Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Has there been another yahoo Xtra hack today?
raytaylor

4029 posts

Uber Geek
+1 received by user: 1246

Trusted

#157239 24-Nov-2014 21:28
Send private message

Just noticed I received another set of spam messages from unrelated clients using @xtra email.
I seem to get them from these ones on each occasion

Has there been another hack that anyone else noticed?
spark service status shows email status green




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
michaelmurfy
meow
13367 posts

Uber Geek
+1 received by user: 10370

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1182424 24-Nov-2014 21:33
Send private message

Just the next wave of spoofed emails going out again I'd say :)




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



dimsim
851 posts

Ultimate Geek
+1 received by user: 143

Trusted
Lifetime subscriber

  #1182438 24-Nov-2014 21:59
Send private message

I've had three between 4.19pm and 7.56pm

all with differing http links - from memory it was these ones last time also..

 

http://www.ropercapital.com/xtlhl/....................

 

http://teamspl.com.sg/kq/................

 

http://szeben.ro/qghoclk/......................

dimsim
851 posts

Ultimate Geek
+1 received by user: 143

Trusted
Lifetime subscriber

  #1182441 24-Nov-2014 22:04
Send private message

michaelmurfy: Just the next wave of spoofed emails going out again I'd say :)


yep, spoofed.

surely they way they locked down their email recently they could use spf to reduce this somewhat?

i noticed the other day that ANZ dont use any form of SPF record... funny that they are the only bank i get spoofed phising emails from..



raytaylor

4029 posts

Uber Geek
+1 received by user: 1246

Trusted

  #1182477 24-Nov-2014 23:13
Send private message

interesting how it seems to be people in their contacts list that are also in the to/cc fields of the message - all seem to be other people in Napier




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

Andib
1375 posts

Uber Geek
+1 received by user: 950

ID Verified
Trusted
Subscriber

  #1182479 24-Nov-2014 23:23
Send private message

Yep users at work recieved a stack of them today.




<# 
       .DISCLAIMER
       Anything I post is my own and not the views of my past/present/future employer.
#>

mattwnz
20259 posts

Uber Geek
+1 received by user: 4524


  #1182480 24-Nov-2014 23:25
Send private message

Yeap, I got spam from myself and others on my address book. Just acts as a reminder to avoid the xtra email service.

raytaylor

4029 posts

Uber Geek
+1 received by user: 1246

Trusted

  #1182493 25-Nov-2014 01:04
Send private message

It really annoys me how spark doesnt acknowledge that their stupid decisions affect users who dont even use xtra email addresses.
Due to their partners lack of security and repeated incompetence, my email address has been leaked to spam lists by means of scraping address books of hacked accounts.
I am one of those people that creates a throwaway email account for almost everything I sign up for - and only give my email address to someone whose hand i can shake. Now I am getting spam.

Tip for you guys 
If you have a gmail account, you can create a throwaway when you sign up for a website
just use screenname+random123@gmail.com 
The message will go straight to junk which you can pull out for a verification link. Any future messages to that will go to your junk folder - unless you create a rule to put it in your inbox.
Its a great way to figure out when a website has been hacked or have somehow passed your throwaway email address on to a mailing list.




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
matisyahu
1634 posts

Uber Geek
+1 received by user: 348

Trusted

  #1182521 25-Nov-2014 08:11
Send private message

You'd think at this point Spark would just give up and give the job back to Microsoft who actually did a pretty good job when they provided email services.




"When the people are being beaten with a stick, they are not much happier if it is called 'the People's Stick'"

linw
2865 posts

Uber Geek
+1 received by user: 1169


  #1182563 25-Nov-2014 09:12
Send private message

raytaylor: It really annoys me how spark doesnt acknowledge that their stupid decisions affect users who dont even use xtra email addresses.
Due to their partners lack of security and repeated incompetence, my email address has been leaked to spam lists by means of scraping address books of hacked accounts.
I am one of those people that creates a throwaway email account for almost everything I sign up for - and only give my email address to someone whose hand i can shake. Now I am getting spam.

Tip for you guys 
If you have a gmail account, you can create a throwaway when you sign up for a website
just use screenname+random123@gmail.com 
The message will go straight to junk which you can pull out for a verification link. Any future messages to that will go to your junk folder - unless you create a rule to put it in your inbox.
Its a great way to figure out when a website has been hacked or have somehow passed your throwaway email address on to a mailing list.


Ray, would you please elaborate on the throwaway trick. Like what is 'screenname' and do you mean 'random123' to be anything? And does the random bit just get concatenated?

Just can't get my head around this one!! Tried something and it just got rejected.

Stu

Stu
Hammered
8423 posts

Uber Geek
+1 received by user: 2222

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1182903 25-Nov-2014 16:59
Send private message

I expect raytaylor means screenname would be your normal email account bit before the @gmail.com. The random bit would normally be something to do with the site you're registering on eg. if your email account was myemailaccount@gmail.com, then you would use myemailaccount+geekzone@gmail.com to register here on Geekzone or myemailaccount+nzherald@gmail.com to register with NZ Herald etc. Doesn't always work though as not all sites like the + bit.




People often mistake me for an adult because of my age.

 

 

Keep calm, and carry on posting.

 

 

Referral Links: Sharesies - Backblaze

 

Are you happy with what you get from Geekzone? If so, please consider supporting us by subscribing.

 

No matter where you go, there you are.

richms
28343 posts

Uber Geek
+1 received by user: 9324

Trusted
Lifetime subscriber

  #1182969 25-Nov-2014 19:43
Send private message

Spammers are just dropping stuff after the + symbol now. Doesn't help keep the main address off their lists.




Richard rich.ms

raytaylor

4029 posts

Uber Geek
+1 received by user: 1246

Trusted

  #1182977 25-Nov-2014 20:10
Send private message

BigHammer: I expect raytaylor means screenname would be your normal email account bit before the @gmail.com. The random bit would normally be something to do with the site you're registering on eg. if your email account was myemailaccount@gmail.com, then you would use myemailaccount+geekzone@gmail.com to register here on Geekzone or myemailaccount+nzherald@gmail.com to register with NZ Herald etc. Doesn't always work though as not all sites like the + bit.


this is true. although much easier when you have a domain and a script that creates new email addresses in a few clicks.




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

Stu

Stu
Hammered
8423 posts

Uber Geek
+1 received by user: 2222

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1182983 25-Nov-2014 20:21
Send private message

Or a catchall account and no clicks are required.




People often mistake me for an adult because of my age.

 

 

Keep calm, and carry on posting.

 

 

Referral Links: Sharesies - Backblaze

 

Are you happy with what you get from Geekzone? If so, please consider supporting us by subscribing.

 

No matter where you go, there you are.

raytaylor

4029 posts

Uber Geek
+1 received by user: 1246

Trusted

  #1182986 25-Nov-2014 20:33
Send private message

Ha I tried that.
It majorly fails when they start mass sending emails to every concievable staff member name like a brute force
amy@domain
andrea@domain
anderson@domain
...
zac@domain
zach@domain
zelda@domain




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

linw
2865 posts

Uber Geek
+1 received by user: 1169


  #1183155 26-Nov-2014 09:29
Send private message

BigHammer: I expect raytaylor means screenname would be your normal email account bit before the @gmail.com. The random bit would normally be something to do with the site you're registering on eg. if your email account was myemailaccount@gmail.com, then you would use myemailaccount+geekzone@gmail.com to register here on Geekzone or myemailaccount+nzherald@gmail.com to register with NZ Herald etc. Doesn't always work though as not all sites like the + bit.

Thanks - got it!!

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright