Very personalised spam from a friend

Brendan Burgess

Brendan Burgess

Founder
Messages
53,716
I got a very clever piece of spam yesterday and can't figure out how it was done.

I am in regular email contact with a friend, let's call him Fionn Connolly.
(Fionn Connolly is not their real name but it would be a similar name - Rare enough first name with a reasonably common surname)


In the "From" column in Outlook , the email was from "Fionn Connolly"

The subject was "FOR BRENDAN"

My spam software had highligted it as potential spam, and indeed it was

Although it was from Fionn Connolly in the From column, the actual email address showing up was toninhocereso@rocketmail.com and it was a link to a Romanian website without commentary.

I find this very odd. From time to time, spammers hack people's accounts and send emails from the hacked account. But in this case they don't seem to have hacked the account. Of it they have, why did they not send me the link from that account so I would have been less suspicious.

Has Fionn's account been hacked?
Do they need to do anything e.g. change passwords? ( I have suggested that they do so anyway)

Does it suggest that my account has been hacked? I have changed my password anyway.
 
Something similar happened to me. I know that it is my contact's email account that has been compromised, and not mine.
 
Its personalised spam. They get an address book form somebody or a company and simply email everyone on it. At some point they luck on someones name who you deal with all the time and you might click on by accident. They also scrape all the emails they can find on the web say for a company, @askaboutmoney.com then create every combination of name and surname with this, then fire that out. When they are sending out millions of emails at some point they'll hit on a combination that gets a hit. Or they could simply have got access to an address book somehow.

http://www.itworld.com/security/103709/the-rise-personalized-spam
http://www.usatoday.com/tech/news/computersecurity/2008-12-18-personalized-spam_N.htm
 
It looks like your friend had thier e-mail compromised.

They will download the address book , then use that as the basis for the spam.

It's easier for them to mass mail from the thier software then use the hacked account to send. It's also the gift that keeps giving as even when the person changes their password the spammers can contiune to use the details to send spam.
 
By all means change your password and inform your friend that s/he may have had their email / contacts database hacked.

Add the actual email address to the "black list" or "known spammers" section in your spam-filter program and at least that will stop more rubbish from them reaching you.

There used to be programs with a "return to sender" facility which could spam the spammers with their own spam, but I haven't seen one in a while.
 
I think it is very easy to send an e-mail with whatever you want in the From address or at least in the text field of the From address so that it appears that the email is from someone it isn't.

However the internet header of the email should have the real address - in Outlook right click on an email and select "Message Options ..." to see the internet header
 
It may be spam linking to a website which will try to install Botnet software on your computer. But it does also look like the originating email was compromised.
 
If you are using Microsoft Outlook for your email, then the from address is stored in the account settings.

Click on Tools - Account Settings - double click an account :-

The E-mail address content the text that will appear as the From address - you can put anything you like here eg donald.duck@disney.com, my.friend@eircom.net, spammer@here.ie,...

The "Server Information" and "Logon Information" are required to access the email server that is used to send the email and must correspond to an proper ISP account.
 
You must log in or register to reply here.
Back
Top