Another round of Xtra\Yahoo spam?

Forums › Spark New Zealand (including Skinny and BigPipe) › Another round of Xtra\Yahoo spam?

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11

484 posts

Ultimate Geek
+1 received by user: 111

#975211 27-Jan-2014 16:24

I wonder how many customers are forking out $$ to get their email fixed by IT professionals.

It's a trivial fix for the sort of users here, but I've had clients who haven't had a clue how to fix it (I haven't had the heart to bill them for it and justify it as good will).

DigiDog

51 posts

Master Geek
+1 received by user: 18

#976436 29-Jan-2014 09:00

Spam from hacked Xtra accounts is coming in thick and fast this morning. I've had six so far.

= = =

http://scambusters.co.nz
Keeping TradeMe scam free since 2003

= = =

plambrechtsen

1948 posts

Uber Geek
+1 received by user: 459
Inactive user

#976439 29-Jan-2014 09:03

DigiDog: Spam from hacked Xtra accounts is coming in thick and fast this morning. I've had six so far.

If you could send some of the full headers to me (pl at telecom.co.nz) if you know what I mean when asking for full headers that would be brilliant.

DigiDog

51 posts

Master Geek
+1 received by user: 18

#976450 29-Jan-2014 09:16

I've been reporting these emails to SpamCop with abuse at Xtra copied in as previously requested. While I always delete spam emails after reporting them, I have kept one email today because it belongs to one of my clients and I'll have a quick chat to him. I've just sent you a copy... with full headers of course. ;-)

= = =

http://scambusters.co.nz
Keeping TradeMe scam free since 2003

= = =

plambrechtsen

1948 posts

Uber Geek
+1 received by user: 459
Inactive user

#976454 29-Jan-2014 09:24

DigiDog: I've been reporting these emails to SpamCop with abuse at Xtra copied in as previously requested. While I always delete spam emails after reporting them, I have kept one email today because it belongs to one of my clients and I'll have a quick chat to him. I've just sent you a copy... with full headers of course. ;-)

Cheers... Appreciated :)

Allanhall

47 posts

Geek
+1 received by user: 4

#976572 29-Jan-2014 11:50

Yeah I got a wave today to. Also from @yahoo accounts. Seems like the old harvested data, as the headers spoofed.

So not much any one can do ( apart from international security finding the hackers, if there is such a thing.) Its the old hack, coming back to bite.

Lego

Shop now for Lego sets and other gifts (affiliate link).

Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

#976590 29-Jan-2014 12:21

Maybe they should just start publishing SPF records......

Speedtest 2019-10-14

DigiDog

51 posts

Master Geek
+1 received by user: 18

#976618 29-Jan-2014 12:39

Two more (with full headers) coming your way Peter.

= = =

http://scambusters.co.nz
Keeping TradeMe scam free since 2003

= = =

allan

2073 posts

Uber Geek
+1 received by user: 899

ID Verified

Lifetime subscriber

#976762 29-Jan-2014 15:36

So do we have any idea what kind of installs are attempted if someone does click on a link in one of the SPAM emails? CEO believes he has!

andrewNZ

2487 posts

Uber Geek
+1 received by user: 1461
Inactive user

#976770 29-Jan-2014 15:47

allan: So do we have any idea what kind of installs are attempted if someone does click on a link in one of the SPAM emails? CEO believes he has!

Won't it be fun if it's cryptolocker...

I tried a link via my phone, that may or may not be a result of this hack (suspect it is), it appeared to just be a scam weight loss site. Obviously I have no idea if the site contained any malicious content.

mattwnz

20520 posts

Uber Geek
+1 received by user: 4798

#976793 29-Jan-2014 16:02

Had a wave today too. Not sure what server these ones are coming from, but they are from the same xtra email addresses as before.

New World

Shop on-line at New World now for your groceries (affiliate link).

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#976798 29-Jan-2014 16:12

mattwnz: Had a wave today too. Not sure what server these ones are coming from, but they are from the same xtra email addresses as before.

View the source data :) Has it there, last lot was from 'mycomputer' and a pile of UK based servers.

Le Sigh

http://www.stuff.co.nz/the-press/technology/30013197/Fresh-problems-at-YahooXtra

No, don't believe they are from compromised accts mr reporter... someones sold or using the stolen data again as 'from' field methinks.
Sister has already contacted me with the same people that were mailed it last time abusing her for sending spam.. when of course it's not.

mattwnz

20520 posts

Uber Geek
+1 received by user: 4798

#976825 29-Jan-2014 17:16

Oblivian:
mattwnz: Had a wave today too. Not sure what server these ones are coming from, but they are from the same xtra email addresses as before.

View the source data :) Has it there, last lot was from 'mycomputer' and a pile of UK based servers.

Le Sigh

http://www.stuff.co.nz/the-press/technology/30013197/Fresh-problems-at-YahooXtra

No, don't believe they are from compromised accts mr reporter... someones sold or using the stolen data again as 'from' field methinks.
Sister has already contacted me with the same people that were mailed it last time abusing her for sending spam.. when of course it's not.

I actually deleted them straightaway so no longer have a copy, setup a rule, and blacklisted those xtra email addresses, as I don't do business with those senders now anyway.

It is amazing to see that some people would be willing to pay over $100 for a tech to sort it for them, but not pay to actually buy a domain and proper email hosting.

DigiDog

51 posts

Master Geek
+1 received by user: 18

#976838 29-Jan-2014 17:44

None of the current spam emails are coming from Xtra servers - today's batch originated in France, Turkey and other such wonderful countries. The spammers are cleverly targeting the genuine email contacts they found in each Xtra user's address book. In every case the "from" address has been forged so that the spam appears to come from a genuine Xtra account. That greatly increases the percentage of recipients who will click on the email links without thinking.

If Yahoo was running a more secure system the original large scale hack/s wouldn't have happened, and account information for hundreds of thousands of Xtra users and all their friends would not be in the bad guys' hands now. Those of us being spammed by this lot have to face the fact that all of our addresses are now out in the wild and being sold to spammers.

There's really nothing that Telecom can do apart from calm down irritated customers... and hopefully switch their customer email service away from Yahoo!

= = =

http://scambusters.co.nz
Keeping TradeMe scam free since 2003

= = =

richms

29104 posts

Uber Geek
+1 received by user: 10222

Trusted

Lifetime subscriber

#976840 29-Jan-2014 17:59

They could deploy some spf records so that the spoofing doesn't work. Not hard except that all their customers with incorrect smtp settings would find emails being blackholed.

Richard rich.ms

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11