Jump to content

Help with a mail received few times saying my email is hacked

CaLy

By CaLy
in SpamCop Reporting Help

 Share

Recommended Posts

gnarlymarley Advanced Member

gnarlymarley

Posted
Posted
10 hours ago, lisati said:

The only one I recall receiving that mentioned a password had one which wouldn't have worked. A few months earlier I had noticed that something was a bit off, and had taken the precaution of changing my password.

yeah, a spamtrap of mine seems to have gotten on the list with lots of random password.  The interesting thing is that spamtrap address is just an alias account and has no password.  Probably just a copycat setup from scammers who do not have the actual passwords.  One can never be sure if they are the copycat or the real thing that is "masking" the password just so they do not give themselves away.

Link to comment
Share on other sites
  • 4 weeks later...
  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

RobiBue Advanced Member

RobiBue

Posted
Posted

in your case, I'd be sending a manual report to sendgrid, and one to the IP owner of the link in the body. but the reports wouldn't be sent from the email account I received the message to, but from a spam reporting email address not associated with me. (I made one up a long time ago combating a Nigerian spammer with a name from another Nigerian spammer :) and have been using that one for manual reports ever since, always munging my name and other identifying strings explaining to the abuse desk the reasons for it.)

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted
7 hours ago, CaLy said:

Today i received a new one (telling about webcam, wich i dont have) ... so :P

Tracking URL : https://www.spamcop.net/sc?id=z6505315873z0b3bb21ccb863cdadb680fb4f1c7c68az

Seems sendgrid are dopey in not receiving reports, their customer has a compromised computer! These type spam warnings seem common! Always use a virus program Windows Defender is adequate and one paid for it when the bought windows.

https://www.spamcop.net/w3m?action=checkblock&ip=167.89.100.171

 

Link to comment
Share on other sites
lisati Advanced Member

lisati

Posted
Posted
On 12/8/2018 at 11:56 PM, CaLy said:

Today i received a new one (telling about webcam, wich i dont have) ... so :P

Tracking URL : https://www.spamcop.net/sc?id=z6505315873z0b3bb21ccb863cdadb680fb4f1c7c68az

That's a fairly typical example of some I've received, mostly for one particular email address which, because it's little more than a redirect on a server, doesn't actually have an associated mailbox.

Link to comment
Share on other sites
gnarlymarley Advanced Member

gnarlymarley

Posted
Posted

Sounds like they might be morphing now.  I got the following sent to an address that has not has this stuff yet.  More phishing... 

Urgent : Someone has your password

http://www.spamcop.net/sc?id=z6506112137zb5e259ccf80b3b62fcb7a72e9509c841z

I have to chuckle at these liars how seem to be getting desperate.  I hope it means they are losing the battle.......

Link to comment
Share on other sites
  • 2 weeks later...
gnarlymarley Advanced Member

gnarlymarley

Posted
Posted

Ha, I thought this guy has given up, but seems he came back for another try.  Been a long while since I have seen this come into my "spamtrap" account.  I though they had given up on it.  Amazing how an account could have a password without an /etc/password entry.

http://www.spamcop.net/sc?id=z6508576087z8ae70bcdece03f0236640dc90110bceaz

Link to comment
Share on other sites
Lking What Life?

Lking

Posted
Posted

What makes you think the "same guy" is back?  Looking at where the IP's for the last three reports (Tracking URL in thread) Sure looks like the CD(?) with the email is just being passed around.

93.65.54.240 Italy

109.238.12.51  France  

210.16.101.53  India

Link to comment
Share on other sites
gnarlymarley Advanced Member

gnarlymarley

Posted
Posted
23 hours ago, Lking said:

What makes you think the "same guy" is back?

There have been a few different passwords used.  However, the one today has a unique password that was used back in November.  It is similar to the format of the October scams, but not similar to the early December copycat scams.  Of course with a spamtrap account that has never had a password of its own and likewise does not have its own browser.  I did not that this scam did not talk about the webcam, unlike the ones back in November.

If it was a different person, then I would expect that I would be able to find some sort of link to the so called password somewhere on the internet.  Though, this could be a darkweb link that I know nothing of.

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted
On 12/25/2018 at 3:48 PM, lisati said:

Had one of those (or was it Japanese?) a few weeks back. It could be taken as evidence that spammers are stupid.

Well they have the password and name is correct but last millennium one and were on adsl always used vrus scanner

Thr information seem to of been scammed from SpamCop early days probably from junked computers

Link to comment
Share on other sites
lisati Advanced Member

lisati

Posted
Posted (edited)
On 12/26/2018 at 8:10 PM, petzl said:

Well they have the password and name is correct but last millennium one and were on adsl always used vrus scanner

Thr information seem to of been scammed from SpamCop early days probably from junked computers

One or two of the dodgy emails I've had seem to have their origins the days before my provider moved away from Yahoo, who had had a couple of data breaches. The password was correct but an old one. I'd already seen evidence that something was a bit "off"  and had changed my password as a precaution, prior to receiving claims that my account had been hacked. More recent efforts I've seen in my inbox have been of a slightly different character, and would probably warrant a separate thread.

I'd suggest, at the very minimum, a change of password a.s.a.p. for people who get one of these "your account has been hacked" emails, or any other evidence that something's not quite right.

Edited by lisati
Added suggestion to change password
Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted (edited)
2 hours ago, lisati said:

One or two of the dodgy emails I've had seem to have their origins the days before my provider moved away from Yahoo, who had had a couple of data breaches. The password was correct but an old one. I

Still suspect info coming from old dumped servers. I said ADSL  but it was even before that, when I had 33.6 modem.

So many getting these threats so it seems organised and from more than one source.  Seem to remember where junkied computers are sent to Africa and gangs take the data off them. Use the Windows FREE version of CCleaner to wipe drives select Tools/Drive Wiper. Formating won't remove info.  Wipe at least once then format the more times you wipe the longer it takes depending on drive size.

DO NOT WIPE SSD (drives) you will destroy them!

Edited by petzl
Link to comment
Share on other sites
  • 3 weeks later...
Lking What Life?

Lking

Posted
Posted

Received a new version of the "I installed malware".  The price this time is up to $1000.

Quote 

Let me get directly to the point without wasting both of our time a while ago while surfing one of porno xxx internet site your operating-system is compromised by software program I carefully placed there,
while you were watching those video clips and enjoying my software put in malware on your personal computer now I've got complete access of the personal computer.

Yea right. https://www.spamcop.net/sc?id=z6515021682z3d3182f240de52601e3dd7c4046dd04fz

Link to comment
Share on other sites
  • 2 months later...
Lking What Life?

Lking

Posted
Posted

image.png

Like Fredie, the

Quote 

The last time you visited ..., you downloaded and installed the vίruş {viris} I developed.

spam seem to be back

https://www.spamcop.net/sc?id=z6539674301z237b78bf7ae63db01d0dab06ee5e4606z

They started this morning with 3, two to non-mailboxes.  Got 15+ this afternoon all sent to random mailboxes.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...