I just received this email, it's obviously spam. However, what struck me was that this is by far the most interesting use of my details (from one of the many database leaks over the years) that I've seen. It has a password that was used on one my accounts that got caught in the leak and the body of the email is generic enough that it could apply to many. The only thing I don't get about this, is how can you spoof a local email? Usually, you expand the details from support@paypal.co.uk (or whatever it is) and you see a ridiculously foreign email address. How, in Outlook, do you make it so when you expand the details, it gives you your own contact and email information?
That's exactly my point, it could apply to many people and make them very worried. People get caught out by the stupidest Nigerian prince scams, this one is vaguely convincing in comparison.
Had a whole bunch of those go to a "fake" email address that is used, and I'm just thinking... "Eh?". Looking through the details, I see the ones sending to my fake address is sent from yahoo-jp, dunno if that's actually true or not, but yeah, not actually local or from that fake email address at all.
Not just that in this case they are using an account on the same domain and service to send the spam? so it doesn't look as suspicious unless you actually follow the send chain in depth?
Any open relay SMTP server can be made to look like you sent the email to yourself. That method is older than the dawn of time and you would be surprised how easy it was to find an open SMTP relay server on the internet.
Like 16 years ago i was using some email bomber program, but aside from spamming hundreds of emails in seconds, you simply use a yahoo or Hotmail smtp server and enter whatever email address you want. No account was required whatsoever.
The mechanism is quite easy. emails contain a few headers that are hidden to end users, 2 of these are "mail-from" and "reply-to" (don't quote me on the specifics, its from memory ) Most mail clients display the reply-to address and this is the header they spoof. im guessing if you are able to view the full header you will see the originating domain address. The domain validators aspects of Antispam mechanisms (spf/dmarc) work against the "mail-from" address so as long as this is valid (any random hosted solution will do) then its less likely to get caught as spam and delivered to your inbox. Im quite impressed by this vector as they are using the leaked DB's of email/passwords, pairing it all up and spear phishing users on a mass scale, its all automated. You have to wonder about the people behind these ideas, if they put this much effort into a legitimate line of business they would probably do ok out of it!
My initial thought was that they were claiming to have inserted malware into the porn site via a video of their (apparently excellent) arse that they'd submitted to the site in some sort of amateur porn video contest.
