phishing email

Malware detection, cleaning and prevention
Post Reply
unclejohnny
Posts: 18
Joined: Sun Dec 09, 2007 1:19 pm
Location: australia

phishing email

Post by unclejohnny » Tue Oct 26, 2010 2:08 pm

Hi, I have just received a phishing email from the USA Tax Dept (besides the spelling mistakes) this made it easy to spot.
.
But what concerns me is that the cc listed twenty (20) Exetel members email addresses.
.
All starting with the letter "B" and appear to be genuine email addresses. (see below)
.
How would they have so many Exemail addresses ?
.
If they have 20 addresses starting with the letter "B", does this equate to 26 x = 530 exemail addresses ?
.
Johnno
.
This is a sample of the addresses ... I have altered them to protect the members:
.
bpsta***@exemail.com.au; bradl***@exemail.com.au; braggsav***@exemail.com.au; bre***@exemail.com.au; bren***@exemail.com.au; brettan***@exemail.com.au; br***@exemail.com.au; brui***@exemail.com.au; bryan***@exemail.com.au ... etc etc etc

Klaas
Posts: 609
Joined: Sat Apr 03, 2004 1:48 pm
Location: Sydney

Re: phishing email

Post by Klaas » Tue Oct 26, 2010 2:30 pm

When spammers send email, they send to just about every combination of letters they can come up with

You simply got some where they started with "b", and there will be a damn site more than 20 - that's all they cc'd on the one you received.

User avatar
CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: phishing email

Post by CoreyPlover » Tue Oct 26, 2010 2:34 pm

unclejohnny wrote:How would they have so many Exemail addresses ?
Any number of ways, including harvesting from public pages, to simply brute-force guessing. For instance: a simple google search reveals perhaps 6 Exetel pages, followed by pages with a public exemail.com.au email address. Most are businesses, but I'm sure there are many personal addresses in there too
unclejohnny wrote:If they have 20 addresses starting with the letter "B", does this equate to 26 x = 530 exemail addresses ?
Even if they do, that isn't that many. Most spammers would spew their spam out to thousands upon thousands.

Users will always be at the mercy of phishing and spam. It is ultimately the individual's responsibility to: 1. Protect their identity by restricting the publishing of their details on public pages and 2. identify phishing threats and ignore / delete them without responding (as you have just done)
I am a volunteer moderator and not an Exetel staff member. As with all forum posts, mine do not constitute any "official" Exetel position. Support tickets may be logged via https://helpdesk.exetel.com.au or residentialsupport@exetel.com.au

User avatar
Dazzled
Volunteer Site Admin
Posts: 6002
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: phishing email

Post by Dazzled » Tue Oct 26, 2010 3:07 pm

Wot Corey sez.... I just harvested 95 separate exemail addresses from a simple search. You can also practically guarantee that the pests will use every name that is a dictionary word.

Most phishing depends on html email, (fostered by a large US software company, but utterly contrary to the standards) where not only misleading graphics can be displayed, but also falsified links. If you turn html display off in your client most of this garbage simply looks pathetic, even with good spelling.

If you must run risks, one thing that can alert you to suspicious html links is to always run a user javascript in your mail client, if it supports it, that checks the html link text (usually innocent) against the true hyperlink address (the crim's real postbox or web site). There are a few published on line - most will display a warning icon on the page (red flag, etc) , or pop up an alert message, when there is a difference.

Some clients can compare your mail's origin and links with a register of known phishing URLs, eg, see http://www.phishtank.com/ (OpenDNS) or http://news.netcraft.com/ and warn appropriately.

Post Reply