1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

An interesting email

Discussion in 'General Discussion' started by benjii, Dec 22, 2018.

  1. benjii

    Mobster

    Joined: Apr 26, 2013

    Posts: 3,287

    Location: Plymouth

    I just received this email, it's obviously spam. However, what struck me was that this is by far the most interesting use of my details (from one of the many database leaks over the years) that I've seen. It has a password that was used on one my accounts that got caught in the leak and the body of the email is generic enough that it could apply to many.

    The only thing I don't get about this, is how can you spoof a local email? Usually, you expand the details from support@paypal.co.uk (or whatever it is) and you see a ridiculously foreign email address. How, in Outlook, do you make it so when you expand the details, it gives you your own contact and email information?
     
  2. vanandjuanunited

    Soldato

    Joined: Oct 20, 2005

    Posts: 5,148

    I'd be more concerned about the video
     
  3. benjii

    Mobster

    Joined: Apr 26, 2013

    Posts: 3,287

    Location: Plymouth

    That's exactly my point, it could apply to many people and make them very worried. People get caught out by the stupidest Nigerian prince scams, this one is vaguely convincing in comparison.
     
  4. Malevolence

    Capodecina

    Joined: Oct 21, 2011

    Posts: 11,484

    I got another one to add the collection earlier. :D

     
  5. jsmoke

    Soldato

    Joined: Jun 17, 2012

    Posts: 6,524

    There used to be a program called ghostmail.
     
  6. benjii

    Mobster

    Joined: Apr 26, 2013

    Posts: 3,287

    Location: Plymouth

    Erm... what? :D
     
  7. Zefan

    Don

    Joined: Jan 15, 2006

    Posts: 28,813

    Location: Tosche Station

    Back door.
     
  8. benjii

    Mobster

    Joined: Apr 26, 2013

    Posts: 3,287

    Location: Plymouth

    Hah, that's amazing! A lovely Google translate job.
     
  9. GW1970

    Gangster

    Joined: Nov 16, 2012

    Posts: 369

    The last one I had like this had the opening line of

    Hello my prey
     
  10. Meddling-Monk

    Gangster

    Joined: Sep 2, 2013

    Posts: 429

    Had a whole bunch of those go to a "fake" email address that is used, and I'm just thinking... "Eh?".

    Looking through the details, I see the ones sending to my fake address is sent from yahoo-jp, dunno if that's actually true or not, but yeah, not actually local or from that fake email address at all.
     
  11. Malevolence

    Capodecina

    Joined: Oct 21, 2011

    Posts: 11,484

    Had one of those myself not too long back.

    Also had one that starts with "Hello sacrifice". :D
     
  12. Hades

    Capodecina

    Joined: Oct 19, 2002

    Posts: 21,274

    Location: Surrey and London

    I has one of these the other day. Made me laugh :)
     
  13. Rroff

    Man of Honour

    Joined: Oct 13, 2006

    Posts: 59,693

    Not just that in this case they are using an account on the same domain and service to send the spam? so it doesn't look as suspicious unless you actually follow the send chain in depth?
     
  14. Django x2

    Capodecina

    Joined: Sep 28, 2008

    Posts: 12,027

    Location: Britain

    Any open relay SMTP server can be made to look like you sent the email to yourself. That method is older than the dawn of time and you would be surprised how easy it was to find an open SMTP relay server on the internet.
     
  15. chaparral

    Capodecina

    Joined: Nov 27, 2005

    Posts: 18,889

    Reply and tell them if they pay you £1000 you will be happy to send them some more video's ….:D
     
  16. platinum87

    Mobster

    Joined: Nov 25, 2007

    Posts: 4,889

    Location: London

    Like 16 years ago i was using some email bomber program, but aside from spamming hundreds of emails in seconds, you simply use a yahoo or Hotmail smtp server and enter whatever email address you want.

    No account was required whatsoever.
     
  17. LizardKing

    Soldato

    Joined: Oct 18, 2002

    Posts: 7,471

    Location: The Land of Roundabouts

    The mechanism is quite easy. emails contain a few headers that are hidden to end users, 2 of these are "mail-from" and "reply-to" (don't quote me on the specifics, its from memory :))
    Most mail clients display the reply-to address and this is the header they spoof. im guessing if you are able to view the full header you will see the originating domain address.

    The domain validators aspects of Antispam mechanisms (spf/dmarc) work against the "mail-from" address so as long as this is valid (any random hosted solution will do) then its less likely to get caught as spam and delivered to your inbox.

    Im quite impressed by this vector as they are using the leaked DB's of email/passwords, pairing it all up and spear phishing users on a mass scale, its all automated. You have to wonder about the people behind these ideas, if they put this much effort into a legitimate line of business they would probably do ok out of it!
     
  18. Scania

    Capodecina

    Joined: Nov 25, 2004

    Posts: 22,582

    Location: On the road....

    Had one myself, replied with a link to the tropic thunder flaming dragon phone call scene. :D
     
  19. Angilion

    Man of Honour

    Joined: Dec 5, 2003

    Posts: 15,359

    Location: Just to the left of my PC

    My initial thought was that they were claiming to have inserted malware into the porn site via a video of their (apparently excellent) arse that they'd submitted to the site in some sort of amateur porn video contest. :)
     
  20. aardvark

    Sgarrista

    Joined: Jan 2, 2005

    Posts: 7,602

    Location: leeds

    arse application - ha!