Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Thousands of Compromised WordPress Sites Redirect to Tech Support Scams

Featured Deal: Get 96% off a Xamarin Cross Platform Development Bundle Deal

Photo

Possible phishing threat? What to do?

Started by Roorooroo , Oct 14 2016 09:03 AM

  • Please log in to reply
6 replies to this topic

#1 Roorooroo

Roorooroo

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:11:23 AM

Posted 14 October 2016 - 09:03 AM

I recently received an email from myself which was unverified and that I cannot remember sending. The contents were as follows :

 

An attempt to transmit confidential data via email was detected.

Please ensure that no company policy has been violated

 

I Googled this and didn't learn much...I don't believe in crying wolf, so it may just have been a misplaced email on my part, but on the other hand, I think it best to be prepared in matters of Internet security.

 

Why do you think I received this mail? Is it a possible phishing threat?

 

I am going to change the passwords on all my Gmail accounts just to be on the safe side, but I'd like to know more about this mail so I can be better prepared in the future. 


BC AdBot (Login to Remove)

 

#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:23 AM

Posted 14 October 2016 - 05:57 PM

Do you still have that mail? Then click on "Show original" and take a look at the headers. The "Received:" entries will show you if the mail came from gmail or not.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

#3 Roorooroo

Roorooroo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:11:23 AM

Posted 16 October 2016 - 01:24 AM

It seems to have come from gmail, but I can't understand the entire text of the mail. Maybe you can make heads or tails of it?

 

Delivered-To: myemailaddress@hello.com
Received: by 10.194.112.226 with SMTP id it2csp155765wjb;
        Thu, 13 Oct 2016 23:25:11 -0700 (PDT)
X-Received: by 10.98.63.78 with SMTP id m75mr15836262pfa.19.1476426311193;
        Thu, 13 Oct 2016 23:25:11 -0700 (PDT)
Return-Path: <myemailaddress@hello.com>
Received: from smtp.m1.com.sg (smtp.m1.com.sg. [203.117.108.53])
        by mx.google.com with ESMTPS id b20si17286472pfk.263.2016.10.13.23.25.10
        for <myemailaddress@hello.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 13 Oct 2016 23:25:11 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning myemailaddress@hello.com does not designate 203.117.108.53 as permitted sender) client-ip=203.117.108.53;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning myemailaddress@hello.com does not designate 203.117.108.53 as permitted sender) smtp.mailfrom=myemailaddress@hello.com;
       dmarc=fail (p=NONE dis=NONE) header.from=gmail.com
Message-Id: <58007a47.943c620a.b704a.7fccSMTPIN_ADDED_MISSING@mx.google.com>
Date: Fri, 14 Oct 2016 14:25:07 +0800
To: <myemailaddress@hello.com>
From: <myemailaddress@hello.com>
MIME-Version: 1.0
Content-Type: Multipart/Mixed;
  boundary="------------Boundary-00=_VTX052N3LHG2QL800000"
X-NAI-Header: Modified by McAfee Email Gateway (5000)
X-NAI-ID: 5e6a_4e61_f9244498_392a_4d25_9106_e1a8dc3a77f6PNT:06338C42-3349-46C2-9AF0-DCDB2BBED17E
Subject: NOTICE: mail delivery status
 
--------------Boundary-00=_VTX052N3LHG2QL800000
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: 7bit
 
An attempt to transmit confidential data via email was detected.
 
Please ensure that no company policy has been violated
--------------Boundary-00=_VTX052N3LHG2QL800000--

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:23 AM

Posted 16 October 2016 - 06:26 AM

It doesn't come fromGmail, it comes from an IP address in Singapore: Received: from smtp.m1.com.sg (smtp.m1.com.sg. [203.117.108.53])

 

M1 is a major telco in Singapore.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

#5 Roorooroo

Roorooroo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:11:23 AM

Posted 17 October 2016 - 02:32 AM

Thanks for your information. I think I know what happened on my end now. 


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:05:23 AM

Posted 17 October 2016 - 02:55 AM

You're welcome. Glad I could help you figure it out.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

#7 Roorooroo

Roorooroo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:11:23 AM

Posted 18 October 2016 - 04:02 AM

Called M1 and they said it's not a security threat. Some of my friends concur. Does anyone here get mails like this often? 


Back to General Security


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. General Security
  4. Privacy Policy
  5. Rules ·