[kwlug-disc] Trace spam email back to source
Paul Nijjar
paul_nijjar at yahoo.ca
Tue Jun 30 13:31:54 EDT 2020
Based on the headers, I think it is probable that somebody broke into
your friend's account, and is using the web interface to send spams to
the contact list. This is worse than Doug's scenario of addresses
being harvested.
Your friend might be able to find evidence of this in his sent mail.
Regardless he should treat his email account as compromised. If he
can, he should probably log into his account and change his password
(and set up two-factor auth?) right away. If your friend has reused
that password on any other accounts, those passwords need to be
changed right away as well.
- Paul
On Tue, Jun 30, 2020 at 01:20:44PM -0400, Yas Adem wrote:
> Oh... i missed that thanks Khalid i will keep that in mind for future... i
> just contacted my friend and he told me one of his old friend sent $300
> dollars to scammers. There may be many other people who did the same... So
> sad.
>
> Regard
> Yasin
>
> On Tue, Jun 30, 2020, 12:06 PM Khalid Baheyeldin, <kb at 2bits.com> wrote:
>
> > It was better if you removed your friend's name and email account from the
> > headers, for privacy reasons.
> >
> > The only email address in the headers is 74.6.132.219, and says ....
> > mail.bf2.yahoo.com
> >
> > Whois shows that this email address is indeed owned by Oath which owns
> > Yahoo now
> > https://www.whois.com/whois/74.6.132.219
> >
> > At some point Rogers were using Yahoo Mail, and maybe that is still the
> > case.
> >
> > There is a Reply-To address which is Gmail. Not sure if that is indeed
> > your friend's other email address, or something a hacker created just to
> > get the reply back.
> >
> > So it is inconclusive as to whether your friend's Rogers account was
> > hacked or not.
> > You should call him and let him know, so that he checks at his end.
> >
> > _______________________________________________
> > kwlug-disc mailing list
> > kwlug-disc at kwlug.org
> > https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
--
Events: https://feeds.off-topic.kwlug.org
Blog: http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list