Jump to content
emanmb

Spoofed email?

Recommended Posts

I am getting emails from Adobe and Digital River Ireland re: an "adobe creative cloud" account which I don't have.

"You're nearly there    
     Welcome to Creative Cloud, eman. Before we can get started, we need to quickly verify your email address.    
     Click the link below and sign in using your new Adobe ID: eman.photoATXXXX.com
     Verify your email    
     Once your email is verified, sign in to Creative Cloud to get started."

DRI sent me a "Your Adobe Order Confirmation" email today and the adobe email came yesterday, Bangkok time.

My email name is emanphoto@ but the address these emails are addressed to is eman.photo@.  Notice the period in the middle.  So to test this, I sent an email to eman.photo@ and sure enough it came thru to me! 

If the email came to me, would it also go to the person who created eman.photo?

How is this possible with completely different emails?  Admittedly different only with a period.

Neither digital river nor adobe have any CC card info on me as far as I know.  I have emailed DRI to see what they have to say and how to proceed but thought I'd check with the email/spam experts here for any opinions for which I'll be grateful!

 

Share this post


Link to post
Share on other sites

As I remember the email standard includes the "." and "emanphoto@" is different than "eman.photo@"  However, some free email providers, like gmail, ignore the "." in the mailbox so the two are effectively the same.

Given that, No, your test email to "eman.photo@" was delivered to only one mailbox - you.

As for the emails from Digital River, et al,   Someone may be trying to using the email address to create an account.  Of course without validation no account will be generated.  The Digital River system automatically send a challenge email each time an attempt is made.

Lots of the challenge email I receive include at the bottom something like "If you did not request this account, please disregard this email"

Share this post


Link to post
Share on other sites

That's what's so odd is this one was not the challenge email but a purchase confirmation with an order # .  The first one that arrived was asking for verification.

Checking w/my one CC company, there are no new charges and DRI has not replied to me.  I'm not gonna sweat it too much but still going to keep an eye out.  I thought I was pretty good at spotting spoofs but this one I just can't tell what is going on.  Below is the plain text from the emails with the corresponding SC report results in screen shots.

 

FROM ADOBE (no-reply@adobe.com)

Hi eman al guhani ,

Your order has been confirmed, congratulations!
Please keep this confirmation as your proof of purchase. If you paid by credit card, the charge for your order will appear on your credit card statement as "DRI Adobe Sales". (E-commerce services are provided by Digital River Ireland Ltd. , an Adobe approved e-commerce reseller)

Order Details
Order Number: 15377131810
Order Date: 12 September 2019
Seller Address
Digital River Ireland Ltd.
Unit 153 Shannon Free Zone
Shannon, Co. Clare, Ireland
 
Billing Address
eman al guhani
king khaild street

yanbu 46421
Saudi Arabia
530967610
eman.photo@xxx   Shipping Address
eman al guhani
king khaild street

yanbu 46421
Saudi Arabia
530967610
eman.photo@xxxx

Product Name    Qty Ordered    Amount
Adobe Creative Cloud Photography plan (one-year)    1    SR 37.00
SubTotal

SR 37.00

Shipping

SR 0

Tax

SR 1.85

Total

SR 38.85

Payment
Digital River will bill each monthly installment of your one-year commitment (plus applicable tax) to the payment information you provide during this sign-up process. Once you receive confirmation from us that your initial payment is confirmed, your service access and one year commitment term will begin. You understand that the cost of your one-year commitment is the total of the monthly installments you will pay during your commitment term.

984706581_ScreenShot2019-09-14at1_22_27PM.png.998eb7c1f4ad0511999bf9662167aa08.png

FROM ADOBE (message@adobe.com)

You're nearly there    
     Welcome to Creative Cloud, eman. Before we can get started, we need to quickly verify your email address.    
     Click the link below and sign in using your new Adobe ID: eman.photo@gmail.com    
     Verify your email    
     Once your email is verified, sign in to Creative Cloud to get started.    
     We're glad you're here,
The Creative Cloud team1648797605_ScreenShot2019-09-14at1_22_04PM.thumb.png.bbf39d87847b9de2bd56a55e9808b36a.png

 

Share this post


Link to post
Share on other sites
13 hours ago, emanmb said:

That's what's so odd is this one was not the challenge email but a purchase confirmation with an order # .  The first one that arrived was asking for verification.

"They" seem to have your name, which is a worry.
Make sure you are running a virus/malware program like windows defender
Often it's one of your contacts that don't do this, meaning  your information is stolen from them
Learn how to copy and past a "Tracking URL", Found top of page BEFORE you submit spam.

Edited by petzl

Share this post


Link to post
Share on other sites
11 hours ago, petzl said:

"They" seem to have your name, which is a worry.
Make sure you are running a virus/malware program like windows defender
Often it's one of your contacts that don't do this, meaning  your information is stolen from them
Learn how to copy and past a "Tracking URL", Found top of page BEFORE you submit spam.

Thanks @petzl. eman al guhani isn't my name.  I got a reply back from DRI which said

"Dear Eman Al Guhani,

Unfortunately, we do not handle the customer service for Adobe. Please 
contact them directly with your request through one of the following 
methods:"

This is odd that they addressed that guy despite my actual name being attached to my email account when writing and was in my sig at the end of the email.

I'm on Mac OS so I only run Malware Bytes occasionally and AV's are really unneeded.  I've only found the Genieo malware once a looong time ago via MB. But to empirically confirm this, I downloaded and ran 2 different antivirus scans and MalwareBytes. Nothing there.  LOL now I need to delete the antivirus as it eats up resources when it runs.  

Anyway, RE: the tracking URL.  Why would I do that?  Can you run me thru the process?

received another email from Adobe today titled "Welcome to our Creative Cloud family, Eman" despite writing to their abuse team yesterday.  

Share this post


Link to post
Share on other sites
1 hour ago, emanmb said:

the tracking URL.  Why would I do that?  Can you run me thru the process?

BEFORE you submit spam, after you parse at top of page there always is
SpamCop v 5.0.0 © 2019 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:

https://www.spamcop.net/sc?id=z6572437903zd60f155c1fe49e83c6c1c3a6bf21da31z

I don't get much spam so this is a few days old. click the link and you can see it.

Share this post


Link to post
Share on other sites

I see, this is what is used to post spams in the forums so others can see it, correct? 

Share this post


Link to post
Share on other sites
6 hours ago, emanmb said:

I see, this is what is used to post spams in the forums so others can see it, correct? 

yes, it also give a better understanding of ones problem

Share this post


Link to post
Share on other sites

Yep, didn't see anything that was out of place.  Reported it anyway just to be sure.

I see we're in nearly the same time zone ;) 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×