The Beacon Message Board

Received an E mail this morning from blueboy51, and headed Beacon Audax. Have not opened it, and was wondering is this a scam?

bobg wrote:Received an E mail this morning from blueboy51, and headed Beacon Audax. Have not opened it, and was wondering is this a scam?

Best to delete.

There is an epidemic of these at the moment. 'Blueboy51' is part of an e-mail address belonging a fellow Beacon member. The address has probably been harvested by a hacker. This is the first one I have seen headed 'Beacon Audax' - which is concerning.

Does anyone have any more detailed knowledge on how this may have happened?

Bob, I think that you can safely assume that all genuine Beacon mail will come from a recognised address. I send the Bulletin and other things, such as AGM papers, using club-info at beaconrcc dot org dot uk (via beacon at haywoodhouse dot net). I think Pete uses an address at cotswoldaudax dot com. Other people may use other addresses, but they should be equally recognisable, e.g. due to including beaconrcc dot org dot uk.

As Phil says, Blueboy is a former member; I won't name him because that would be inappropriate (although, as a Villa fan, I'm rolling my eyes). The assumption must be that his computer is or was infected or that his webmail account has been hacked. I would also guess that you are in his contact list or otherwise linked to him, e.g. due to you having exchanged messages once, or both being addressed by the same message sent by someone else (maybe you once both volunteered to marshal at an event and were sent some info by the organiser, for example). The club will never knowingly share your address with anyone and I think that all the official mail senders use secure systems.

Although I think you are right to err on the safe side, reading a scam e-mail doesn't usually do any harm. The problems come if you open/download attachments or click the links they contain.

I received an email from Pete Marshall earlier in the week entitled 'Important'. It was in fact just some kind of spam/ sales link.
Evidently someone has accessed my email via his address book which is slightly concerning.

There's a lot of it going on. Had nothing from 'Beacon' members, but had a couple purporting to be from writing associates. Deleted without opening. I've changed my passwords and had nothing since,

Pedlo Mudguardo wrote:I received an email from Pete Marshall earlier in the week entitled 'Important'. It was in fact just some kind of spam/ sales link.
Evidently someone has accessed my email via his address book which is slightly concerning.

As I don't have an email for you in my contacts this would seem unlikely.
I also use messenger/ Facebook/ Twitter wherever possible to communicate Beacon stuff email is so 20th C.

Once a distribution list has been used for emails (as is inevitable when organising an Audax) email harvesting bots will pick up addresses and senders. They then make use of the senders address, fake it in the email header to by pass most spam filters and distribute their messages . The bots don't need the address book .I don't retain email's from the Audax in my contacts .

Hi Pete,

I still have the email in my trash folder. I suspected it was probably connected to an Audax as the recipients addresses on the list included various other Beacon members.
It's amazing the lengths these people go to in order to send out pointless sales emails that nobody in their right mind will ever read.
Just in case anyone else gets this the email in question claimed to have been sent by Pete Marshall and was entitled 'Important'.

Pedlo Mudguardo wrote:Hi Pete,

I still have the email in my trash folder. I suspected it was probably connected to an Audax as the recipients addresses on the list included various other Beacon members.
It's amazing the lengths these people go to in order to send out pointless sales emails that nobody in their right mind will ever read.
Just in case anyone else gets this the email in question claimed to have been sent by Pete Marshall and was entitled 'Important'.

It's a complete automated process in the main so doesn't take much work.
To some extent you can avoid having these sent to your email application by filtering at the server side. However if you use a "free " email such as hotmail, gmail,Yahoo etc ( as domost people) that option isn't there.
Email's from me in relation to the Audax will come from cotswoldaudax.com and certainly won't have Important in the title. They will be sent to the address provided to me by AUK once you sign up.
Otherwise most communications will be via the website, Facebook and Twitter rather than email's.

Pedlo Mudguardo wrote:I received an email from Pete Marshall earlier in the week entitled 'Important'. It was in fact just some kind of spam/ sales link.
Evidently someone has accessed my email via his address book which is slightly concerning.

I got that one as well...

Yeah me too. They're not very imaginative in their title use - I think virtually every single spam email I've received has looked dodgy from the title alone. Sadly there are people who are taken in by this sort of thing, though. It is those people that they are targeting.

Got one "from Paul Deane" now - still "FW Important", still same email address

Apparently, one of my e-mail accounts has now become a victim of this scam. Many apologies to anyone that may have received a spam e-mail. Please be reassured that I have not opened any dodgy e-mails.

If you have received an e-mail, can you please PM with me the source e-mail address. I currently have two - one work based and one gmail. The Beacon also provide an address starting with Montgomery. So I cannot be sure on which address is corrupted. I doubt it is the work based address.

Phil, it isn't necessarily the case that the security of any of your e-mail accounts has been compromised.

In just the same way that you can write a letter with "10 Downing Street" at the top, sign it "David Cameron" and pop it in a postbox, a spammer can send an e-mail that claims to be from you. Any address that is in wide circulation is liable to get harvested by spammers and, having been harvested, is liable not only to receive spam but also to be used fraudulently as a 'From' address. You can't stop that happening, but the administrator of your domain can make it easier for receiving mail systems to recognise and filter out fraudulent mail that claims to be from you by using systems such as DKIM and SPF. I'd be very surprised if Google and the university weren't already be doing that, and I should think that Steve has all that under control where the club's domain is concerned (or good reasons for deeming it inappropriate).

Thanks, George. That is an interesting and useful explanation.

Broadening the discussion slightly (mainly just because this sort of thing interests me), here's a screen grab showing a bit of my mail server log from this morning. It lists all mail sent to an address I use for work. As you'll see, one successful delivery occurred in the relevant time period (the green tick). All the lines with black triangles relate to messages that never made it as far as my mailbox, having been blocked by the hosting firm's server. And look who sent all the blocked messages: I did. I sent them all to myself. Well supposedly I did, but obviously I didn't really. If you look up the IP addresses of the sending mail servers ('Result' column), they are located in Poland, Thailand, and goodness knows where else. In other words, there are machines in those countries sending countless billions of spam messages to millions of people whose addresses they've got from wherever (intercepted mail, hacked mail servers, address books on infected computers, etc, etc), and probably all the messages claim to be from the same person they are sent to. This all goes on without most of us ever being aware of it, because the receiving servers filter most of it out. But, behind the scenes, huge amounts of energy, server capacity, bandwidth and what-have-you are being drained by spam all the time. It also really makes you realise that spammers must need only a tiny conversion rate to make their activities worthwhile. As the screen grab illustrates, most of the messages they send are blocked before they even reach anyone's mailbox. If they do get that far, they are probably flagged as spam locally. And, if that doesn't happen, nearly all of us recognise straight away that the messages are rubbish (as the earlier posts in this thread illustrate). But, just once in a while, someone says, "Wow, there's a man in Nigeria who wants to wire me $17,000,000! I'd better get back to him straight away!" And that, apparently, is enough to make it worthwhile sending all those billions of messages from Poland and Thailand and wherever.

Hmmm, suddenly started to receive scam mails purporting to be from Beacon RCC members again.

Take care and don't open any of these e-mails start with: "Fw. new message".

If anyone has received an email from me as well via virgin media please ignore and delete as i did not send it.