1. #1

    Angry Spam E-Mails

    I have received 3 Spam E-Mails for my 2 bank accounts. I have taken no action so I am not in Security trouble. I am writing this to see if there is any information in the following source code that could be used to stop this kind of Spam. I would love to blast them somehow, but that would be Spam on Spam. Here is the code. Of course, they also had my e-mail account from somewhere.
    Return-Path: alert apple.com
    Delivered-To: 3 2626628
    Received: from imap-director-5.dovecot.iad.rs.oxcs.net
    [10.12.2.8]
    by imap-backend-29.dovecot.iad.rs.oxcs.net with LMTP id
    mDUzCc/Pp1sbeAAAwDIleQ
    for 3 2626628 Sun, 23 Sep 2018 17:39:27 0000
    Received: from xxx [10.12.2.8]
    by imap-director-5.dovecot.iad.rs.oxcs.net with LMTP id
    CHTuCM/Pp1vRcAAApzv4 w
    Sun, 23 Sep 2018 17:39:27 0000
    Received: from eastrmimpo110.cox.net
    eastrmimpo110.cox.net [68.230.241.223]
    by xxx Postfix with ESMTP id 42JF2R0MWqz5h0G0
    for XXXXXX .net Sun, 23 Sep 2018 17:39:27 0000 [Edit Note: email address removed]
    UTC
    Received: xxx [70.169.134.211]
    by eastrmimpo110.cox.net with cox
    id f5fF1y00h4ZpiiE015fGCa Sun, 23 Sep 2018 13:39:22
    -0400
    X-Authority-Analysis: vequals2.3 cvequalsSokkF8G0 cequals1
    smequals1 trequals0
    aequalsVJe sJK68GOG4JxNUpDFDgequalsequals:117 aequalsVJe
    sJK68GOG4JxNUpDFDgequalsequals:17
    aequalsO76VCmqbo-wA:10 aequalsJBFolyDoGHsA:10
    aequalsgaWx0J2o_UkA:10 aequalsD05rXRyk5x0A:10
    aequalsYA1eSsJxD64A:10 aequalsBoWFyJiiAAAA:8
    aequalsvquR50HvWIZObfEirfEA:9 aequalsOehsmYQrzN8A:10
    aequalsstKrwtlwy0UA:10 aequalsz5t0wjVYXqeXrmZG__-N:22
    aequalsy85AKpeX8sTgZG6YX2Fa:22
    aequalsHH7FIXwXL_sUf1zzYxQd:22
    X-CM-Score: 0.00
    Authentication-Results: cox.net none
    Received: from HELO 1hld2a [185.228.122.94] by Shop01 id
    6632878-59688 Sun, 23 Sep 2018 12:30:45 -0600
    Message-ID: 36nkeqk2j-xx-030$55w9 xqc.0d8.v2
    From: Chase Notification alert apple.com
    Reply-To: Chase Notification alert apple.com
    To: XXXXXXXXX .net [Edit Note: email address removed]
    Subject: Alert: Unusual Sign-in Attempt
    Date: Sun, 23 Sep 18 12:30:45 GMT
    X-Mailer: eGroups Message Poster
    MIME-Version: 1.0
    Content-Type: multipart/alternative
    boundaryequals .D0F2AE.55
    X-Priority: 1
    X-MSMail-Priority: High


    --.D0F2AE.55
    Content-Type: text/html
    Content-Transfer-Encoding: quoted-printable

    A hrefequals3D https://beweisindia.com/q1w2.html IMG
    srcequals3D https://beweisinequals
    dia.com/q1w2.png /A .

    --.D0F2AE.55--
    Last edited by Corrine; 09-24-2018 at 02:10 PM.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,985

    Re: Spam E-Mails

    I edited your post to remove what appears to be your email address -- a sure target for more spam since public sites are the most frequent source of spammers' bots searching the web for email addresses. The second address removed was "just in case" it is a real person's name and not to the spammer.

    Since the spam gave the appearance of being from your bank, it wouldn't hurt to check your account and consider changing the password as an extra caution, particularly since the email subject line reads "Alert: Unusual Sign-in Attempt". Your email provider has suggestions on how to deal with spam. It would be a good idea to check what they provide as well as their suggestions.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Spam E-Mails

    I took your advice and changed the password. Were you able to identify the source of these Spams? Is there anything we can do against them? It looks as if they come from what is a valid location, so I am not sure how COX can stop them without me losing legal e-mails from the banks.
    Thanks again.

