Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [802SEC] DO NOT OPEN EMAIL FROM PAUL



I second Ben’s observations.

Paul – you don’t need to do anything unless that mystery email was also in your outbox.

 

Best Regards,

 

Adrian P STEPHENS

 

Tel: +44 (1793) 404825 (office)
Tel: +1 (971) 330 6025 (mobile)

 

----------------------------------------------
Intel Corporation (UK) Limited
Registered No. 1134945 (England)
Registered Office: Pipers Way, Swindon SN3 1RJ
VAT No: 860 2173 47

 

From: ***** IEEE 802 Executive Committee List ***** [mailto:STDS-802-SEC@ieee.org] On Behalf Of Benjamin A. Rolfe
Sent: 01 March 2016 22:03
To: STDS-802-SEC@LISTSERV.IEEE.ORG
Subject: Re: [802SEC] DO NOT OPEN EMAIL FROM PAUL

 

As Pat  points out, the "from" in the email header can be contain anything, it has not connection with the actual source.  You can't draw any meaningful conclusion from the "from" field of the email header. 

These SPAM generators do not need to 'hack' anyone's email account. It is equally common to harvest valid email addresses with sniffers - mail hearers traverse the public internet in the clear having their content scraped by billions of sniffers as they circulate the world wide web.  It is there for the taking, with far less effort than hacking an email account or server.  You need not have exposed your account, nor had any of your contacts "hacked", only used the same email address for a while.

I've explained this to IT depts world wide as my domain has been blacklisted repeatedly through no fault or action of myself or anyone I may or may not have had legitimate email exchanges between.  It is sufficient that it has been circulated around the web over 20 years. "blacklisting" an address or even a source server IP provides no protection from the evil SPAM bots at all, it only inconveniences your users and the victim who's address or server has  been spoof'd. 

Other popular sources for scraping legitimate looking email addresses include web pages that list a contact email, publicly available documents that list a contact email, email reflectors that have archives and compilations publicly available, etc.   Thus I've seen numerous bogus spams from "ieee.org"

Welcome to the club of mistaken identity, Paul.  You are not alone.
Ben

On 3/1/2016 1:38 PM, Pat Thaler wrote:

The "From" on emails like this isn't necessarily the owner of the hacked system. It is pretty common to harvest contacts from a hacked email and then send email from some of the contacts to other contacts. So, it could be another person on the EC reflector that was hacked.

 

On Tue, Mar 1, 2016 at 12:56 PM, John D'Ambrosia <jdambrosia@gmail.com> wrote:

All,

There have been a couple of emails just sent from Paul.  They looked suspicious to me.  I spoke to Paul, and it looks like someone stole his email.  Please do not open these email and delete them.

 

Regards,

 

John D’Ambrosia

Recording Secretary, IEEE 802 LMSCs

---------- This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.

 

---------- This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.

 

---------- This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.

---------- This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.