Scam ?

Chat about anything in here

Moderators: Philip Whiteman, George, Dave Cox

Post Reply
bobg
Posts: 96
Joined: 10 May 2010 14:47
Real Name: Bob Green

Scam ?

Post by bobg » 11 Sep 2015 13:06

Received an E mail this morning from blueboy51, and headed Beacon Audax. Have not opened it, and was wondering is this a scam?
There is not a hill that is to steep to walk up.

User avatar
Philip Whiteman
Posts: 2045
Joined: 19 Nov 2006 16:17
Real Name:
Location: Drayton, Worcestershire

Re: Scam ?

Post by Philip Whiteman » 11 Sep 2015 13:08

bobg wrote:Received an E mail this morning from blueboy51, and headed Beacon Audax. Have not opened it, and was wondering is this a scam?
Best to delete.

There is an epidemic of these at the moment. 'Blueboy51' is part of an e-mail address belonging a fellow Beacon member. The address has probably been harvested by a hacker. This is the first one I have seen headed 'Beacon Audax' - which is concerning.

Does anyone have any more detailed knowledge on how this may have happened?

User avatar
George
Posts: 2330
Joined: 18 Nov 2006 10:21
Real Name: George Barker
Location: Worcestershire

Post by George » 11 Sep 2015 14:25

Bob, I think that you can safely assume that all genuine Beacon mail will come from a recognised address. I send the Bulletin and other things, such as AGM papers, using club-info at beaconrcc dot org dot uk (via beacon at haywoodhouse dot net). I think Pete uses an address at cotswoldaudax dot com. Other people may use other addresses, but they should be equally recognisable, e.g. due to including beaconrcc dot org dot uk.

As Phil says, Blueboy is a former member; I won't name him because that would be inappropriate (although, as a Villa fan, I'm rolling my eyes). The assumption must be that his computer is or was infected or that his webmail account has been hacked. I would also guess that you are in his contact list or otherwise linked to him, e.g. due to you having exchanged messages once, or both being addressed by the same message sent by someone else (maybe you once both volunteered to marshal at an event and were sent some info by the organiser, for example). The club will never knowingly share your address with anyone and I think that all the official mail senders use secure systems.

Although I think you are right to err on the safe side, reading a scam e-mail doesn't usually do any harm. The problems come if you open/download attachments or click the links they contain.

Pedlo Mudguardo
Posts: 285
Joined: 06 Jun 2010 15:47
Real Name: Nic Vipond
Location: Birmingham

Post by Pedlo Mudguardo » 11 Sep 2015 21:18

I received an email from Pete Marshall earlier in the week entitled 'Important'. It was in fact just some kind of spam/ sales link.
Evidently someone has accessed my email via his address book which is slightly concerning.

User avatar
snailmale
Posts: 131
Joined: 22 Nov 2006 10:03
Real Name: Alan Nicholls
Location: Worcester

Post by snailmale » 12 Sep 2015 09:52

There's a lot of it going on. Had nothing from 'Beacon' members, but had a couple purporting to be from writing associates. Deleted without opening. I've changed my passwords and had nothing since,
It is better to be interesting rather than exact

User avatar
petemarshall
Posts: 663
Joined: 17 Jan 2014 16:40
Real Name: Pete Marshall
Location: Stourbridge

Post by petemarshall » 15 Sep 2015 08:00

Pedlo Mudguardo wrote:I received an email from Pete Marshall earlier in the week entitled 'Important'. It was in fact just some kind of spam/ sales link.
Evidently someone has accessed my email via his address book which is slightly concerning.
As I don't have an email for you in my contacts this would seem unlikely. :)
I also use messenger/ Facebook/ Twitter wherever possible to communicate Beacon stuff email is so 20th C.

Once a distribution list has been used for emails (as is inevitable when organising an Audax) email harvesting bots will pick up addresses and senders. They then make use of the senders address, fake it in the email header to by pass most spam filters and distribute their messages . The bots don't need the address book .I don't retain email's from the Audax in my contacts .
Last edited by petemarshall on 15 Sep 2015 08:22, edited 1 time in total.

Pedlo Mudguardo
Posts: 285
Joined: 06 Jun 2010 15:47
Real Name: Nic Vipond
Location: Birmingham

Post by Pedlo Mudguardo » 15 Sep 2015 08:21

Hi Pete,

I still have the email in my trash folder. I suspected it was probably connected to an Audax as the recipients addresses on the list included various other Beacon members.
It's amazing the lengths these people go to in order to send out pointless sales emails that nobody in their right mind will ever read.
Just in case anyone else gets this the email in question claimed to have been sent by Pete Marshall and was entitled 'Important'.

User avatar
petemarshall
Posts: 663
Joined: 17 Jan 2014 16:40
Real Name: Pete Marshall
Location: Stourbridge

Post by petemarshall » 15 Sep 2015 08:31

Pedlo Mudguardo wrote:Hi Pete,

I still have the email in my trash folder. I suspected it was probably connected to an Audax as the recipients addresses on the list included various other Beacon members.
It's amazing the lengths these people go to in order to send out pointless sales emails that nobody in their right mind will ever read.
Just in case anyone else gets this the email in question claimed to have been sent by Pete Marshall and was entitled 'Important'.
It's a complete automated process in the main so doesn't take much work.
To some extent you can avoid having these sent to your email application by filtering at the server side. However if you use a "free " email such as hotmail, gmail,Yahoo etc ( as domost people) that option isn't there.
Email's from me in relation to the Audax will come from cotswoldaudax.com and certainly won't have Important in the title. They will be sent to the address provided to me by AUK once you sign up.
Otherwise most communications will be via the website, Facebook and Twitter rather than email's.

