Jump to content
Sign in to follow this  
cherrick

About those phishing incoming emails...

Recommended Posts

What do you suggest? When I get those phishing emails claiming to need my SpamCop uid and pwd, is there any reason not to respond by hitting Reply and sending them bogus names and passwords and lots and lots of embedded curse words. And I do mean lots and lots.

Currently, I carefully report the incoming phish as spam and then quietly delete the email.

However, it would give me huge pleasure to know that out there some phisher is opening my email

and turning red in reaction to my rage.

Thoughts?

Share this post


Link to post
Share on other sites
is there any reason not to respond by hitting Reply and sending them bogus names and passwords and lots and lots of embedded curse words.
The return address on spam is almost universally either fake or forged.

If you reply, you will be sending your rage to an innocent bystander, not the spammer. Your replies to fake email addresses will generate a Delivery Failure Notice, which will add even more unwanted email in your Inbox.

- Don D'Minion - SpamCop Admin -

.

Share this post


Link to post
Share on other sites
Why would a phisher send an email asking for uid and pwd and then set a fake Reply-To?
...Aren't phishes normally requests to enter uc and pw into a (fake) web page, not to send the uc and pw via e-mail?

Share this post


Link to post
Share on other sites

...Aren't phishes normally requests to enter uc and pw into a (fake) web page, not to send the uc and pw via e-mail?

Not the ones I receive. Here is the content of the most recent phish:

>>>"

Attention spamcop.net Account holder,

This message is from the Database Information Technology service messaging center, to all our e-mail account holders. All Mailhub systems will undergo regularly scheduled maintenance. Access to your mailbox via our mailportal will be unavailable for some period of time during this maintenanceperiod.

We shall be carrying out service maintenance on our database and e- mail account center for better online services. We are deleting all unusede-mail accounts to create more space for new accounts.

In order to ensure you do not experience service

interruptions/possibledeactivation Please you must reply to this email

immediately confirming your spamcop.net email account details below for

confirmation/identification

1. First Name & Last Name:

2. Full Login Email Address:

3. Username & Password:

4. Confirm your Current Password:

Failure to do this may automatically render your e-mail account

deactivated from our emaildatabase/mailserver. to enable us

upgrade your email account, please do reply to this mail.

Thanks.

Upgrade Team

" <<<<

Note the "reply to this email"

Share this post


Link to post
Share on other sites
...Note the "reply to this email"
Chris, goodness knows what grief you might be letting yourself in for, if you reveal yourself to be 'responsive'. The usual advice is, "Never make eye contact," as it were. If you want to do something a little more proactive and if you're sure the return address is part of the phish, you can add the abuse address for the mail service to your user-defined/specified reports. A recent topic in which this was discussed is http://forum.spamcop.net/forums/index.php?showtopic=10653

You can get the abuse address by entering the email address (only) in the submission form at your SC member's page. You should probably add a note to the report specifying the address and stating that it is the 'drop box' part of the phishing attempt indicated in the report. Providers are often slow on the uptake, or profess to not understand, when the 'abused' address is not actually the (real) sending address (there are many rants in these pages about hotmail, yahoo, etc.) so a user-defined report might not quite cut through the fog.

Be aware that the mail provider abuse address obtained from the SC 'parse' procedure may/could be a specific reporting address for SC reporting use (usually specifying 'spamcop' in the address). If so you should not use it for manual reports (generally another option) - only use any such address for the user-defined reporting address as part of the SC reporting process as described.

You can check the success (or otherwise) of the takedown of the 'dropbox' by using one of the email validators discussed at http://forum.spamcop.net/forums/index.php?showtopic=10663 (the Hexillion one is barred by hotmail and probably only a matter of time before the ipaddresslocation.org one is too).

You might save yourself the bother and accept that, sooner or later, you are probably going to get sick of the extra effort (so why not sooner?). Yet it has the potential to do some good and I can only applaud your endeavour if you do go ahead.

HTH

Steve

Share this post


Link to post
Share on other sites

IMHO, It is worthwhile, if you have time, to report the 'drop boxes' if you are sure the ISP is not the spammer. It does not do much good to contact the spammer who may target you for various kinds of retaliation.

Miss Betsy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×