 sj |
||
|
||
Tech: email address co-opted
|
|
|
Subject: RE: Tech: email address co-opted From: The Fooles Troupe Date: 01 May 07 - 03:40 AM Thank You! (Blush!) |
|
Subject: RE: Tech: email address co-opted From: Seamus Kennedy Date: 01 May 07 - 01:22 AM The Court Jester. Seamus |
|
Subject: RE: Tech: email address co-opted From: The Fooles Troupe Date: 30 Apr 07 - 01:19 AM Your're just jealous.... :-P |
|
Subject: RE: Tech: email address co-opted From: GUEST Date: 29 Apr 07 - 09:01 PM Fool you continue your rep ..... If ONLY it merited a 10th of Danny K.
|
|
Subject: RE: Tech: email address co-opted From: The Fooles Troupe Date: 29 Apr 07 - 05:34 PM Get it? Got it? Good! (Danny Kaye - The Inspector General) |
|
Subject: RE: Tech: email address co-opted From: JohnInKansas Date: 29 Apr 07 - 01:18 PM As Foolestroupe notes, the header contains information about all the addresses for the message: who sent it, who's received it, who's answered it, and who's forwarded it. Unfortunately any or all of that information can be faked. The way in which the header information is encapsulated into the email message is also difficult for most people to read and interpret, since it's set up to be used by the email routing system to get the message from senders to recipients; and without some real knowledge of the format and use (by machines) you may think you're "reading" it, but may be making guesses that aren't correct or aren't meaningful. You may be able to find some clues to help you decide whether a particular message is legitimate; but you can't rely on what you can see there to do much of a "personal investigation." Attempting to "investigate" suspicious email personally is NOT RECOMMENDED by most in the antispam/antimalware business, since it is evidence of "an excess of curiosity" and "curiosity" is the currently favored vulnerability for malware distributors. If you can be persuaded to "click" something, your computer can only see it as your instruction to perform whatever action is embedded in the click. The click does not need to embed the action that the 1 label says it's going to do. 1 If you see a blank space to the left of the "1" above, select/highlight to read the whole statement. (trivially obfuscated, but it could have contained a link. Even clicking a blank space in a cleverly constructed phishing email could give permission to install malware.) If a message truly concerns you, you can send it to the "antispam" address that your ISP gives you, and/or to one of the industry antispam/antimalware organizations. Unless one of these instructs you otherwise, you should NOT FORWARD the message. You should address a new email to each intended recipient and ATTACH the suspicious email. Some email services do survey "bulk mail" folders to keep track of what traffic is most common, so moving anything suspicious immediately to bulk mail - without opening it - may contribute something to the health and well-being of the internet email system. Unfortunately, ISPs tend to be reluctant to tell you whether or not they do such surveys, so you can't be sure this will be helpful. Any email that is not from a known sender, and usually any email that is not expected from a known sender, should just be deleted - without opening, inspecting, probing, examining, reading or any other thing your curiosity impels you to do. Any email that is not from a known sender, and usually any email that is not expected from a known sender, should just be deleted - without opening, inspecting, probing, examining, reading or any other thing your curiosity impels you to do. Any email that is not from a known sender, and usually any email that is not expected from a known sender, should just be deleted - without opening, inspecting, probing, examining, reading or any other thing your curiosity impels you to do. GOT IT? ... I didn't think so, but it's your choice. John |
|
Subject: RE: Tech: email address co-opted From: The Fooles Troupe Date: 29 Apr 07 - 02:37 AM "can't you just follow the path the message has taken in the Received lines of the header" You could, but it's not hard to fake some of them too... |
|
Subject: RE: Tech: email address co-opted From: GUEST,Ravenheart Date: 29 Apr 07 - 02:22 AM John in Kansas, as far as simple tests go, can't you just follow the path the message has taken in the Received lines of the header to see if the message has come from your own machine through your own ISP, or somewhere in China? |
|
Subject: RE: Tech: email address co-opted From: Rasener Date: 29 Apr 07 - 01:02 AM And the way to clear your machine of this problem is??????? |
|
Subject: RE: Tech: email address co-opted From: freightdawg Date: 28 Apr 07 - 10:21 PM Many thanks to all who responded. By the way, my orginal should have read "followed by the Mrs...." I had no idea email addresses were so easy to steal. I thought...oh well, that's what I get for thinking. Dawgs should never think. Sincerely, Freightdawg |
