Jump to content

About those phishing incoming emails...


Recommended Posts

What do you suggest? When I get those phishing emails claiming to need my SpamCop uid and pwd, is there any reason not to respond by hitting Reply and sending them bogus names and passwords and lots and lots of embedded curse words. And I do mean lots and lots.

Currently, I carefully report the incoming phish as spam and then quietly delete the email.

However, it would give me huge pleasure to know that out there some phisher is opening my email

and turning red in reaction to my rage.

Thoughts?

Link to comment
Share on other sites

is there any reason not to respond by hitting Reply and sending them bogus names and passwords and lots and lots of embedded curse words.
The return address on spam is almost universally either fake or forged.

If you reply, you will be sending your rage to an innocent bystander, not the spammer. Your replies to fake email addresses will generate a Delivery Failure Notice, which will add even more unwanted email in your Inbox.

- Don D'Minion - SpamCop Admin -

.

Link to comment
Share on other sites

...Aren't phishes normally requests to enter uc and pw into a (fake) web page, not to send the uc and pw via e-mail?

Not the ones I receive. Here is the content of the most recent phish:

>>>"

Attention spamcop.net Account holder,

This message is from the Database Information Technology service messaging center, to all our e-mail account holders. All Mailhub systems will undergo regularly scheduled maintenance. Access to your mailbox via our mailportal will be unavailable for some period of time during this maintenanceperiod.

We shall be carrying out service maintenance on our database and e- mail account center for better online services. We are deleting all unusede-mail accounts to create more space for new accounts.

In order to ensure you do not experience service

interruptions/possibledeactivation Please you must reply to this email

immediately confirming your spamcop.net email account details below for

confirmation/identification

1. First Name & Last Name:

2. Full Login Email Address:

3. Username & Password:

4. Confirm your Current Password:

Failure to do this may automatically render your e-mail account

deactivated from our emaildatabase/mailserver. to enable us

upgrade your email account, please do reply to this mail.

Thanks.

Upgrade Team

" <<<<

Note the "reply to this email"

Link to comment
Share on other sites

...Note the "reply to this email"
Chris, goodness knows what grief you might be letting yourself in for, if you reveal yourself to be 'responsive'. The usual advice is, "Never make eye contact," as it were. If you want to do something a little more proactive and if you're sure the return address is part of the phish, you can add the abuse address for the mail service to your user-defined/specified reports. A recent topic in which this was discussed is http://forum.spamcop.net/forums/index.php?showtopic=10653

You can get the abuse address by entering the email address (only) in the submission form at your SC member's page. You should probably add a note to the report specifying the address and stating that it is the 'drop box' part of the phishing attempt indicated in the report. Providers are often slow on the uptake, or profess to not understand, when the 'abused' address is not actually the (real) sending address (there are many rants in these pages about hotmail, yahoo, etc.) so a user-defined report might not quite cut through the fog.

Be aware that the mail provider abuse address obtained from the SC 'parse' procedure may/could be a specific reporting address for SC reporting use (usually specifying 'spamcop' in the address). If so you should not use it for manual reports (generally another option) - only use any such address for the user-defined reporting address as part of the SC reporting process as described.

You can check the success (or otherwise) of the takedown of the 'dropbox' by using one of the email validators discussed at http://forum.spamcop.net/forums/index.php?showtopic=10663 (the Hexillion one is barred by hotmail and probably only a matter of time before the ipaddresslocation.org one is too).

You might save yourself the bother and accept that, sooner or later, you are probably going to get sick of the extra effort (so why not sooner?). Yet it has the potential to do some good and I can only applaud your endeavour if you do go ahead.

HTH

Steve

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...