E-mail ID stolen - please, read.



#2

Hi, everybody;

I just received an e-mail sent by lcvieira@quantica.com.br. It's obvious I did not send an e-mail to myself. I scanned my hole net for current viruses and found nothing.

From now on, I'm not sending anything with this e-mail identification. If you receive anything from "me", please, disregard.

I'm changing it for these days.

Please, forgive "me" for any inconvinient.

Luiz C. Vieira - Brazil


#3

It is very easy to send email on a Unix system that appears to be from anybody you like. There is a particular port that you write a suitably formatted text file and that appears to be incoming mail.

Modern systems try to block this capability, but I'm not sure how successful they are.

#4

Don't panic, Luiz!

It's very easy for spammers to forge the source email address on email thay they send. The SMTP protocol basically requires no authentication whatsoever, and so it has become increasingly common for spammers to use this type of trick in order to induce a curious recipient to read their email (rather than just deleting it without reading).

Just last week, I received two emails which were entitled "You Sent Me an Email - Who Are You?" (or something similar) and which - at first glance - appeared to have been sent from my own mail server. However, upon closer inspection, it was obvious that while the mail server name had been forged, the IP address could not be, and this revealed the source of the spam.

My advice, therefore, is that you do nothing at this point, particularly if changing your email address would cause you inconvenience.

Best,

--- Les Bell, CISSP
[Certified Information Systems Security Professional]
[http://www.lesbell.com.au]


#5

I have 5 pieces of Spam in my inbox addressed from my own email ID, all received during last March. What I am particularly mystified by is the email I receive that isn't addressed TO me. How can that happen without the cooperation of my ISP? Frequently such email is addressed to "mailing list" something or other. I suspect my ISP is forwarding Spam to me for a fee from mass emailers. I have confronted their customer service people with this but they insist it isn't true.


#6

>>
What I am particularly mystified by is the email I receive that isn't addressed TO me.
<<

Oh, that's simple. Before sending the email proper, the mail servers have a little conversation using the SMTP protocol. What's sent in the RCPT TO: line here, takes precedence over what's in the RFC 822 email header's "To:" field.

The exchange will look like this:

MAIL FROM: buyme@cheap-viagra.com
250 OK
RCPT TO: ehowell.easley@worldnet.att.net
250 OK
DATA
354 Send email, followed by <CRLF>.<CRLF>
Received: from fake.email.server by another.fake.email.server
From: buyme@cheap-viagra.com
To: ehow539@some-domain.com
Subject: Make Her Happy Tonight!

(Body of email follows)
.
250 OK
QUIT
220 Goodbye

The To: field is often just the first recipient of that particular batch of spam (as is the To:, occasionally).

Best,

--- Les Bell, CISSP

[http://www.lesbell.com.au]


#7

Thanks, Les! I fetched RFC822 - it's about as old as our calculators and ought to be as much fun to study.

#8

as i imagine most folks here, i get a lot of (and increasing!) spam. results of an interesting study were published about a month? ago in the Tech/Net section of Yahoo, detailing what factors seem to contribute most. the study setup many email accounts, and then used them to perform typical online activities. the resulting spam load was then analysed.

posting to public forums like this, and using an address as a username, such as on Ebay are some of the worst actions. naturally, i have done both, and am apparently paying the price. more worrisome, i get what look like genuine email messages from Yahoo and Ebay asking for passwords, account info, and such. they (admins) are surprisingly unresponsive when i alert them to that.

i wonder why a new mail protocol hasn't been developed?

/bs

#9

Luiz,
This could be a spammer, or it could be a virus. If someone, with your address in his address book, gets infected by a email virus, this machine could start sending email using your address as sender.

Changing your email address will not fix this situation. Warning people like you did may help. Solution would be to find the infected machine - unfortunately I don´t know how to do that.


#10

Since I have posted some messages on this forum I have noticed that I am getting a lot of spam. I have decided to add a little to my email address so that real persons can delete the extra letters ie. the word "spam" in my address if they want to email me.
This might have been a coincidence. I don't know.
It might not even the same type of problem as yours.
Anyway I'll see if it stops or slows down.


#11

Great idea - think I'll try that too!

#12

Yes, the idea of putting in characters seems to be pretty effective, though I am sure some spammers are writing increasingly sophisticated routines to fetch emails--perhaps even looking for the word "spam" or the word "dot" (as in "myname@server.com" translates to "myname@serverdotcom").

I first saw this usage all the way back in 1995, on a newsgroup. As you can see, I use it here, too.

I once was guilty of clicking on a message which said "%$#% elargement" and that got my email into a list. After a number of months, much of it died down. Apparenty, just navigating to a particular web-site can give up your address somehow--does anyone who is knowlegeable on this aspect have any further information on this?