|
Subject: RE: Tech: email address co-opted From: JohnInKansas Date: 28 Apr 07 - 06:54 PM Gargoyle's Message Rules for Outlook Express may be helpful IF you use Outlook Express. I can't say how similar other email programs may be. From the original posting: The Mrs. Freightdawg received an email as a "re:" in the subject line. The "Re" in the subject line means that it is a reply to an email you sent. It should be followed by the original subject that was on the original email. Some email program setups will add a new "Re" each time the same message is sent back and forth, so a back-and-forth correspondence on a single subject can end up with "Re: Re: Re: ... Re: Original Subject." Some programs, with some setup options, can be made to terminate the number of "Re:" repeats at one or two. A common setup adds "Re:" for the first reply, "Re:Re:" for a response to the replay, but won't add more for Re: prefixes for subsequent passes. Some programs allow you to limit to a single Re: regardless of how many "passes" the same message (with additions) has gone through. In effect, the "Re" means that the sender's address contained in the original email was used for the recipient of the reply, and the recipient of the original message would be shown as sender for the reply. The "Fwd:" in a subject line is similar, meaning that the recipient of an original email is the sender but a new address is the recipient of the Forwarded message. Your setup determines whether you may see just "Fwd: Original Subject" or "Fwd: Fwd: ... Fwd: Original Subject." A lot of "friendly junk" mail of the kind that people receive and "share with all their friends" may be received with long "Fwd: Fwd: ... Fwd: " heads on the subject line. The appearance of the Re: or Fwd: is not, in itself, suspicious. rolled the cursor over the sender's name and the sender's email address showed up - and it was the sender's name followed my the Mrs. Freightdawg's Rolling the cursor over sender's name does not show additional info in my OE setup, but that may work with your program. Since the Re: means that it's a reply to something you sent, some programs may show, separately, the current sender who is replying and the original sender of the message. I haven't seen it displayed separately in the manner described, but the information to do it that way is contained in the message. You can look at your email program, and it's setup, to see if it's reasonable that when your address is shown for this email, it has the meaning that you were the originator of an email to which a reply is being made. As to how someone can get (and steal) your email address, if you receive an email newsletter that uses "open addresses" in the "To" box (many addresses are shown), in OE and presumedly in most other email programs, when you receive an email you can one-click "Add to Address Book" and can choose "Sender" and/or "Recipients." If the email contains many addresses from a prior couple of Fwd: cycles, this will add every email address this particular missive has ever been addressed to into your address book. You can then, as described above, pretend to be anyone in your own address book when you send a new message (illegally, of course). I've received "newsletters" and "joke Fwd:" messages that individually provided me with as many as 100 separate email addresses each of people I don't particularly care to know, had I wished to "harvest" them. If you're receiving mail of this kind, you must assume that everyone else receiving the same email knows your addy. John |
|
Subject: RE: Tech: email address co-opted From: GUEST,.gargoyle Date: 28 Apr 07 - 03:24 PM MESSAGE RULES FOR OUTLOOK EXPRESS
|
|
Subject: RE: Tech: email address co-opted From: GUEST,:::: Date: 28 Apr 07 - 02:33 PM Email Spoofing
Changing a name in email so that it looks like the email came from somewhere or someone else...is spoofing.
Used by spammers it is a defense against people finding out who they are. It's also used by general malcontents to practice malicious behavior.
It can be a legitimate and helpful tool for someone with more than one email account from an ISP-provided email.
For instance, you have an account, yourname@gnet, but you want all replies to go to yourname@mudcat.org. You can spoof yourself so that all the mail sent from the gnet account looks like it came from your mudcat.org account. If anyone replies to your email, the reply would be sent to yourname@mudcat.org
This is also helpful if you temporarily use a Web-based email account but want the replies to go to your regular email address.
Doing this for anyone but yourself is absolutely illegal. You should not ever spoof anyone else, not even in fun.
To change your email identity, go into the mail preferences of your email client, or Web-based email host. Look for fields about identity. They will normally default to your email address and your name. You can change them to whatever you want.