User avatar
RichK
Posts: 218
Joined: 03 Oct 2007 19:39
Real Name: Richard Kings
Location: Northfield

Post by RichK » 15 Sep 2015 12:16

Pedlo Mudguardo wrote:I received an email from Pete Marshall earlier in the week entitled 'Important'. It was in fact just some kind of spam/ sales link.
Evidently someone has accessed my email via his address book which is slightly concerning.
I got that one as well...
There is no secret ingredient

rdleaper
Posts: 298
Joined: 25 Jun 2011 01:29
Real Name: Richard Leaper
Location: King's Heath

Post by rdleaper » 16 Sep 2015 13:28

Yeah me too. They're not very imaginative in their title use - I think virtually every single spam email I've received has looked dodgy from the title alone. Sadly there are people who are taken in by this sort of thing, though. It is those people that they are targeting. :(

rdleaper
Posts: 298
Joined: 25 Jun 2011 01:29
Real Name: Richard Leaper
Location: King's Heath

Post by rdleaper » 20 Sep 2015 15:42

Got one "from Paul Deane" now - still "FW Important", still same email address :roll:

User avatar
Philip Whiteman
Posts: 2045
Joined: 19 Nov 2006 16:17
Real Name:
Location: Drayton, Worcestershire

Post by Philip Whiteman » 06 Oct 2015 09:14

Apparently, one of my e-mail accounts has now become a victim of this scam. Many apologies to anyone that may have received a spam e-mail. Please be reassured that I have not opened any dodgy e-mails.

If you have received an e-mail, can you please PM with me the source e-mail address. I currently have two - one work based and one gmail. The Beacon also provide an address starting with Montgomery. So I cannot be sure on which address is corrupted. I doubt it is the work based address.

User avatar
George
Posts: 2330
Joined: 18 Nov 2006 10:21
Real Name: George Barker
Location: Worcestershire

Post by George » 06 Oct 2015 11:21

Phil, it isn't necessarily the case that the security of any of your e-mail accounts has been compromised.

In just the same way that you can write a letter with "10 Downing Street" at the top, sign it "David Cameron" and pop it in a postbox, a spammer can send an e-mail that claims to be from you. Any address that is in wide circulation is liable to get harvested by spammers and, having been harvested, is liable not only to receive spam but also to be used fraudulently as a 'From' address. You can't stop that happening, but the administrator of your domain can make it easier for receiving mail systems to recognise and filter out fraudulent mail that claims to be from you by using systems such as DKIM and SPF. I'd be very surprised if Google and the university weren't already be doing that, and I should think that Steve has all that under control where the club's domain is concerned (or good reasons for deeming it inappropriate).

User avatar
Philip Whiteman
Posts: 2045
Joined: 19 Nov 2006 16:17
Real Name:
Location: Drayton, Worcestershire

Post by Philip Whiteman » 06 Oct 2015 11:24

Thanks, George. That is an interesting and useful explanation.

User avatar
George
Posts: 2330
Joined: 18 Nov 2006 10:21
Real Name: George Barker
Location: Worcestershire

Post by George » 06 Oct 2015 12:16

Broadening the discussion slightly (mainly just because this sort of thing interests me), here's a screen grab showing a bit of my mail server log from this morning. It lists all mail sent to an address I use for work. As you'll see, one successful delivery occurred in the relevant time period (the green tick). All the lines with black triangles relate to messages that never made it as far as my mailbox, having been blocked by the hosting firm's server. And look who sent all the blocked messages: I did. I sent them all to myself. Well supposedly I did, but obviously I didn't really. If you look up the IP addresses of the sending mail servers ('Result' column), they are located in Poland, Thailand, and goodness knows where else. In other words, there are machines in those countries sending countless billions of spam messages to millions of people whose addresses they've got from wherever (intercepted mail, hacked mail servers, address books on infected computers, etc, etc), and probably all the messages claim to be from the same person they are sent to. This all goes on without most of us ever being aware of it, because the receiving servers filter most of it out. But, behind the scenes, huge amounts of energy, server capacity, bandwidth and what-have-you are being drained by spam all the time. It also really makes you realise that spammers must need only a tiny conversion rate to make their activities worthwhile. As the screen grab illustrates, most of the messages they send are blocked before they even reach anyone's mailbox. If they do get that far, they are probably flagged as spam locally. And, if that doesn't happen, nearly all of us recognise straight away that the messages are rubbish (as the earlier posts in this thread illustrate). But, just once in a while, someone says, "Wow, there's a man in Nigeria who wants to wire me $17,000,000! I'd better get back to him straight away!" And that, apparently, is enough to make it worthwhile sending all those billions of messages from Poland and Thailand and wherever.

Image

User avatar
Philip Whiteman
Posts: 2045
Joined: 19 Nov 2006 16:17
Real Name:
Location: Drayton, Worcestershire

Post by Philip Whiteman » 04 Nov 2015 13:44

Hmmm, suddenly started to receive scam mails purporting to be from Beacon RCC members again.

Take care and don't open any of these e-mails start with: "Fw. new message".

User avatar
Neil Compton
Posts: 256
Joined: 19 Nov 2006 15:39
Real Name:
Location: Northfield

Post by Neil Compton » 04 Nov 2015 16:05

If anyone has received an email from me as well via virgin media please ignore and delete as i did not send it.

Post Reply