Suspicious Email

Discussion in 'NZ Computing' started by peterwn, Mar 1, 2012.

  1. peterwn

    peterwn Guest

    Received this email overnight:
    "I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted withgratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."

    It is of course a straight out scam, especially when the person concerned was in Wellington last night!

    The email came from [name changed] and I have a friend with same but email address . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.

    The address seems to have been improperly obtained.

    What would be the best course of action? Is Microsoft likely to be interested in following this up?
     
    peterwn, Mar 1, 2012
    #1
    1. Advertisements

  2. peterwn

    peterwn Guest

    Thanks for your help so far.
    Both 'from' and 'to' were , there was no reply-to. I obviously received it via a 'bcc'.

    The false email came from 'hotmail':
    Received: from snt0-omc1-s52.snt0.hotmail.com ([65.54.61.89])
    by mxin2-orange.clear.net.nz with ESMTP; Fri, 02 Mar 2012 02:56:43 +1300
    Received: from SNT130-W24 ([65.55.90.8]) by snt0-omc1-s52.snt0.hotmail.com with
    Microsoft SMTPSVC(6.0.3790.4675); Thu, 01 Mar 2012 05:56:41 -0800

    The 'from' path for two legitimate emails from my friend are:
    Received: from col0-omc3-s16.col0.hotmail.com ([65.55.34.154])
    by mxin3-orange.clear.net.nz with ESMTP; Fri, 17 Feb 2012 12:48:08 +1300
    Received: from COL123-W4 ([65.55.34.135]) by col0-omc3-s16.col0.hotmail.com
    with Microsoft SMTPSVC(6.0.3790.4675); Thu, 16 Feb 2012 15:48:07 -0800
    and:
    Received: from col0-omc3-s16.col0.hotmail.com ([65.55.34.154])
    by mxin1-orange.clear.net.nz with ESMTP; Mon, 30 Jan 2012 21:56:33 +1300
    Received: from COL123-W60 ([65.55.34.137]) by col0-omc3-s16.col0.hotmail.com
    with Microsoft SMTPSVC(6.0.3790.4675); Mon, 30 Jan 2012 00:56:33 -0800

    I do not know how Hotmail servers work, but it seems the dud email came from a different part of Hotmail than used for my friend's legitimate emails. I also wonder if 'msm.com' email addresses operate via Hotmail servers since both are Microsoft owned. Also it would apopear to be more difficult to spoof addresses for emails sent via hotmail compared with a normal SMTP server.
     
    peterwn, Mar 1, 2012
    #2
    1. Advertisements



  3. Just forget it this is very normal and happends all the time
     
    Frank Williams, Mar 2, 2012
    #3
  4. peterwn

    Gordon Guest

    If it adds to their bottom line then yes, maybe.

    I am with Frank on this, just move on.

    The spammer probably sent out *@msn.com. Imean after all hotmail and msn are
    hardy your minority ISP are they?

    The spammer wants $, as do we all.
     
    Gordon, Mar 2, 2012
    #4

  5. In my experience these things come at once removed. I.e. somebody with
    (most likely) internet explorer and outlook has been hacked. They had
    your friend Joe in the address book and the hackers have used what they
    have pilfered from that person's address book to send out emails under
    Joe's name so that they might pass muster at first glance.

    It has happened this way to at least 3 people that I've come across.
    Always been ms-software exploits. I think it's unlikely that they
    actually hacked into hotmail/msn servers.

    In other words: there's probably jack shit you can do about it, just
    ride it out until they start using somebody else's hacked addressbook.
    They never stay on one address for very long at all as far as I've been
    able to observe.

    -P.
     
    Peter Huebner, Mar 2, 2012
    #5
  6. peterwn

    Ralph Fox Guest


    I received an email 6 weeks ago, "from" a friend's hotmail address.
    The Received headers indicated it was sent though Hotmail servers
    (apparently the Hotmail web interface) by someone with an IP address
    in mainland China.

    While it is trivial to change a "from" address in an SMTP client,
    one might think Hotmail could perform some validation on people
    using its web interface.

    Like you, I also wondered whether the email address was improperly
    obtained.

    FWIW the email I received was not a scam like yours, it was an
    advertisement. The language told mne immediately that it was not
    the friend...


    | Dear friends:
    | i have bought one iphone from china with the lower price,i got it within
    | 3 days,so fast!and i am very satisfactory with
    | their service and its quality!
    | also their company sales many other good electronics!pls be hurry to
    | vivsit their site!and you will find the big suprise!www.********.***
     
    Ralph Fox, Mar 2, 2012
    #6
  7. peterwn

    peterwn Guest

    <snip>
    Got to the bottom of it. My friend's hotmail account was hijacked. I
    emailed
    to that account warning my friend, and got back a reply from the
    fraudster
    wondering when i would send the money by Western Union. Poor friend is
    rather red faced and been deluged with phone calls from mailing list
    contacts who also had dud messages.
     
    peterwn, Mar 2, 2012
    #7
  8. peterwn

    ~misfit~ Guest

    Hi Peter,

    A friend of mine had his Hotmail account hacked and I got messages for about
    a year, on and off, from that account. I'd say that the hackers must have
    had some bites from his address book (he was a prolific emailer, and
    young..) so kept mining it.
    --
    Shaun.

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1)
     
    ~misfit~, Mar 3, 2012
    #8
  9. peterwn

    Dave Doe Guest

    Just e-mail yer joe bloggs man and tell him to change his password -
    suggest he uses a better one in future! :)
     
    Dave Doe, Mar 4, 2012
    #9
  10. peterwn

    Dave Doe Guest

    Yep, quite common - a result of too many folk having very poor
    passwords. The hackers don't 'hi-jack' the account to the extend of
    changing the password (that would tip off the account holder) - and just
    happily use it to send out such malicious e-mails to the account
    holder's contacts.

    New password - fixed!

    As said, suggest they use a stronger password in future! :)
     
    Dave Doe, Mar 4, 2012
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.