Sincerely, |
|
Subject: RE: Tech: email address co-opted From: JohnInKansas Date: 28 Apr 07 - 02:14 PM This may not be just a "scam," but could be a criminal activity. (Criminal is my term for it, and it may not be a legally defined term.) Possibility I: One of the most popular means of distributing junk email is to get a "bot" placed on an individual's machine. The bot connects surreptitiously to a site where a larger program can be downloaded and installed (usually hidden) on your computer without your knowledge. While you are unaware, the program uses your machine to send SPAM to the whole wide internet. Estimates now are that 60% or so of all SPAM traffic is sent from "robot" machines taken over in this way. Such downloaded/installed bot programs fairly often include keystroke loggers to capture your personal identification information, as when/if you type in your credit card number for a web purchase. In a few cases they've been know to search the machines on which they're installed for any passwords etc that you may have tucked away. It is quite possible that the email that was forwarded was sent from your machine, using your email return address, without your knowledge. Quite commonly, these programs will send to every address in your address book, so you might check with a few friends to see if they've received "strange" email from you. More often recently, the same program that sends the email (in your name) may be accessing lists of recipients elsewhere. They may not be particularly interested in the dozen or few dozen addresses you have when they have lists - bought and sold on the internet - of many thousands of "confirmed suckers" to mail to. Possiblity II: It's been fairly common recently for a scammer who manages to get your email address to send a "Re:" email, showing your email as the originating address, to make it appear that they are replying to something from you. This "fake" can be done quite simply as noted by earlier posts here. Quite often, these messages will claim that your bank, the IRS, Homeland Security, a lottery, a place where you have an account, or some other "legitimate" source "needs to have you confirm" something. A link is usually provided for you to click to find out what it's all about. The link may take you to a site that looks exactly like the real site that it's pretending to be; but it will be a fake where you will simply be asked for personal information, or where the above mentioned "bot" or other malware can be downloaded to your machine. In less common cases, the link may actually be to a real site that has been "hacked" to make it download the same kind of malware. A "remove my name from your list" button may actually go do a download server that will give you a "thank you for your reply" while it downloads malware to youre machine. (NEVER CLICK A "DO NOT SEND ME ANYMORE" link on anything from an unknown sender.) Possibiity III: As noted above, there are less nefarious ways for someone to fake an email address, so your experience isn't proof that your machine has been taken over; but to fake your address someone with low moral values has to know your address, which should cause you some concern. There are, unfortunately, no really simple tests for which of the above may apply to your situation, or for being sure that some more innocent thing applies. Any recommendations will depend on "How paranoid do you want to be." Also note that all of the above happen mostly to Windows machines, but neither Macs nor Linux machines are completely immune; and similar malware is reported for both. John |
|
Subject: RE: Tech: email address co-opted From: Q (Frank Staplin) Date: 28 Apr 07 - 02:05 PM Also report to your server. |
|
Subject: RE: Tech: email address co-opted From: GUEST,Ravenheart Date: 28 Apr 07 - 01:34 PM You could try reporting the messages to Spamcop (www.spamcop.net). There may be clues to the identity of the sender in the message header or body that they can use to take action. |
|
Subject: RE: Tech: email address co-opted From: Shaneo Date: 28 Apr 07 - 12:31 PM The very same thing happened to me , it only started a few weeks ago ,any mor info. on this scam ? |
|
Subject: RE: Tech: email address co-opted From: DMcG Date: 28 Apr 07 - 11:50 AM Internet email never considered security, so using someone else's email address is probably about the simplest misuse of the internet you can undertake. It would probably take you about 5 minutes searching and reading to learn how to do it. It takes nothing more than running a standard tool on Windows, Unix, Mac or whatever, and typing in the address you would like email to appear to be from. There have been attempts to overcome this, but to do so properly pretty much requires every email system in the world to be altered... |
|
Subject: Tech: email address co-opted From: freightdawg Date: 28 Apr 07 - 11:36 AM Okay, I'm a 'puter doofus, so this has me totally stumped. The Mrs. Freightdawg received an email as a "re:" in the subject line. She didn't recognize the sender, so she rolled the cursor over the sender's name and the sender's email address showed up - and it was the sender's name followed my the Mrs. Freightdawg's email address. My question is this: how can someone "co-opt" (read "steal") your email address? And to what nefarious end? How can you protect your email address from getting stolen by someone? I've heard of web sites getting hacked, but stolen email addresses? Any answers and suggestions would be appreciated. Freightdawg |
| Share Thread: |