations and find the actual target address, it will then scan what it find there and give a report without you needing to access the site yourself. Thanks for this John. She will be here over Christmas and can experiment. -- Tim Lamb |
#36
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
In message , John
Rumm writes On 24/12/2019 10:19, Tim Lamb wrote: In message , Richard writes On 23/12/2019 11:38, Tim Lamb wrote: *Somebody wants the woodwork bench they lent me 15 years ago returned! Some folk are just too impatient. Quite! The full story is that hid daughter is now at home with children and wants to take up picture framing. Apart from a brush down, all I have actually done so far is to set about repairing the one it replaced. If only you had a working workbench huh :-) Ha. Up and running. I had to chop out and relay a section next to the vice. Hollowed by chopping sticks. I suspect my grandfather acquired this one when he retired as a village school head. It is about 3" short of the other ( 32.5") and now stands on 3" feet. -- Tim Lamb |
#37
Posted to uk.d-i-y
|
|||
|
|||
Hacked mail
On Tue, 24 Dec 2019 19:20:28 +0000, John Rumm
wrote: On 24/12/2019 18:33, T i m wrote: On Tue, 24 Dec 2019 14:14:32 +0000, John Rumm wrote: snip (Moral of that story, never re-use passwords between sites, no matter how insignificant you feel them to be). Whilst I generally don't, I was wondering if you could recommend a free (ideally) password manager that would sync between Android and Windows? Firefox will do that now... snip Thanks, that seems to work. ;-) Cheers, T i m |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
LTspice E-mail Address List Hacked? | Electronic Schematics | |||
!Yahoo Hacked - Email Users Awoke to Credit Card information taken | UK diy | |||
EBay Hacked Again | Home Repair | |||
Ebay Hacked Again - Passwords - Credit Cards? | Woodworking | |||
Don't E-mail Me, I'll E-mail You | Woodworking |