Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious emails; What's the best method for checking them?


  • Please log in to reply
7 replies to this topic

#1 spc3rd

spc3rd

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:02:46 AM

Posted 12 October 2012 - 07:21 PM

Good evening everyone,

Over the past 7 days I have received 6 suspicious emails via 2 of my 3 ISP-provided email accounts. (ISP is Cox Communications).

The first 5 occurrences involved emails received in my primary account. One particular email showed the Sender as: FBI abuse@cox.net. The subject field just said: fbi. In 3 of the cases, I clicked on the SPAM button to send the email to Cox and automatically deleted the emails. The Sender...abuse@cox.net IS an actual Cox Communications email address, but since it also had the letters FBI with it...that would indicate to me the sender was likely spoofing Cox's email address.

About an hour ago, I received two more identical emails, neither of which displayed a Sender's name or URL, and when hovering the mouse pointer over the Subject field, A large dialog box opened displaying some kind of very long message. (I did not read it). One important difference on this latest incident is that the emails were received inboth my primary account AND a 2nd ISP-provided account.

My question: Is there some way to check the email for malware without actually having to open it? I'm aware that most email malware arrives via some attachment in the email, which if clicked on, releases the malware.

I'd really like to put a stop to the cretin(s) doing this. I CAN remove my 2nd and 3rd ISP-provided email accounts if need be and open new ones, but the primary account cannot be removed. * I have already reported these events to Cox, however, they are typically lacking in having the incentive to do anything about the problem.

Thank you for your time and any suggestions! :busy:

My apologies if I posted in the wrong sub-forum. This one seemed to be the most appropriate for the particular issue described

Edited by spc3rd, 12 October 2012 - 07:24 PM.

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


BC AdBot (Login to Remove)

 


#2 code13

code13

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 AM

Posted 12 October 2012 - 08:04 PM

You can open it from a Mobile site.
for example, if it is a yahoo email account.
go to
m.yahoo.com
then click on Mail.

#3 spc3rd

spc3rd
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:02:46 AM

Posted 12 October 2012 - 08:23 PM

Thanks very much for the info, code13!

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:46 PM

Posted 12 October 2012 - 08:30 PM

I'd really like to put a stop to the cretin(s) doing this. << 99% impossible under most conditions -
My Yahoo has a Header Decypher thing, where I can check on who sent it and from where it was sent - EXAMPLE ....

Yahoo! has a built in method of checking where the email was sent from (Called Expanded Header)
This was claiming to be a legit Yahoo email asking me to confirm my email details due to an overloaded mailbox (nowhere near quarter full)
It even had typical Yahoo logos and colors to match a normal Yahoo company site notification - Both listed emails are now deleted, this is just my record -

Return-Path: <bob.starr@hughes.net> - <<<<< This is the Spammer who is sending the fake email -
Received: from construccionestriguero.com (cloud10.servidor-de-dns.com [46.29.49.10])
(Authenticated sender: bob.starr@hughes.net) <<< Checked that this was the sender
by omf04.b.hostedemail.com (Postfix) with ESMTPA
for <xxx me "xxx@yahoo.com"]xxx@yahoo.com>; Fri, 31 Aug 2012 19:46:12 +0000 (UTC) <<< My email is Edited out -
X-Mailer: Microsoft Outlook Express 6.00.2800.1409

All Spam from this account now is sent directly to my Spam box, and I delete all items without reading
Currently I get about 10 overnight Spams and another 10 during the average day (mostly Nigerian, other African, and the odd European message -

Is there some way to check the email for malware without actually having to open it? << Your ISP should provide a decent Spam folder or use Yahoo etc -

#5 spc3rd

spc3rd
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:02:46 AM

Posted 12 October 2012 - 08:49 PM

I appreciate your feedback, noknojon!

At one time I had a Yahoo email account, but always seemed to get far too much of that Nigerian and other junk stuff you mentioned, and finally just decided to close the account altogether.

Best regards,

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


#6 news4la

news4la

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BURBANK, CA. USA
  • Local time:10:46 PM

Posted 23 October 2012 - 06:34 PM

This maybe to little too late. There is a ransomware/Virus going around called the FBI Virus. Be careful!! The FBI does not send blanket E-Mails to average citizens.
On AIR,On LINE,On THE GO!

#7 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:01:46 AM

Posted 23 October 2012 - 11:01 PM

Its pretty easy, just look at them email headers and look for sender's IP address. Then google it and do a whois on it. If what you find does not match with who the "sender" claims to be, then its fake.
How to find who really sent you email : http://www.trishtech.com/security/find_out_who_really_sent_you_an_email_message.php
How to trace an email : http://whatismyipaddress.com/trace-email

#8 spc3rd

spc3rd
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:02:46 AM

Posted 24 October 2012 - 02:42 AM

Thanks very much for your respective thoughts, news41a & Romeo29! :thumbsup:

For the moment...it seems the suspicious emails have stopped.

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users