MIG Posted March 10, 2019 Posted March 10, 2019 On 3/8/2019 at 12:18 AM, klappa said: Which three regulatory authorities? https://www.scamwatch.gov.au/ reportATsubmitDOTspamDOTacmaDOTgovDOTau https://www.idcare.org/contact/report-phishing reportphishingATidcareDOTorg https://www.consumer.ftc.gov/ spamATuceDOTgov & Petzl has mentioned phishing-reportATusDASHcertDOTgov Does it really help? Scamwatch: quote "The Australian Communications and Media Authority (ACMA) receives information about spam via complaints and reports. This information informs the ACMA’s compliance and enforcement activities. Reporting is as simple as forwarding the message you have received to the ACMA’s spam Intelligence Database. Forwarding spam reports does not automatically stop the receipt of unwanted emails or SMS messages. Complaints, submitted by completing the ACMA’s online complaint form about a message you have received, allow you to provide important background information, as well as consent for the ACMA to disclose your electronic address to the sender in the course of any enquiries that the ACMA makes. Where the ACMA has been able to identify the sender of an email or SMS message, once per month the ACMA sends businesses a letter advising them that that a complaint and/or report has been received about them. This assists the company to review their business processes to ensure that they are meeting the requirements of the spam Act 2003 (spam Act). If the ACMA continues to receive reports and/or complaints about a company, the ACMA may commence a formal investigation. Under the Privacy Act, the ACMA cannot disclose a recipient’s email address without their consent. Because of the manner in which spam reports are received, the ACMA is unable to obtain appropriate consent to disclose a recipient’s address to the senders of those messages. As such, the ACMA is not able to request that your address be unsubscribed on the basis of spam reports alone. This is only possible when a complaint has been submitted to the ACMA, as submission of the complaint form establishes consent to disclose this information. spam reports are stored in the spam Intelligence Database. The ACMA advises consumers not to alter emails when forwarding them as reports as this may interfere with the results when filtering for particular emails during the course of an investigation. If a consumer wishes to make specific comments about an email, we recommend that they lodge a complaint. In addition, the information gathered from complaints and reports is used as part of a wider education process. The ACMA: provides consumers with information on how to reduce the amount of spam they receive informs Internet Service Providers (ISPs) about their obligations under the Act produces and distributes comprehensive print publications and online material that offer detailed information and practical tips on avoiding and reducing spam, meeting the requirements of the spam Act and reporting spam." unquote FTC: quote "The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad." unquote I'm sure there's others, as I come across them I post to the Forum. Cheers!
petzl Posted March 10, 2019 Posted March 10, 2019 31 minutes ago, MIG said: I'm sure there's others, as I come across them I post to the Forum. Most USA Government agencies can't find their own ass! However if you can hit a concerned party you are away.
klappa Posted March 10, 2019 Author Posted March 10, 2019 11 hours ago, MIG said: https://www.scamwatch.gov.au/ reportATsubmitDOTspamDOTacmaDOTgovDOTau https://www.idcare.org/contact/report-phishing reportphishingATidcareDOTorg https://www.consumer.ftc.gov/ spamATuceDOTgov & Petzl has mentioned phishing-reportATusDASHcertDOTgov Does it really help? Scamwatch: quote "The Australian Communications and Media Authority (ACMA) receives information about spam via complaints and reports. This information informs the ACMA’s compliance and enforcement activities. Reporting is as simple as forwarding the message you have received to the ACMA’s spam Intelligence Database. Forwarding spam reports does not automatically stop the receipt of unwanted emails or SMS messages. Complaints, submitted by completing the ACMA’s online complaint form about a message you have received, allow you to provide important background information, as well as consent for the ACMA to disclose your electronic address to the sender in the course of any enquiries that the ACMA makes. Where the ACMA has been able to identify the sender of an email or SMS message, once per month the ACMA sends businesses a letter advising them that that a complaint and/or report has been received about them. This assists the company to review their business processes to ensure that they are meeting the requirements of the spam Act 2003 (spam Act). If the ACMA continues to receive reports and/or complaints about a company, the ACMA may commence a formal investigation. Under the Privacy Act, the ACMA cannot disclose a recipient’s email address without their consent. Because of the manner in which spam reports are received, the ACMA is unable to obtain appropriate consent to disclose a recipient’s address to the senders of those messages. As such, the ACMA is not able to request that your address be unsubscribed on the basis of spam reports alone. This is only possible when a complaint has been submitted to the ACMA, as submission of the complaint form establishes consent to disclose this information. spam reports are stored in the spam Intelligence Database. The ACMA advises consumers not to alter emails when forwarding them as reports as this may interfere with the results when filtering for particular emails during the course of an investigation. If a consumer wishes to make specific comments about an email, we recommend that they lodge a complaint. In addition, the information gathered from complaints and reports is used as part of a wider education process. The ACMA: provides consumers with information on how to reduce the amount of spam they receive informs Internet Service Providers (ISPs) about their obligations under the Act produces and distributes comprehensive print publications and online material that offer detailed information and practical tips on avoiding and reducing spam, meeting the requirements of the spam Act and reporting spam." unquote FTC: quote "The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad." unquote I'm sure there's others, as I come across them I post to the Forum. Cheers! Thanks but since this doesn't involve phishing they aren't relevant? And all parties involved resides in the US not Australia. 10 hours ago, petzl said: Most USA Government agencies can't find their own ass! However if you can hit a concerned party you are away. Seems like it. Unfortunately the spam from this sex spammer have increased. It comes in more regularly intervals now. I knew this would happen since I've clicked the spam links but there was no way to know the end resolving domain without doing so. There's no services or programs that follow all the way through his obfuscated domains to the end. Namecheap just pretends they have nothing on him and their reply is Quote domain name is pointed to our URL forwarding server which means that we do not host the content in question, the server is used only for redirecting purposes. As for the sexyflirt.me domain name, it expired and is currently pointed to our parking page and will eventually be deleted. You may also report the issue to the official authorities and ask them to investigate the issue. Namecheap Inc. regularly works with courts and law enforcement from the local to the international level. We will assist them any way we can. Let us know if any additional questions arise. Amazon abuse desk just replies with a short reply and urge me to go through National Center for Missing and Exploited Children Seems pointless. I give up! The spammers always wins.
petzl Posted March 10, 2019 Posted March 10, 2019 5 hours ago, klappa said: Amazon abuse desk just replies with a short reply and urge me to go through National Center for Missing and Exploited Children Seems pointless. I give up! The spammers always wins. They went away from me for a while, as Amazon refuse to take SpamCop reports I send from the email it was sent to These spammers have been kicked out of many "holes" before now reside with Amazon who have a incompetent abuse desk. Amazon are offering free web space, which tells me there IT are causing them to go broke. I will be adding "subpoena-criminal[x]amazon.cxm" to my reports to see if anyone in Amazon have brains or more pomposityhttp://www.missingkids.org/gethelpnow/cybertipline is a good link worth a try they can get a seizure order on Amazon sites Seem to be breaching "U.S. Department of Justice's Child Exploitation and Obscenity section" (as usual U.S. agency that's broken, links are not updated) Just checked seems Amazon are taking sites down. These creeps must be just signing up with a new free one as they get closed.
klappa Posted March 12, 2019 Author Posted March 12, 2019 On 3/10/2019 at 10:20 PM, petzl said: They went away from me for a while, as Amazon refuse to take SpamCop reports I send from the email it was sent to These spammers have been kicked out of many "holes" before now reside with Amazon who have a incompetent abuse desk. Amazon are offering free web space, which tells me there IT are causing them to go broke. I will be adding "subpoena-criminal[x]amazon.cxm" to my reports to see if anyone in Amazon have brains or more pomposityhttp://www.missingkids.org/gethelpnow/cybertipline is a good link worth a try they can get a seizure order on Amazon sites Seem to be breaching "U.S. Department of Justice's Child Exploitation and Obscenity section" (as usual U.S. agency that's broken, links are not updated) Just checked seems Amazon are taking sites down. These creeps must be just signing up with a new free one as they get closed. Tired of reporting. Bit.ly won't take down the sex dating sites. They seem to ignore Spamcop reports altogether. Amazon promised to take action several times but nothing happens. I've given up. Will close my e-mail account. It's for the better.
RobiBue Posted March 12, 2019 Posted March 12, 2019 4 hours ago, klappa said: Tired of reporting. Bit.ly won't take down the sex dating sites. They seem to ignore Spamcop reports altogether. Amazon promised to take action several times but nothing happens. I've given up. Will close my e-mail account. It's for the better. Oddly enough, I haven’t been getting any amazon/bit.ly spam as of a few days ago. In fact, I haven’t had any spam since Saturday 9th at noon. /me happy/
klappa Posted March 12, 2019 Author Posted March 12, 2019 1 hour ago, RobiBue said: Oddly enough, I haven’t been getting any amazon/bit.ly spam as of a few days ago. In fact, I haven’t had any spam since Saturday 9th at noon. /me happy/ Glad for you. It has happened to me too but this sex spammer constantly spam me. He doesn't get any hits either when checking his bit.ly links. I don't know how he goes around. I have other spammers, some Russian or Ukrainian drug pharmacy spam and a Chinese fake handbag spam but it's far as the sex spammer and a couple of phishing spam. I will close my account since it isn't one i use anymore anyway.
petzl Posted March 12, 2019 Posted March 12, 2019 8 hours ago, klappa said: Amazon promised to take action several times but nothing happens. Pretty sure these creeps are opening a new "free" amazon account when one is taken down. Seems Amazon are shutting them down when reported from the spammed email address, stating IP address and copy and pasting full headers with report. https://www.virustotal.com/#/url/51cfab3c89b464ef6e07c89d13ae048eb6708dd49233bf740609da33f2834ea2/detailsstatus: 404 Not Found
klappa Posted March 12, 2019 Author Posted March 12, 2019 53 minutes ago, petzl said: Pretty sure these creeps are opening a new "free" amazon account when one is taken down. Seems Amazon are shutting them down when reported from the spammed email address, stating IP address and copy and pasting full headers with report. https://www.virustotal.com/#/url/51cfab3c89b464ef6e07c89d13ae048eb6708dd49233bf740609da33f2834ea2/detailsstatus: 404 Not Found Which domain is that from? I don't recognize it. They usually use domains from Namecheap but mostly bit.ly links. But as said i don't know how they could get their business going? They only rarely get only a few hundred hits if even that. Then the unsuspected user have to throw up the wallet and i guess that's much less, maybe in the single digits? But maybe in the total would amount to several thousand dollars. I know they're running their domains spread out among several hosts. Usually using third party e-mail services to send their spam so they don't go around and compromise servers or domains. I have gotten these sex dating spam for several years now.
RobiBue Posted March 12, 2019 Posted March 12, 2019 1 hour ago, petzl said: Pretty sure these creeps are opening a new "free" amazon account when one is taken down. Seems Amazon are shutting them down when reported from the spammed email address, stating IP address and copy and pasting full headers with report. https://www.virustotal.com/#/url/51cfab3c89b464ef6e07c89d13ae048eb6708dd49233bf740609da33f2834ea2/detailsstatus: 404 Not Found I never report from the spammed email address, and always munge the latter. Several providers have asked for full headers and I always tell them that the email address is of no concern to them as I do not wish retaliation or listwashing from their customers. They sometimes claim it would be easier with my address, but I insist that they can enforce their AUP solely by the email received headers and the email content. This last scenario happened only twice in my umpteen years of reporting
petzl Posted March 12, 2019 Posted March 12, 2019 2 hours ago, klappa said: Which domain is that from? I don't recognize it It's a safety measure to check URL'shttps://www.virustotal.com/#/home/url
petzl Posted March 12, 2019 Posted March 12, 2019 1 hour ago, RobiBue said: I never report from the spammed email address, and always munge the latter. Several providers have asked for full headers and I always tell them that the email address is of no concern to them as I do not wish retaliation or listwashing from their customers. They sometimes claim it would be easier with my address, but I insist that they can enforce their AUP solely by the email received headers and the email content. This last scenario happened only twice in my umpteen years of reporting And your absolutely right, however with me I don't want spam and never munge my reports! Where SpamCop won't send to a abuse desk I then send direct from the address that received the spam
klappa Posted March 13, 2019 Author Posted March 13, 2019 15 hours ago, petzl said: It's a safety measure to check URL'shttps://www.virustotal.com/#/home/url That would be quite useless because if the spammer use hidden redirection domains you have to go to check the destination domain before being able to check it with Virustotal.
petzl Posted March 14, 2019 Posted March 14, 2019 9 hours ago, klappa said: That would be quite useless because Seem to have some success with it Another Forrest Gump moment for me?https://www.businessinsider.com.au/facebook-criminal-investigation-data-sharing-2019-3?r=US&IR=T Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe sold to this Russian (?) Crime gang by FaceBook .. email source 94.100.177.97 abusexcorp.maxl.ru
klappa Posted March 15, 2019 Author Posted March 15, 2019 On 3/14/2019 at 1:25 AM, petzl said: Seem to have some success with it Another Forrest Gump moment for me?https://www.businessinsider.com.au/facebook-criminal-investigation-data-sharing-2019-3?r=US&IR=T Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe sold to this Russian (?) Crime gang by FaceBook .. email source 94.100.177.97 abusexcorp.maxl.ru Yes good for you but you are dealing with obvious phishing spam i am not. It's a difference since i dealing with sex spam. The sex spammers are running a scam business but it's still not phishing e-mail. Everyone takes spam less seriously.
MIG Posted March 15, 2019 Posted March 15, 2019 2 hours ago, klappa said: You are dealing with obvious phishing spam i am not. it's still not phishing e-mail. Everyone takes spam less seriously. Hey klappa, As you receive the emails & process them via SpamCop can you post the tracking URLs to this forum please? Cheers!
petzl Posted March 15, 2019 Posted March 15, 2019 On 3/15/2019 at 12:46 PM, klappa said: Yes good for you but you are dealing with obvious phishing spam i am not. It's a difference since i dealing with sex spam. The sex spammers are running a scam business but it's still not phishing e-mail. Everyone takes spam less seriously. These "sex sites" are sent via (untraceable by you) botnet email or throwaway email addresses, the sites themselves start from a throwaway address then jump to another. Always after credit card details! (the ISP of that botnet can see where the source IP is)Called phishing. heres onehttps://www.spamcop.net/sc?id=z6530436982z1d6d8d3d02831bdf4f781b2561e8282fz notes were22.224.69.173 antispamxdcb.hz.zj.cn bouncesmalicious site URLhttp://chinabdt.nxt/52.5.250.89 abusexamazonaws.cxm proof seehttps://www.virustotal.com/gui/url/600f2573dfc69fffdd57931eb33ec16698d1c613567dd4324f6b82d984349796/detection
klappa Posted March 16, 2019 Author Posted March 16, 2019 23 hours ago, MIG said: Hey klappa, As you receive the emails & process them via SpamCop can you post the tracking URLs to this forum please? Cheers! Yes of course! This is the last one https://www.spamcop.net/sc?id=z6530636585z175385238ef9c81fac2a7bbb91908ac0z 22 hours ago, petzl said: These "sex sites" are sent via (untraceable by you) botnet email or throwaway email addresses, the sites themselves start from a throwaway address then jump to another. Always after credit card details! (the ISP of that botnet can see where the source IP is)Called phishing. heres onehttps://www.spamcop.net/sc?id=z6530436982z1d6d8d3d02831bdf4f781b2561e8282fz notes were22.224.69.173 antispamxdcb.hz.zj.cn bouncesmalicious site URLhttp://chinabdt.nxt/52.5.250.89 abusexamazonaws.cxm proof seehttps://www.virustotal.com/gui/url/600f2573dfc69fffdd57931eb33ec16698d1c613567dd4324f6b82d984349796/detection You're right! However it isn't directly obvious for the hosts i send the spamreports to. They are aren't pretending to be Bank of America in the spam and wants you to login to a spoofed site. They are also depending on valid third party e-mails and domain providers. And sometimes also use third party URL shortener services but sometime doesn't. I don't know if it's the same spammer but it could be. They however as evident in the spam report above almost in all cases rely on Outlook. MS doesn't seem to take action or unable to as they create throwaway accounts after another. Should i instead of reporting them as sex spammer use phishing e-mail instead?
petzl Posted March 16, 2019 Posted March 16, 2019 1 hour ago, klappa said: Should i instead of reporting them as sex spammer use phishing e-mail instead? I report as both.
