Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Scam / spam that appears to have been sent from my email address  (Read 1009 times)

Chunkers

  • Reg Member
  • ***
  • Posts: 526
  • Brick Wall head-banger
Scam / spam that appears to have been sent from my email address
« on: February 02, 2024, 07:29:32 PM »

Quick question

Security not one of my strong points, I got a scam email today, nothing unusual there tbh, it was actually one of these

What I don't really understand is that appeared to be from and to an email address of mine(my own domain hosted by names), how did they do that?  I checked all my devices and they are clean, logged into my email host provider and it was not sent from a device of mine that I can see. I changed all my passwords as a precaution. I ran malwarebytes on my pc and its clean.

Slight concern that my email provider (names.co.uk) might be compromised in some way, although it appears their filter successfully flagged it as spam and carrying a virus.

Here are the email headers - I have replaced my email address with me@myemail.com

Return-Path: <me@myemail.com>
Delivery-date: Fri, 02 Feb 2024 17:48:52 +0000
Authentication-Results: mx1.ukservers.net;
    iprev=fail smtp.remote-ip=147.235.220.112;
    spf=permerror smtp.mailfrom=myemail.com;
    dmarc=none header.from=myemail.com;
    arc=none
Received: from [147.235.220.112]
    by mx1.ukservers.net with esmtp (Exim)
    (envelope-from <me@myemail.com>)
    id 1rVxem-000000005DO-CvbI
    for me@myemail.com;
    Fri, 02 Feb 2024 17:48:52 +0000
Message-ID: <693B4941341B333C6E1C14614E66693B@S5YYV8W1>
From: <me@myemail.com>
To: <me@myemail.com>
Date: 2 Feb 2024 20:28:51 +0100
MIME-Version: 1.0
Content-Type: text/plain;
    charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3505.912
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3505.912
X-Virus: yes; detected as Sanesecurity.Phishing.Fake.Coin.30282.UNOFFICIAL
X-Spam-Flag: YES
X-Spam-Report: Flagged internally by mail system
X-Actual-Recipient: me@myemail.com
X-Original-To: me@myemail.com
Subject: A new payment schedule has been approved. (Contains malware Sanesecurity.Phishing.Fake.Coin.30282.UNOFFICIAL)
Message Body
Hello pervert,

Does this actually tell me anything

Hate this stuff, makes me paranoid.

C
Logged

g3uiss

  • Kitizen
  • ****
  • Posts: 1151
  • You never too old to learn but soon I may be
    • Midas Solutions
Re: Scam / spam that appears to have been sent from my email address
« Reply #1 on: February 02, 2024, 08:17:27 PM »

Simply spoof your email address. No breach I suspect I get these on several accounts regularly.
Logged
Cerebus FTTP 500/70 Draytec 2927 VOXI 4G fallback.

Chunkers

  • Reg Member
  • ***
  • Posts: 526
  • Brick Wall head-banger
Re: Scam / spam that appears to have been sent from my email address
« Reply #2 on: February 02, 2024, 09:27:10 PM »

Simply spoof your email address. No breach I suspect I get these on several accounts regularly.

Thank you, a relief, i didn't understand that was possible.  So easy to see why people get caught out with this stuff.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33883
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Scam / spam that appears to have been sent from my email address
« Reply #3 on: February 03, 2024, 03:45:36 PM »

Its quite easy to spoof email addresses, we used to do it for a laugh or joke or April Fool from Bill Gates or some pop star.   It was all innocent fun with no malice or fraud aspect.  You only needed a DOS window to open telnet and then manually type in the relevant fields and MAIL FROM could be anything you like.

iirc it was about 2003-2005 that you started seeing it done for more nefarious reasons and on a larger scale.  It seemed to coincide with adsl broadband being available.   Its not hard to write a script to automate the process and then bots feeding the mail recipients with harvested email addresses.

DKIM and SPF have helped a little, they help email client software check if email comes from the correct server.  I have set up DKIM and SPF records which state that any mail from the site domain will always come from my server IP address.   Not all mail clients do anything though.  gmail may something mark any spoofed mail using this domain as spam.

There's also something called DMARC but unfortunately it can be difficult for the average person to implement.  Theres only something like 15% of people with their own hosted mail....  and only about 40% of the large organisations.   Banks and financial institutions being the main organisations using DMARC,  but it still doesnt stop spoofed spam if they say change a letter.  So you get spoofers getting round that by say using mymai1address.com or my_mailaddress.com instead of mymailaddress.com.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker
 

anything