Possible Malicious Email Log Out | Topics | Search
Moderators | Register | Edit Profile

Australian RR Forums » General Discussion » Possible Malicious Email « Previous Next »

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

David Gore
Moderator
Username: david_gore

Post Number: 2452
Registered: 4-2003
Posted on Monday, 27 February, 2017 - 07:46:   Edit PostDelete PostView Post/Check IP

I received a suspicious email this morning to my forum email address from someone I do not know containing links purporting to be a classic car advertised on Ebay. My intuition immediately said this is suspicious and I am posting this in case other forum members receive a similar unsolicited email.

The email is from a Paul Klein who does not appear in our Users List and is titled "Fwd: A real SURVIVOR - 1967 Jaguar Etype Series I Coupe - 31k Miles".

David
.
Top of pagePrevious messageNext messageBottom of page Link to this message

Mark Aldridge
Grand Master
Username: mark_aldridge

Post Number: 406
Registered: 10-2008
Posted on Monday, 27 February, 2017 - 07:58:   Edit PostDelete PostView Post/Check IP

David, received it and deleted it unopened !
Mark
Top of pagePrevious messageNext messageBottom of page Link to this message

RR Forums Administrator
Board Administrator
Username: admin

Post Number: 97
Registered: 10-2002
Posted on Monday, 27 February, 2017 - 11:05:   Edit PostDelete PostView Post/Check IP

This is an interesting one...

The email does not in itself contain anything malicious: just a link to an eBay item. What is suspicious is how it is arriving in people's inboxes.

The same email has been forwarded from several Yahoo accounts to numerous recipients with rroc.org.au email addresses. The senders are similar (mbz190slmember[at]yahoo.com, mbz190slcollector[at]yahoo.com, mbz190slmember[at]yahoo.com, etc.) and the contents are practically identical: a simple 'FYI' for the same forwarded email from Paul Klein <pmb.klein[at]yahoo.com>. One email is from <paul.klein19[at]yahoo.com>, forwarded from <ericb0436[at]gmail.com>. All the emails come from the Yahoo mail servers so they correspond to real Yahoo accounts. Whether the are legitimate accounts is unlikely, given the evidence to hand.

A search for various of the above email addresses yields the following web page with an interesting story: https://www.sl113.org/forums/index.php?topic=23497.0>. Whether it is actually a scam or not, the email behaviour alone raises warning flags for me.

I believe the likelihood is high that these emails are a scam or a devious marketing effort and are being cleverly distributed via harvested emails and hijacked Yahoo accounts. It is widely known that Yahoo suffered a massive security breach years ago so any emails from Yahoo addresses should be viewed with distrust as a matter of course. The market in harvested emails is huge and it only takes one hacked PC for your own email to irrevocably join the list of millions of addresses used by spammers and scammers.

I would like to assure forum users that it is extremely unlikely that any addresses have been harvested from the forum user database. If you have published your email in a post it is, of course, harvestable. Any of your email correspondents whose PCs or emails have been hacked will have yielded up your address to the harvesters. What's new is that the harvesters seem to be using CRM techniques to associate email addresses with interests so they know who is a likely candidate for specific types of scam - in this case car sales scams.

It would be interesting to follow the eBay item to see what happens.
Top of pagePrevious messageNext messageBottom of page Link to this message

RR Forums Administrator
Board Administrator
Username: admin

Post Number: 98
Registered: 10-2002
Posted on Monday, 27 February, 2017 - 12:29:   Edit PostDelete PostView Post/Check IP

After further investigation I found the following discussion that seems relevant: http://forums.pelicanparts.com/porsche-911-used-parts-sale-wanted/733840-scammers-scammers-beware.html
Top of pagePrevious messageNext messageBottom of page Link to this message

Vladimir Ivanovich Kirillov
Grand Master
Username: soviet

Post Number: 746
Registered: 2-2013
Posted on Monday, 27 February, 2017 - 19:39:   Edit PostDelete PostView Post/Check IP

Nobody phuks with my mates where is he?
Top of pagePrevious messageNext messageBottom of page Link to this message

Robert Noel Reddington
Grand Master
Username: bob_uk

Post Number: 1315
Registered: 5-2015
Posted on Tuesday, 28 February, 2017 - 00:53:   Edit PostDelete PostView Post/Check IP

I got an email like this, I was immediately suspicious because it wasn't anybody I knew so I junked it unopened.

Also phone calls asking about my recent car accident ---- which I have not had.

What can happen is that suppose one has a small shunt and had a bit of pain for a couple of hours. An inflated claim to insurers can result in fraud and criminal charges while the solicitors get away scot free and take one to civil court and claim legal fees for the failed insurance claim.

I have instructed my gangster hit man to kill anyone who trys to scam my family. On special offer is kill one get one and get one free--- bog off.

(_._)
Top of pagePrevious messageNext messageBottom of page Link to this message

Patrick Lockyer.
Grand Master
Username: pat_lockyer

Post Number: 1113
Registered: 9-2004
Posted on Tuesday, 28 February, 2017 - 03:35:   Edit PostDelete PostView Post/Check IP

Bob, any rouge emails that I receive seem to be sent to my spam box by some form of automation.
Then they seem to get removed after a week or so.

Add Your Message Here
Post:
Bold text Italics Underline Create a hyperlink Insert a clipart image

Username: Posting Information:
This is a public posting area. Enter your username and password if you have an account. Otherwise, enter your full name as your username and leave the password blank. Your e-mail address is optional.
Please quote Chassis Numbers for all vehicles mentioned.
Password:
E-mail:
Action: