News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Scam email and phishing

    Home Forums Code Red – Security/Privacy advisories Scam email and phishing

    Viewing 7 reply threads
    • Author
      Posts
      • #2264456 Reply
      • #2264469 Reply
        Kirsty
        Da Boss

        Rather than reporting the malspam here – one of thousands going the rounds every single day – you’d be better advised to report the email address as a spammer:

        Yahoo’s spam reporting page
        and the likes of blacklists, such as CleanTalk

        You can also use the email header, to report the IP#. Check out whatismyipaddress.com for details.

        It’s better to take action than just mention it 🙂

        2 users thanked author for this post.
        • #2264474 Reply
          OscarCP
          AskWoody Plus

          Kirsty,

          I am curious: those sites you provided the link to ask for the email address of the sender of the offending email. Most likely this is a fake address, so how can it be useful? How does this work?

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

          • #2264526 Reply
            Kirsty
            Da Boss

            There’s fake email address, then there’s genuine email addresses that aren’t being operated by the original “owner” due to hacking, and those genuine accounts created just for spam. Which are you talking about here???

            when I checked the email address in question, it was marked as being a “real” account, and not a known spammer.

            Reporting is recommended by many goverment agencies, i.e. U.S. (1 & 2), U.K., Australia, New Zealand, Canada etc.

            1 user thanked author for this post.
      • #2264530 Reply
        Kirsty
        Da Boss

        @wavy this isn’t a new spam email – it’s been doing the rounds for at least a couple of years! Inflation hasn’t changed the price in the meantime 😉

        1 user thanked author for this post.
      • #2264556 Reply
        ScotchJohn
        AskWoody Plus

        I feel better after reporting spam such as these to SpamCop.  I’m not certain that it does a lot of good, but, to repeat, it makes me feel better.  Are there other spam-reporting entities, any that have any teeth?

        Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

        • #2264693 Reply
          Kirsty
          Da Boss

          Are there other spam-reporting entities, any that have any teeth?

          That depends on your jurisdiction, and the company who “supplied” the email address. See above, for some such information.

          1 user thanked author for this post.
      • #2264781 Reply
        ScotchJohn
        AskWoody Plus

        Reporting is recommended by many goverment agencies, i.e. U.S. (1 & 2), U.K., Australia, New Zealand, Canada etc.

        Kirsty – I can’t speak for the others, but the UK’s response to computer and online fraud was irrevocably compromised by this report.

        In the UK, this needs to be relaunched, from the ground up, but recent events have probbably pushed this off the top of the to-do pile.  That was what was behind my question on whether the reporting entities had any teeth.

        Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

        • #2264896 Reply
          Kirsty
          Da Boss

          Reporting to the police is likely to be met with the response that article appears to discuss (sorry, I don’t have a subscription, so cannot see the whole article). The links I posted were for the cybersecurity dedicated areas, not law enforcement.

          Reporting to law enforcement is appropriate in some genuine dangerous circumstances, but not for your run-of-the-mill spam emails.

      • #2264825 Reply
        BigBadSteve
        AskWoody Plus

        I feel better after reporting spam such as these to SpamCop. I’m not certain that it does a lot of good, but, to repeat, it makes me feel better. Are there other spam-reporting entities, any that have any teeth?

        Yeah Spamcop is very good. Free, and does all the technical sender-domain-etc. ‘tracing’ work for you. All you need to learn is how to copy/paste an email with full headers (not hard). I see no need for learning/using another similar service.

        I used to report every spam/scam email, until doing so got me on a spammer’s hitlist, and started receiving hundreds of ‘bounce’ emails from an email domain, with my email address forged as the sender. Spamcop warn about the possibility of people who report spam copping this sort of revenge. They try to remove all recipient-identifying info from reported emails, but sometimes large alphanumeric strings within the email are used, obfuscated enough so that it’s not apparent it identifies the spam recipient.

        Spamcop give the use the option of which domains involved (sender, mentioned in the spam etc.) emails to send, which can be selected by ticking (checking) or unchecking. One trick I’ve developed is to surf to the domain of each, if I don’t know it. If that domain has no main page, the chances are that it’s specifically designed for the use of spammers, and sending anything to it would result in either more spam, or no action at all.

        I read that Microsoft take spam very, very seriously and spend millions on combating it, since the total cost to their servers is high (and to their reputation too, I’d think). I’ve no doubt that anything in my Junk Mail folder, if I don’t move it to another folder, even when I delete it, is followed up by them in attempts to shut down the spammers involved… and they are sometimes successful at this.

        No doubt Yahoo, Google etc. (all very large email providers) do the same. So now I only report spam if it’s particularly obnoxious. Only the worst of scam emails really… scammers tend to be small operations so have less chance of tracing a spam report to me and attempting to exact revenge.

        If I had my time over I’d pick a much more unguessable email address, i.e. one which wouldn’t be found by the random combination of personal names, titles and common words (which is how spammers add many email addresses to their lists).
        For most website signups I use a (free) Spamgourmet email address. There’s a learning curve but it’s worth it. Nine out of ten websites will accept a Spamgourmet email address, and there are multiple domains etc. one can specify for the same destination email account. My Spamgourmet email stats until today: 13,350 forwarded, 83,596 ‘eaten’. Nice!!!

        Asus N53SM & N53SN 64-bit laptops (Win7 Pro & Win10 Pro 64-bit multiboots), venerable HP Pavilion t760 32-bit desktop (XP & Win7 Pro multiboot), Oracle VirtualBox VM's: XP & Win7 32-bit, XP Mode, aged Samsung Galaxy S4, Samsung Galaxy Tab A 2019s (8" & 10.1"), Blu-ray burners, digital cameras, ext. HDDs (latest 5TB!), AnyDVD, Easeus ToDo Backup Home, Waterfox, more. Me: Aussie card-carrying Windows geek.

        1 user thanked author for this post.
        • #2264878 Reply
          ScotchJohn
          AskWoody Plus

          Steve – most interesting.  Thanks for taking the time.

          I may be kidding myself, but I think I may have contributed to lessening the amount of spam coming from AmazonAWS servers.  I got fed up with SpamCop reporting to abuse#amazonaws.com@devnull.spamcop.net, which was no report at all, so I started reporting direct to Amazon directly: ‘abuse@amazonaws.com’ ‘ec2-abuse@amazon.com’.

          I may be deluding myself, but the incidence of spam from AmazonAWS seems to have gone way down.  If so, good!

          Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

      • #2264906 Reply
        BigBadSteve
        AskWoody Plus

        Oh, a caveat re Spamgourmet (since I recommended it). For one in every few dozen websites you sign up to with a Spamgourmet email account, all emails they send to that account will just disappear. This would be because those websites send email to Spamgourmet (the constructed email address indicates whose Spamgourmet account it’s for) , and Spamgourmet’s server code then modified the emails with changed sender address, i.e. the ‘real’ email address the Spamgourmet account owner specified when opening their Spamgourmet account. Some peculiar/unusual email .eml formatting is apparently not recognised properly by Spamgourmet servers, meaning in those cases any new website account you tried to open will not be usable (as you won’t get the confirmation email). No biggie, when that happens I use my secondary ‘standard’ email account, or my main one if the vendor looks reliable. However if you used a spamgourmet account to buy anything online, without testing it first by opening an account and checking you receive the confirmation mail before ordering, then you’re going to end up annoying the hell out of the pay website’s Support department. So my own rules are:  never use my Spamgourmet email address on any website I’m paying to join, or for any sort of event ticket, and when ordering open the account and respond to the verification email before ordering.

        When you do use Spamgourmet to open an account at another website, you can, by the way, specify for each constructed email address how many emails you want to receive maximum for that address/website, which it can be changed later (to zero if they spam you and ignore your changing preferences/closing your account, or sell your email address to spammers, or get hacked and your details stolen, all of this happens). Around one in thirty websites won’t allow any sort of Spamgourmet address (maybe for reasons stated), when that happens I try to use a secondary non-shell email address (Outlook.com or GMail or whatever) if they seem in the least dodgy. My main email account, for ‘direct’ email, is only for those I trust. So not trivially simple, but hey I’ve avoided having to deal with over 83,000 spam emails, so I’m getting way good value for money (it’s free).

        Asus N53SM & N53SN 64-bit laptops (Win7 Pro & Win10 Pro 64-bit multiboots), venerable HP Pavilion t760 32-bit desktop (XP & Win7 Pro multiboot), Oracle VirtualBox VM's: XP & Win7 32-bit, XP Mode, aged Samsung Galaxy S4, Samsung Galaxy Tab A 2019s (8" & 10.1"), Blu-ray burners, digital cameras, ext. HDDs (latest 5TB!), AnyDVD, Easeus ToDo Backup Home, Waterfox, more. Me: Aussie card-carrying Windows geek.

      • #2273345 Reply
        8string
        AskWoody Plus

        I track spam and phishing attacks for multiple businesses on a daily basis. The notion of reporting one spam or fishing event is absolutely absurd. If you want to do it and it makes you feel better, great, but it’s not gonna change a thing. There are literally hundreds (maybe thousands )of fishing attacks every day on most businesses and individuals. The better email vendors out there like Google, Microsoft and others are filtering much of it before it ever reaches your desk. If you find yourself swimming in spam, Then you might want to find a better email vendor. Personally I’ve used both Gmail and outlook and they filter huge amounts of spam every day out of my inbox. If I had to get a guess as to which was better I’d say that Gmail was better at filtering then outlook but not by a whole lot. If you really are still having problems, then look at installing your own spam filter or paying for one. One of my clients uses Go Daddy for their vendor of Microsoft products, and I’ve set them up with the advanced filtering from Go Daddy at a small price. It is much more effective than the regular spam filtering that Go Daddy provides. It has reduced Spam dramatically though it is catching enough normal Mail that I have to check it every five days or so. so focus on filtering your inbox. I recommend that all my clients turn on outlook junk mail filtering to “high”and then check their junk mail inbox once a day to make sure they’re not having good stuff caught. Good luck on that!

        dictated to my iPad. If there’s some spelling errors it’s OK

        • This reply was modified 4 months, 1 week ago by 8string.
    Viewing 7 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Scam email and phishing

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.