sci.space.* alert - new spammer tactic

For years, spammers have been harvesting email addresses from Usenet posts
to add to their mailing lists (one reason why I munge my address).

A fellow sci.space.* poster has forwarded me a new twist on this: a spam
email he received with the following "From:" header:

From: "Jorge Frank"
Subject: hi

I don't think my name is all that common. So apparently, spammers are now
using the usernames from their harvested addresses to forge the "From:"
header, *and* are targeting the spam to addresses harvested from the same
newsgroup, to fool the target into opening the spam.

So be alert: if you receive an unexpected email from "me" (or anyone else
who's posted to sci.space.* lately), and the Subject: header is something
suspicious like "hi", 1) it wasn't me; I use more descriptive subject
lines, and 2) open with caution - check the email address first.
--
JRF

Reply-to address spam-proofed - to reply by E-mail,
check "Organization" (I am not assimilated) and
think one step ahead of IBM.

"Jorge R. Frank" wrote:

For years, spammers have been harvesting email addresses from Usenet posts
to add to their mailing lists (one reason why I munge my address).

A fellow sci.space.* poster has forwarded me a new twist on this: a spam
email he received with the following "From:" header:

From: "Jorge Frank"
Subject: hi

I don't think my name is all that common. So apparently, spammers are now
using the usernames from their harvested addresses to forge the "From:"
header, *and* are targeting the spam to addresses harvested from the same
newsgroup, to fool the target into opening the spam.

So be alert: if you receive an unexpected email from "me" (or anyone else
who's posted to sci.space.* lately), and the Subject: header is something
suspicious like "hi", 1) it wasn't me; I use more descriptive subject
lines, and 2) open with caution - check the email address first.
--
JRF

Reply-to address spam-proofed - to reply by E-mail,
check "Organization" (I am not assimilated) and
think one step ahead of IBM.

This is not a completely new tactic. I have received return
email from people who have complained that I have sent
spam to them and this was not true.

Mike Walsh

Michael Walsh wrote in
:

"Jorge R. Frank" wrote:

I don't think my name is all that common. So apparently, spammers are
now using the usernames from their harvested addresses to forge the
"From:" header, *and* are targeting the spam to addresses harvested
from the same newsgroup, to fool the target into opening the spam.

This is not a completely new tactic. I have received return
email from people who have complained that I have sent
spam to them and this was not true.

So why didn't you warn us? :-)

--
JRF

Reply-to address spam-proofed - to reply by E-mail,
check "Organization" (I am not assimilated) and
think one step ahead of IBM.

"Jorge R. Frank" wrote:

[snip]

So be alert: if you receive an unexpected email from "me" (or anyone else
who's posted to sci.space.* lately), and the Subject: header is something
suspicious like "hi", 1) it wasn't me; I use more descriptive subject
lines, and 2) open with caution - check the email address first.


Not a problem. Had one yesterday, though not with your name. Just
'hi' already raises flags for me.

And for the first time in months, I have *not* seen any allged
'Microsoft Network Patches' in my inbox for a full day. someone(s)
somewhere must finally be cleaning up their machines...

--

You know what to remove, to reply....

On Tue, 25 Nov 2003 02:19:58 GMT, Michael Walsh wrote:

This is not a completely new tactic. I have received return
email from people who have complained that I have sent
spam to them and this was not true.

I think this is referred to as a "Joe Job". Forging your address
as the originator of a spam or virus e-mail. A little odd, though,
that Jorge's name was pasted into a German e-mail address.
Have you defected, Jorge??

Dale

In sci.space.policy Jorge R. Frank wrote:
: For years, spammers have been harvesting email addresses from Usenet posts
: to add to their mailing lists (one reason why I munge my address).

: A fellow sci.space.* poster has forwarded me a new twist on this: a spam
: email he received with the following "From:" header:

: From: "Jorge Frank"
: Subject: hi

: I don't think my name is all that common. So apparently, spammers are now
: using the usernames from their harvested addresses to forge the "From:"
: header, *and* are targeting the spam to addresses harvested from the same
: newsgroup, to fool the target into opening the spam.

I've received spam (from another newsgroup) that actually had
as the subject line "About your post on sci.XXXXX", which leads you to
believe that someone is emailing you about something you posted. Of course,
you find totally unrelated spam in the text. It is not that hard to even
incorporate thread titles, and spammers seem to be headed in these more
sophisticated directions as the 'common' spam gets filtered out.

regards,
------------------------------------------------

In sci.space.shuttle Joann Evans wrote:

And for the first time in months, I have *not* seen any allged
'Microsoft Network Patches' in my inbox for a full day. someone(s)
somewhere must finally be cleaning up their machines...

Huh. I'm still getting 10-20 per day. I turned the .forward
back on, so I don't see *ANYTHING*.

-Josh

--
SWEN -It's what's new from MicroSoft!

Joann Evans wrote:

And for the first time in months, I have *not* seen any allged
'Microsoft Network Patches' in my inbox for a full day. someone(s)
somewhere must finally be cleaning up their machines...

Your email provider is filtering them. A few days ago I made a new yahoo
email account, and used the unmunged address to post to Usenet. The box
was overfilled with the Swen worm in a matter of hours.

--
Tony Sivori

Tony Sivori wrote:

Joann Evans wrote:

And for the first time in months, I have *not* seen any allged
'Microsoft Network Patches' in my inbox for a full day. someone(s)
somewhere must finally be cleaning up their machines...

Your email provider is filtering them. A few days ago I made a new yahoo
email account, and used the unmunged address to post to Usenet. The box
was overfilled with the Swen worm in a matter of hours.

Juno doesn't do it for their free users, which I am one of. And I've
had some more of them since writing the above. But it's still thankfully
*way* below the peak rate....


--
Tony Sivori


--

You know what to remove, to reply....