Naked Science Forum
Non Life Sciences => Geek Speak => Topic started by: RD on 31/08/2013 17:58:59
-
How can criminal-scam-type spam-email apparently come from a UK educational establishment ?
Someone I know at a UK educational establishment, ( their email ends “.edu (https://en.wikipedia.org/wiki/.edu)" ), sent me an email.
Within a few hours, ( before I had read or replied to their email), I got a spam email [fake PayPal] which appeared to come via their “edu” address.
I’m interested to know at what point do the spammers obtain* my email address from the “edu" sender.
Is it at the educational establishment , or in-transit, or (hopefully not) at my end ?
BTW by Googling a bit of the spam email header I found several other spam recipients apparently from the same UK “edu” address , ( apparently there are Nigerian links ) , the spam recipients have Yahoo / Google (Gmail) accounts , so not specific to one email provider.
( * my [disposable] email address was specific to the "edu" sender , and I had never sent an email using it , i.e. the spammer couldn't have got it from anywhere else other than the "edu" sender ).
-
Assuming you know the participants involved, I would encourage everyone to scan their computer for viruses and spyware & make sure their antivirus and antispyware software is up to date.
The other thing thing to do is to open "Full Headers" on the e-mail. By looking at the routing of the message, you should be able to determine if the message originated from your friend's computer, or if the e-mail address was spoofed, and the message originated elsewhere.
It is also possible that a third party is involved.
So, say person A sent a letter to B & C.
Then if C's computer was corrupted with a virus, then the hacker could spoof a letter from A to B using the information obtained from C's computer.
-
Assuming you know the participants involved, I would encourage everyone to scan their computer for viruses and spyware & make sure their antivirus and antispyware software is up to date.
The other thing thing to do is to open "Full Headers" on the e-mail. By looking at the routing of the message, you should be able to determine if the message originated from your friend's computer, or if the e-mail address was spoofed, and the message originated elsewhere.
I did alert the sender to the possibility they've been hacked and I sent them a copy of the full header of the spam email, amongst other things their educational establishment teaches "computer engineering" and "computer science" so may make more sense of it than I could.
I think a BCC (https://en.wikipedia.org/wiki/Carbon_copy#E-mail) hack at the sender end is a possible explanation : unbeknownst to the sender the Nigerians get a copy of the email ".edu" sent to me, and within a couple of hours I get spam email from the Nigerians which appears to come from the educational establishment in the UK.
-
Hmmm, I hadn't thought about adding a BCC to outgoing e-mail, although that should be visible to the sender.
I think some just download the entire address book and message headers, and then start spoofing e-mail using that. If a virus remains active on a computer, then it would be best to spoof mail coming from a 3rd party to prevent rapid identification of the hacked account.
-
Just ran a test on the ".edu" IP address ...
Test port scan
Attention, there are 3 open ports:
25/tcp open smtp
465/tcp open smtps
587/tcp open submission
Tests Blacklist and Whitelist
The IP address is blacklisted in one blacklist
The IP address is not whitelist
Does that mean they've left doors open ? [ or that they cannot be secured (https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#Security_and_spamming) ]