#13

>>
Apparenty, just navigating to a particular web-site can give up your address somehow--does anyone who is knowlegeable on this aspect have any further information on this?
<<

If your web browser is absolutely "clean" (i.e. newly installed), all that will be revealed is your IP address. For those of you on home dial-up or broadband connections, this is of little significance. For those of you on corporate networks, the web server log will reveal the IP address, and someone can do a "dig -x" command to reveal the domain you visited from, but not the email address there.

However, if your web server has been in use for some time, it will have acquired some cookies from the major ad-serving and ad-tracking networks. Some of those will be sent with every HTTP request. The cookies are generally just randomly generated tokens which allow the ad networks to track which ads you've seen and which ones you've clicked on. They don't reveal any personal information, but allow the networks to build a picture of your web-surfing habits and interests. While none of them *should* include your email address - this would be a major privacy violation - it's always possible that one might. I've never seen that happen, though.

Much worse are HTML emails. Many of these contain a "web-bug" - an embedded image request which is unique to that email, usually something like:

<IMG SRC="http://bad-server.spammers.com/cgi-bin/track.pl?id=01c5ed7f">

or similar. When you open the email, that request (which returns a 1 x 1 white pixel, so you never notice) will be sent to the related web server and logged, so now they know a live reader opened the email. You didn't give them your email address by this, but you just confirmed that it's an active account with a human and no spam-blocking.

And while writing this, I just thought up another way by which your email address could be obtained by a malicious web site. I won't document it here, as I've never seen it used, but I will say that you are at risk if your browser is configured to send your email address when it logs into an anonymous FTP server. Make sure you use a fake address in that case, if possible.

Best,

--- Les Bell, CISSP[br]
[http://www.lesbell.com.au]


#14

/

#15

Sorry Howard... it will NEVER stop. It will NEVER slow down. Once your address gets out, it keeps getting sold and resold. These creeps NEVER remove an address from their lists... it costs them nothing to send their wonderful little messages to dead accounts.

#16

Luiz:

>I just received an e-mail sent by lcvieira@quantica.com.br. It's obvious I did not send an e-mail to myself. I scanned my hole net for current viruses and found nothing.

I get emails by kajzero@earthlink.net all the time. All of them (no exceptions) are from spammers selling pornography or sexual services. My "in" mailbox is usually stuffed with this sort of garbage.

I just delete it without opening, but it's still bothersome. The low-lives who send those messages wouldn't like to be on the receiving end, of course, but they don't see anything wrong with broadcasting their trash. I'll bet they squawk "Free speech!" if challenged in court -- which would never happen, as it's impossible to track them down.

Once I remember I kept receiving the same email for several days, and I replied, breathing flame, that I didn't want it. I remember sending that 20 or 30 times, all in a row. It did no good whatsoever. If you reply to them they never reach them.

Be philosophical. Don't make bile unnecessarily!
-Ernie


#17

Replying (even with flames) will only confirm to the spammers that your address is active; I would suggest not to reply, just delete the offending messages and, if possible, put the suspected addresses or domains in a "blocking" list.


#18

>just delete the offending messages and, if possible, put the suspected addresses or domains in a "blocking" list.

Andrés:

That's what I've been doing recently. The problem is that the spammers use different names, email addresses, and subject descriptions, so they get around my email client's junk filter. It's a losing battle.

-Ernie


#19

One of the best defences I've found is using their weaknesses against them.

Spammers try to make their crap as eye catching as possible. For this, the preferred technique is HTML mail. However, no legitimate sender EVER sends me email with HTML in it -- if they need to send HTML they'll send it as an attachment. So, I have a filter which dumps all HTML mail into the junk mail folder.

Works very well.


#20

Great idea, Patrick.

Unfortunately, my email client doesn't have the option to annihilate HTML emails.

-Ernie

#21

I had limited suceess blocking suspicious domains, but it is a little drastic

#22

The first thing in my email filter list is to delete any message with my email name in the address or message title. Strange that I don't get any of those messages from myself anymore.

#23

Hi, guys;

thank you all for your support.

I was a lot worried about the possibility taht some of you received any message from "me" with suspicious contents. I'd never send trash to anyone in here.

That's why I decided to post, because the message I received from "me" was inviting me to participate with swing or something like this. I guess if one of you receive this sort of invitation from "me" with photos or animatied GIF's...

Thank you again. I'm changing (or adding another) e-mail address for the end of this month.

Best regards.

Luiz C. Vieira - Brazil


#24

LOL Luiz!!!

I don't mean to make light of what you perceive is a threat to your good name... I am laughing because the whole Internet is just such a funny, funny thing!

"Yeh, it has to be from Luiz: look-- see, he's wearing a 48GX!!"

