Skip to main content

Posts

Showing posts with the label fictitious email

Chop That Dollar

Its been quite some time since I've received a 419 spam message in my inbox. But - like matter itself - 419 never dies - only changes form. I found the message below in my inbox this morning. I was pleased to note that the message originated from Yahoo, and contained several classic red flags for spam that even the neophyte mail server admin knows to watch out for, like from & reply-to headers with different different domains. This is the kind of l33t security I've come to expect from Yahoo. But hey, the Russians did it , and no one can be expected to secure their customers from state sponsored attacks. Susan here is no doubt a member of Nigeria's elite NIA . From: Susan ***** desmondwilliams614 yahoo.com Subject: Hello, Date: Sat, 18 Mar 2017 12:12:52 +0000 (UTC) Reply-To: desmondwilliams614 yahoo.com Susan ***** deswill0119 yahoo.fr Hello, Greetings. With warm heart I offer my friendship and greetings, and I hope that this mail will meets you in good time. Ho

DocuSign Spam

Spam has been going out appearing as sourced from DocuSign. Examples are included below. According to DocuSign, this issue has been ongoing since at least as early as January 3rd . Recent activity has accelarted in the last week, with new evidence and examples coming to light. Stay safe out there.

Phishing Alert - NACHA Spam with BONUS: How to Read Headers to Identify the Source of Fraudulent Email

A few million of the emails below are making the rounds. The phishing emails attempt to be from NACHA, an ACH trade organization, and tell readers that a recent direct deposit was declined and to just DOWNLOAD THIS SOFTWARE to CLAIM YOUR FREE CASH NOW!!!11! NACHA itself is aware of the tomfoolery: The From: and Reply To: headers are both forged in this email. Because of this, I suspect that jamnaytac.com, who is included in the Reply To: but now the From: is going to be receiving some grief / spam complaints that have nothing to do with them. So who is responsible for this? Below I have included the email headers for this spam message. This one is mildly interesting because it makes some shallow attempts at being deceptive to a lazy reader. When reading headers, what we are interested in mostly are the Received: lines. Almost every other item (mouth breathers: note the almost) can be forged. Received: lines can be forged to, but only by adding lines that should not be