    I just looked up 185.228.122.94 and found it is located in Spain. Is this what you found?

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,985

    Re: Spam E-Mails

    The header can be examined at Email Header Analyzer - WhatIsMyIP.com®. Just copy/paste the header in the space provided and click "Analyze".

    Recognizing email as spam is the best and first solution. Spammers use spoofed email addresses so the unwary/click-happy can get caught, which is the object of the spammers. Since the object of the email was to supposedly warn you about an unusual sign-in attempt on your account, clicking on the link would have resulted in asking for your sign-in credentials. The first thing to keep in mind is to never sign-in to a bank or credit card account from an email link. Always navigate to the site manually or from a saved/legitimate bookmark. You can also forward the email to the bank's abuse address (abuse at Chase dot com).

    As to legitimate email being marked as spam, yes, that happens but you may want to consider a program such as MailWasher. The free program can only be used for one email account but the pro version works with multiple email accounts from multiple providers. I'll point Digerati to this thread because I know he has used MailWasher Pro for many years and may wish to add additional information.
    ssherjj says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5
    plodr's Avatar
    Join Date
    Sep 2016
    Posts
    253

    Re: Spam E-Mails

    Is there anything we can do against them?
    People have been asking that for decades! In 2018, spam accounts for 48.16% of the email. I'm sure it will soon overtake legitimate email. This despite all the tools we have and sites use to try and filter out the spam.
    Stay vigilant. NEVER click a link in a sensitive email, like from a bank.
    Close the browser, open a new instance and type the bank url into the browser then go to the bank site and log in. I also never save my log in details to bank sites no matter how many times my browsers offer to save them.
    Corrine says thanks for this.

  6. #6
    Digerati's Avatar
    Join Date
    Aug 2012
    Location
    Nebraska, USA
    Posts
    3,549
    • specs System Specs
      • Manufacturer:
        BrightWorks Systems
      • Model Number:
        BWS-6 E-IV
      • Motherboard:
        Gigabyte GA-Z170-HD3
      • CPU:
        Intel Core i5-6600 Skylake Pushed to 3.9GHz
      • Memory:
        2 X 8GB Corsair Vengeance DDR4 3000
      • Graphics:
        EVGA GeForce GTX 1050TI 04G-P4-6251-KR, 4GB GDDR5
      • Sound Card:
        Integrated
      • Disk Drives:
        Samsung 850 Pro 256GB SSD, 850 EVO 250GB SSD, Blu-ray R/W
      • Power Supply:
        EVGA Supernova 550W Gold
      • Case:
        Fractal Design Define R4 Mid Tower w/Window
      • Cooling:
        2 x 140mm case fans, OEM CPU Cooler
      • Display:
        2 x Samsung S24E650BW 24 inch WS
      • Operating System:
        Windows 10 Pro 64-Bit

    Re: Spam E-Mails

    Thanks Corrine! :)

    Yes, I am a big fan of MailWasher Pro, but I have to confess, that is mostly as a mail handler, rather than a spam blocker - though it is excellent at that too.
    I would love to blast them somehow, but that would be Spam on Spam
    Wise observation and smart decision on your part. The problem is spammers (and malware distributors) don't use their own email addresses in their emails. They "spoof" another email address in the message (telemarketers and robocallers do the same thing with Caller ID phone numbers). This makes it appear the spam is from a legitimate source, often someone you may know. It is another "social engineering" trick the bad guys use to get us to click on a malicious link.

    There are ways to "bounce" the spam back to the sender to make it appear your email address is invalid. The problem is, because they use a spoofed email address, the bounce does not go back to the spammer. And worse, it often goes back to the legitimate email address holder, resulting in that "spam on spam" situation you noted. Be aware that many ISPs frown on bouncing emails and if done too often, they will close your account or blacklist your email address for sending spam! Not a good thing.

    The best course of action we can take is exactly what you did - just delete the email.

    For the record, I too have been receiving similar emails. Some "appear" to come from my bank. Others appear to come from banks I don't even have accounts with. See where I made a similar complaint about US Bank spam here.