Man, I know what you are going through. In November, while I was eBaying a lot, one of the vendors had me in their "Contacts" list in their Outlook Express. They somehow got infected with a virus. I know this, because one of the things this virus did was take that list of contacts, send an email to each of us which contained the virus, and it proceeded to infect MY computer and send MY Contacts the same...

I stopped that fast, my external modem was going crazy showing uploading, and I pulled the plug. But I might not have noticed anything otherwise, had I just been puzzled by the nonsense mail I got.

I was MAD, really angry. I had to rebuild my Windows system, bought Norton Internet Security, went to using Yahoo mail for a while, and ultimately configured Outlook Express to NOT automatically open everything that loads in or is clicked on. While I trust Norton for most things, if someone sends me something and I don't know them or it has an attachment or I am the least suspicious of it, I don't open IT-- I choose Properties and I examine the SOURCE. Or, mostly, I just delete it (practically impossible to just delete a mailbomb if you use Outlook as it comes initially configured, with that Preview pane ON).

Luiz, I was paranoid for a month-- but virii and unsolicited crap-- AND, I guess you know, your published identity, no matter how many times you change it-- are all going to swirl around this toilet bowl known as the Internet. Even my MOM has received unsolicited porn, and she's not been out there trolling for anything but gardening advice.

The best advice I know of is to keep your profile low, maybe when you put your name out there, you do it with a misdirection, like the "luizNOSPAMvieira@quantica.br" idea. Or, as in my participation here, I invite the feedback ALSO to be here, and don't post an email address. The less its out there, the less exposure to evil, and I know the mail I see in my box is actually from someone I want to hear from.

Finally, I don't OPEN (or allow Outlook to open) anything I am not confident is a legitimate correspondence.

Luiz: do whatever you feel makes you more secure... except leave the scene.

In my hometown, all my grade-school teachers were in the phonebook, and you knew where they lived. This meant, sometimes, that a little jerk like me could call and ask at 10pm: "Is your refrigerator running?" (an old joke that 11-year-olds always seem to think is funny). "Ooh, you'd better go catch it then". Unlike now, there was no "caller I.D." function. I'm sorry now, teachers. :-/

On today's Internet, Luiz, telling what came from whom is almost impossible if someone wants to decieve or be unknown. The "Caller I.D." function in email is pathetic, to say the least. Even on this board, someone can type your name or mine to their post.

But our reputations are never going to be made nor broken by others' misuse of our identities: those who know us, or need to know us, will not be misled when or if such a prank occurs.

You are not a prankster, and we all know that. While I *sometimes* am capable of pranks and foolishness, I stopped cold using any alternate pseudonyms here out of respect for Dave's Rules, when they came about. Darnit, no more "Mr. Guaca Mole", no more "Joy S. Noel", now it's only "glynn", always "glynn". And when I want to say something "arrogant" or silly, I take the flack.

No one here will ever respect you any less, if your character HERE is consistently as praiseworthy and helpful as it has always been. Notice that you, here, are QUITE respected, and have been from the moment this crowd started reading your posts. That will always continue.

Gosh, even if you're NOT a swinger... ;-D


#25

Hello, Glynn; (you disapeared for a while too, my friend)

I thought about extending my thankfullness, but I believe your words need nothing more. I'm glad (and thankfull for) being considered this way.

Thank you.

Luiz C. Vieira - Brazil


Possibly Related Threads...
Thread Author Replies Views Last Post
  HP PRIME: command to read the SERIAL ? Joseph Ec 9 4,481 11-01-2013, 12:43 AM
Last Post: Joe Horn
  Does IR printing not work on your converted WP34s? Then read on... Harald 3 1,221 04-04-2013, 05:46 PM
Last Post: Harald
  HP-67 Read Error Matthew Richards 5 1,470 03-31-2013, 05:01 PM
Last Post: Matthew Richards
  HP 48GX with Black LCD - S/N ID Jeff Kearns 4 1,340 12-15-2012, 03:55 PM
Last Post: aurelio
  Apologies on mail delay. Diego Diaz 0 565 11-07-2012, 02:27 PM
Last Post: Diego Diaz
  Anyone willing to read some HP41 cards? LarryLion 10 2,196 09-05-2012, 01:48 AM
Last Post: Juergen Keller
  HP41 Card Reader won't read and write Bruce Larrabee 5 1,573 07-31-2012, 06:33 PM
Last Post: John Robinson
  The new 39GII and RPN?: Please read and comment. Pal G. 34 6,244 07-25-2012, 06:07 PM
Last Post: Gilles Carpentier
  A still missing feature in WP-34S (please read on) Andrés C. Rodríguez (Argentina) 9 2,219 05-26-2012, 12:25 AM
Last Post: Jim Horn
  Read any good (HP-48) books lately? Matt Agajanian 2 835 04-18-2012, 05:58 PM
Last Post: Matt Agajanian

Forum Jump: