Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

419 scams constantly show up in the junk folder for my college email in outlook 2010


  • Please log in to reply
6 replies to this topic

#1 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:07:30 AM

Posted 05 November 2011 - 02:24 PM

I'm rather interested in what I have done to myself or what is going on here if I have done nothing. I check my college email daily since I use it as my personal email as well since you are not taken away from the Gordon College domain when you graduate. I have found an increasing number of 419 scams, a few of them even reached my inbox. Now they all show up in my junk folder which is nice, but I wish I could eliminate the source so that I would not receive them at all. I do sign up with that address a lot, but I swear I only sign up for legit online communities. I don't just go around willy-nilly. Most of the domains from which these scams are coming from are either yahoo.de, yahoo.com.ph, and one time there was one other one that had a .de extension. I don't remember it though. And the other noteworthy thing with this is that the to field is empty in outlook 2010 when I look to see how many others besides me are getting these emails. What is happening, and how on earth are these people getting through?

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:30 AM

Posted 05 November 2011 - 03:12 PM

The problem may not be that your e-mail was harvested from or sold by one of the communities you've used it to sign up for. Sending an e-mail is, for all intents and purposes, free and so an enormous number of e-mails can be sent for mere pennies. This allows spammers to simply fire off e-mails to any number of addresses at once, without regard to whether the addresses all exist. Once they pick a domain (and .edu domains are good targets since in many cases every student (and, like you, alumni) usually has there own account, often with predictable names (for example John Smith might be jsmith@someschool.edu.) Many e-mail transfer agents will "bounce" an invalidly addressed e-mail back to the sender, which the spammers can use to clear out invalid addresses from their list.

On the other hand, it's by no means impossible that one of the communities you've signed up for has leaked your e-mail address, either intentionally or not. Many online communities share their members' info, or part of it, with third parties such as advertisers or corporate affiliates. These advertisers and affiliates may leak the info to their affiliates, and so forth. Any one of these entities might have sold or have stolen their database of user information.

To put it simply: it's generally not practical to track down from where a particular spammer acquired your address.

One solution available in some e-mail services (notably GMail) is the ability to tack on arbitrary information to your e-mail address and still have it arrive in your inbox. This extra info takes the form of youractualaccountname+somedata@gmail.com. The plus sign (+) and everything after it to the @ sign are ignored for the purposes of addressing a particular account but can be used to identify the source of the e-mail. For example, if you had the address jsmith@gmail.com and you wanted to sign up at example.com, you could supply this as your e-mail address: jsmith+example.com@gmail.com. All e-mails sent to that address would arrive in your inbox (or spam folder) just like any other message, but you would be able to see that the specific address you gave to example.com was used. Thus, if a spam arrives addressed to jsmith+example.com@gmail.com from anyone else but example.com, you would know from where the spammer got your address.

And lastly, if the To: field of an e-mail is blank it generally means that only the BCC: field was specified, which allows the sender to send the e-mail to many addresses without revealing those addresses to every recipient.

Edited by Andrew, 05 November 2011 - 03:35 PM.


#3 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:07:30 AM

Posted 05 November 2011 - 03:27 PM

Thanks so much. all of that makes sense, but I'm going to have to let my mentors here (I'm not an alumni yet thank the Lord), know that none of us are probably at fault. I'm not the only one getting these things. They'd been getting fake calls, and I've been getting fake emails, which is what I sort of joked about in an email to one of my tech mentors the other day.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:30 AM

Posted 05 November 2011 - 03:46 PM

Fake calls are an extension of the logic behind spam e-mails. If you dial a random phone number in any developed nation and a human being answers, there is a high probability that the person who answered is near, or actively using, a computer. It is certainly more expensive than e-mail spam, but the probability of success is also higher than in e-mail due to the commonly held assumption that using a telephone conveys more legitimacy than random e-mails.

In e-mail, on the phone, and in real life the same rule applies: if it sounds too good to be true, it probably is.

#5 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:07:30 AM

Posted 05 November 2011 - 03:50 PM

Makes sense. Now tell me. How common are "Accessibility"scams? In other words, someone gets a call from an unknown entity and the person calling tells them that their web site is not 508 compliant.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#6 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:30 AM

Posted 05 November 2011 - 04:42 PM

I've heard stories of such calls but not often. They appear to be referring to Section 508 of the Rehabilitation Act of 1973, as amended by (the United States) Congress in 1998.

Section 508, in general terms (IANAL, TINLA) requires that US Federal Agencies and other agencies (public and private) who receive Federal funding, "[w]hen developing... electronic and information technology... shall ensure, unless an undue burden would be imposed... that the... technology allows... individuals with disabilities... seeking information or services... to have access to and use of information and data that is comparable to [that which is accessible] by such members of the public who are not individuals with disabilities.

A practical example would be providing an audio alternative to a CAPTCHA picture for the blind.

If your organization is not in the USA and/or does not receive money from the US Federal Government, you can tell these callers to go find a cliff to jump from. If you are in the US and receive Federal money then my advice would be to refer the callers to your legal department. If it is a scammer, they'll probably just move on to the next mark rather than try to con a lawyer; if it's a legitimate 508 complainant, then it's in the best interest of your organization that all communications go through your lawyers.

Edited by Andrew, 05 November 2011 - 04:45 PM.


#7 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:07:30 AM

Posted 05 November 2011 - 04:46 PM

I help Gordon college with those kind of things, ensuring that all things are made accessible, and so when those calls come in and people are curious what they should do, that's when I ask smarter people than I. I'll let my mentor know. Maybe he has nothing to worry about.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users