    Two days ago, I got this little gem:
    Spam E-Mails-wf-spam-jpg

    I have a Wells Fargo account so yes, it got my attention, for about 2 seconds. MailWasher had already tagged it as spam, but the give-away was the poor grammar ("This to notify you..."). The non Wells Fargo email address for the sender and the link were clear give-aways too.

    Just yesterday, I got the following, supposedly from Chase bank (I don't have any accounts there either):
    As a part of our routine se curity manitoring, we noticed suspicious activities on your account on September-25-2018 from an unrecognized device. For your se curity your account require extra verifi cation process to ensure your identity is save and secured in our database.

    Click here to update your account http ://0bc.xyz/91f

    Sincerely

    Chase Secu rity Support .

    © 2018 JPMorgan Chase & Co.
    Note that all the spaces were in the email, except the one I put after http.

    If you don't have a spam blocker, I recommend checking out MailWasher Pro (MWP) - especially if you routinely receive emails through several emails accounts. For example, I use 6 emails accounts and receive ~50 - 60 emails every day. They are gmail accounts and those provided by my ISP. The vast majority of emails are forum notification emails. MWP, by default, goes to each of my accounts and views the first couple 100 lines. This is normally plenty to look at the entire header and first several lines of the actual email, then analyze that for spam content. It displays all those emails in one inbox. It tags known and suspected spam. It lets me tag (or untag) suspected spam. And it lets me "work" my forum notifications and other emails from there. I can delete, forward or reply to them from the MWP inbox - all without pulling a single email down on to my computer and without even starting my email client (Outlook 2016). Very nice!

    So what MWP does is let me process the emails while they are still on the servers. It does not, by default, display any HTML code, nor does it download any attachments that may be attached (it does tell you is there is an attachment, however). This is totally different from most other spam blockers which do download the entire email and any attachments. To me, that is like inviting the potential stranger and bad guy into your home and then asking what he wants.

    So when I am done "working" my emails for the day, I am typically left with just a small handful of "keepers" - emails I actually want to keep. So then I us MWP to start my email client so I can pull down on to my local computer what I already know are safe emails.

    MWP also lets you help fight spam by letting you tag new spam and reporting it to SpamCop and/or other services.

    BTW, "Spam" or "SPAM" is a meat product and considered an Hawaiian delicacy. Unwanted emails is "spam" and does not deserve to be capitalized - that is, there is nothing "proper" about it. It is just "spam" with a lower case "s".
    Corrine and ssherjj say thanks for this.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    MS MVP 2007 - 2018

    Heat is the bane of all electronics!

  7. #7
    Digerati's Avatar
    Join Date
    Aug 2012
    Location
    Nebraska, USA
    Posts
    3,549
    • specs System Specs
      • Manufacturer:
        BrightWorks Systems
      • Model Number:
        BWS-6 E-IV
      • Motherboard:
        Gigabyte GA-Z170-HD3
      • CPU:
        Intel Core i5-6600 Skylake Pushed to 3.9GHz
      • Memory:
        2 X 8GB Corsair Vengeance DDR4 3000
      • Graphics:
        EVGA GeForce GTX 1050TI 04G-P4-6251-KR, 4GB GDDR5
      • Sound Card:
        Integrated
      • Disk Drives:
        Samsung 850 Pro 256GB SSD, 850 EVO 250GB SSD, Blu-ray R/W
      • Power Supply:
        EVGA Supernova 550W Gold
      • Case:
        Fractal Design Define R4 Mid Tower w/Window
      • Cooling:
        2 x 140mm case fans, OEM CPU Cooler
      • Display:
        2 x Samsung S24E650BW 24 inch WS
      • Operating System:
        Windows 10 Pro 64-Bit

    Re: Spam E-Mails

    And then again today:
    Spam E-Mails-chase-spam-jpg
    This one looks pretty good, but there are still several obvious punctuation and capitalization errors.

    Other obvious clues:

    It was addressed to "Undisclosed-Recipients:"
    It came from "no1warrior@comcast.net"
    Bill (AFE7Ret)
    Freedom is NOT Free!
    MS MVP 2007 - 2018

    Heat is the bane of all electronics!

Similar Threads

  1. Replies: 0
    Last Post: 05-08-2016, 06:55 PM
  2. Goodbye to spam, er, @spam, on Twitter...
    By JMH in forum Social Media News
    Replies: 0
    Last Post: 04-22-2013, 09:30 PM

Log in

Log in