[MA-SOC] OT: Insidious new type of spam by hackers - please be careful!

Clyde Adams III clydesan at gmail.com
Tue Oct 14 19:58:08 EDT 2008


Hi Jill,

Sending spam with the recipient's own email as the spoofed return address is
not new; it's a very old trick.

Spoofing your return address is easy.  It does *not* require your password.
That AOL rep was quite ignorant.

Check out, for example:

<http://www.google.com/search?q=spam+from+own+address>

<
http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/11/25/BU168392.DTL
>
New spam seems to come from your own address
David Einstein
Monday, November 25, 2002


Clyde
New York City Anime: Events, clubs, shops, and more
http://nyc-anime.com/

On Tue, Oct 14, 2008 at 10:39 PM, <Oneirophile at aol.com> wrote:

> Mina-san,
>
> I wanted to give you all a heads-up about a new and rather scary kind of
> spam.  I recently got one of those bogus Viagra ads, masquerading as a
>  Microsoft
> Corporation announcement.... nothing unusual about that.  So I  sent it to
> my
> spam folder.  But when I checked my spam folder again just to  see who the
> offending sender was, I discovered that the "From" was my very own  e-mail!
>  Not
> similar, not a variation, but completely identical to  mine.
>
>
> I immediately moved the bogus ad out of my spam folder, fearing  that I
> would
> be reporting my own e-mail as a spammer.  I then phoned AOL  and spoke to
> one
> of their reps.  He told me that this tactic is unusual,  but not unheard
> of,
> and it means that someone got access to my AOL  password.  That was even
> more
> scary, because I have never told *anyone* my  AOL password.... not even my
> husband or my son.  And I've never typed my  password into any e-mails or
> online
> forms, either (I know better than to do  that!).  Apparently, the new
> generation of hackers knows how to crack  passwords without even tricking
> their
> victims into revealing them.
>
> The AOL rep told me that all we could do is to run a scan with our
>  antivirus
> software (we've got up-to-date McAfee), and to change my password more
> frequently.  There's no other recourse -- I cannot report it as spam,
>  because I'd
> be reporting my own e-mail as the sender.
>
> The moral of the story is this:  When you get spam, do  NOT automatically
> send it to the spam folder without first checking the  sender.  If the
> sender
> appears as your own e-mail, it means that your  password has been cracked
> and you
> should not send it to the spam folder, -- just  delete it and run a virus
> scan IMMEDIATELY.  After the scan is complete be  sure to change your
> password.... and change it more often in the future.
>
> Just a word to the wise from
> your sadder-but-wiser buddy,
> Jill
>
> + + + + + + +  + + + + + + + + + + + + + + + + + + + + + +
> VOCATUS ATQUE NON VOCATUS DEUS  ADERIT
> ("Bidden or not bidden, God is present")
> + + + + + + + + + + + + +  + + + + + + + + + + + + + + + +


More information about the ma-nyc-soc mailing list