Lking Posted March 16, 2019 Posted March 16, 2019 Useful discussion. Please be careful to NOT include active "malicious" links in your post. Some suggestions for breaking links would be to replace periods "." in the URL with a coma ',' or '{DOT}' include spaces to break[ ]-[ ]up the URL as in http: // spamcop . net When you do include a URL double check your post to make sure the system did not out smart you and generate a live link. THANKS
MIG Posted March 17, 2019 Posted March 17, 2019 5 hours ago, klappa said: https://www.spamcop.net/sc?id=z6530636585z175385238ef9c81fac2a7bbb91908ac0z Hey klappa. Thanks! 1st ❔, specific ONLY to MS Outlook mail, do you always REMOVE the ENTIRE 1st [Received >>>>> +0000] section BEFORE parsing? Received: from BY2NAM03FT039.eop-NAM03.prod.protection.outlook.com (10.152.84.53) by BY2NAM03HT214.eop-NAM03.prod.protection.outlook.com (10.152.85.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1709.13; Sat, 16 Mar 2019 15:51:29 +0000 Specific to your submitted url https://www.spamcop.net/sc?id=z6530636585z175385238ef9c81fac2a7bbb91908ac0z, the [REMOVE] instruction wouldn't make much/any difference as this email has travelled via MS. The rationale for the [REMOVE] instruction is well documented in Forum posts, I'll drag some up for you & post back. 2nd ❔: (My understanding was we were addressing: topic/35014-what-to-do-with-amazon-hosted-spammers) so, forgive me if I'm confused, but, are your concerns more to do with the process/reporting methodology or ? 3. "instead of reporting them as sex spammer use phishing e-mail instead?" I agree with Petzl, use both. 4. Do you add [Notes] to the addresses SC parser has identified? 5. When I forward the phishing/spam email, I always include, in the subject line [offending ip address, offending ip address: "Network being used by criminals to distribute child porn"], or whatever the criminal activity is. More soon, if you have more SC URLs please continue to post to Forum. Cheers!
klappa Posted April 4, 2019 Author Posted April 4, 2019 On 3/17/2019 at 1:15 AM, MIG said: Hey klappa. Thanks! 1st ❔, specific ONLY to MS Outlook mail, do you always REMOVE the ENTIRE 1st [Received >>>>> +0000] section BEFORE parsing? Received: from BY2NAM03FT039.eop-NAM03.prod.protection.outlook.com (10.152.84.53) by BY2NAM03HT214.eop-NAM03.prod.protection.outlook.com (10.152.85.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1709.13; Sat, 16 Mar 2019 15:51:29 +0000 Specific to your submitted url https://www.spamcop.net/sc?id=z6530636585z175385238ef9c81fac2a7bbb91908ac0z, the [REMOVE] instruction wouldn't make much/any difference as this email has travelled via MS. The rationale for the [REMOVE] instruction is well documented in Forum posts, I'll drag some up for you & post back. 2nd ❔: (My understanding was we were addressing: topic/35014-what-to-do-with-amazon-hosted-spammers) so, forgive me if I'm confused, but, are your concerns more to do with the process/reporting methodology or ? 3. "instead of reporting them as sex spammer use phishing e-mail instead?" I agree with Petzl, use both. 4. Do you add [Notes] to the addresses SC parser has identified? 5. When I forward the phishing/spam email, I always include, in the subject line [offending ip address, offending ip address: "Network being used by criminals to distribute child porn"], or whatever the criminal activity is. More soon, if you have more SC URLs please continue to post to Forum. Cheers! 1. Yes Spamcop can't correctly parse when the 1st Receive line is there. It will always go to abuse microsoft com instead of the correct host abuse department. I think it had to do with Microsoft using internal IPv6 addresses or something. 2. I don't follow. Since Spamcop can't follow the spam link it won't identify the Amazon hosted servers the spammers or phishers use and i have to report it manually. 3. Ok! 4. Yes. To every part that Spamcop can identify. 5. Thanks for input!
MIG Posted April 6, 2019 Posted April 6, 2019 All good Klappa & thank you! Re 2. Please post more/new SC Report URLs that have embedded redirect links to Amazon. Cheers!
klappa Posted April 12, 2019 Author Posted April 12, 2019 On 4/6/2019 at 2:36 AM, MIG said: All good Klappa & thank you! Re 2. Please post more/new SC Report URLs that have embedded redirect links to Amazon. Cheers! I haven't received them for a while now except very sporadic. But next spam from them i will update this thread with SC Report URLs.
Lking Posted April 12, 2019 Posted April 12, 2019 I don't see a suggestion to also send reports/forward spam to stop-spoofing[AT}amazon.com I add that address to all spam that I quickly identify as relating to Amazon or often amazon.uk
Recommended Posts
Archived
This topic is now archived and is closed to further replies.