Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Received e-mail from friend which was not from him.


  • Please log in to reply
5 replies to this topic

#1 ittiandro

ittiandro

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 02 July 2018 - 10:02 AM

Hi

I found yesterday an e-mail in my Outlook inbox , allegedly from my cousin's address in Italy , which was not him.

The e-mail was asking me to open a link and was in English,while my cousin is in Italy, he speaks Italian  and we communicate in Italian. The last time I wrote him was last Christmas. I checked with him and it was not him.

Can anybody tell me:

1. How could this happen

2. Risk level and implications

3. What can I do if it is a hacker who has access to my computer.

 

I am on Windows 7 and  I have antivirus protection ( Zemana, Malwarebytes, Hitman Pro..

 

Thanks

 

Ittiandro

 



BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:25 AM

Posted 02 July 2018 - 10:49 AM

Answers:

 

1. E-mail addresses can be obtained by myriad methods, some perfectly above board, others not, once an e-mail address is used over time.  One's e-mail account need not be involved in any way.   People who wish to generate what are classed as phishing and spoofing e-mail messages do this with great regularity.  I know of almost no one whose address has been in use for more than a very brief time that hasn't been phished or spoofed or had a message of this type that is made to appear as though it came from them, usually reported to them by a friend or relative in a state of panic.  These messages are nothing to be concerned about provided #2, below, is the case.

 

2. Zero, provided you did not click on any links, call any phone numbers, or otherwise take any actions requested in the message.

 

3. It isn't, so don't worry.   This may be your first phishing or spoofing message, but I assure you, it won't be your last.

 

 

You have already proven yourself to be taking the necessary "sniff test" precautions when it comes to evaluating e-mail messages.  When you get something like this just delete it and move along with life.


Edited by britechguy, 02 July 2018 - 11:00 AM.

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#3 ittiandro

ittiandro
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 02 July 2018 - 12:04 PM

Answers:

 

1. E-mail addresses can be obtained by myriad methods, some perfectly above board, others not, once an e-mail address is used over time.  One's e-mail account need not be involved in any way.   People who wish to generate what are classed as phishing and spoofing e-mail messages do this with great regularity.  I know of almost no one whose address has been in use for more than a very brief time that hasn't been phished or spoofed or had a message of this type that is made to appear as though it came from them, usually reported to them by a friend or relative in a state of panic.  These messages are nothing to be concerned about provided #2, below, is the case.

 

2. Zero, provided you did not click on any links, call any phone numbers, or otherwise take any actions requested in the message.

 

3. It isn't, so don't worry.   This may be your first phishing or spoofing message, but I assure you, it won't be your last.

 

 

You have already proven yourself to be taking the necessary "sniff test" precautions when it comes to evaluating e-mail messages.  When you get something like this just delete it and move along with life.

 

Thanks for your reply.  I am less surprised that this person  had my e-mail address than  by the fact that he knew my cousin's name and address. I only write him occasionally, once a year for Xmas.  To use his e-mail address , he must have been able to access my computer and the Outlook folder containing  the e-mails I sent  and received over time. I am still puzzled.

 

Thanks

 

Ittiandro



#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:25 AM

Posted 02 July 2018 - 12:43 PM

No, he doesn't.   All he needs is to either have used a sniffer and snagged one of the messages you sent to your cousin, the header of which contains both your own e-mail address and your cousin's, or any e-mail you sent with your cousin sent to you in a group of recipients (whether To:, CC:, or BCC:) or vice versa.

 

In addition, criminals sell and resell lists of e-mail addresses thus culled and thus associated.   If I send out a single e-mail message to 15 of my contacts that happens to be intercepted by a sniffer, the person who "sniffed" knows for certain that my e-mail address is real and active as of the moment the message was sent and that it is highly likely that those of all the recipients are, too.   He or she can then choose any one of the recipient addresses to use to try to spoof or phish me and everyone else that was in the list of recipients.  When lists containing untold millions of these lists of associated addresses that have been aggregated over time and sold and resold on the black market (and, though not used for phishing or spoofing, on the not-black markets, too) it's just too simple to get a ready supply without much of any effort at all.

 

If you have an e-mail message in your inbox that was sent to you as part of a group of recipients, or a message in your sent box that was sent to a group of recipients, I suggest you do whatever it is that your e-mail client requires you to do in order to "Show header" for that message.   You will see everything I've outlined above.

 

People need to have a much better understanding of exactly how e-mail works and that e-mail headers (and e-mail bodies, too), are not confidential in any meaningful sense unless you were to be using end-to-end encrypted e-mail service, and most of us are not.

 

One's e-mail account itself is very seldom hacked to obtain the information needed to go on a phishing expedition or to spoof because it's just so much easier to get via other means.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#5 ittiandro

ittiandro
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 02 July 2018 - 04:44 PM

Interesting discussio

 

No, he doesn't.   All he needs is to either have used a sniffer and snagged one of the messages you sent to your cousin, the header of which contains both your own e-mail address and your cousin's, or any e-mail you sent with your cousin sent to you in a group of recipients (whether To:, CC:, or BCC:) or vice versa.

 

In addition, criminals sell and resell lists of e-mail addresses thus culled and thus associated.   If I send out a single e-mail message to 15 of my contacts that happens to be intercepted by a sniffer, the person who "sniffed" knows for certain that my e-mail address is real and active as of the moment the message was sent and that it is highly likely that those of all the recipients are, too.   He or she can then choose any one of the recipient addresses to use to try to spoof or phish me and everyone else that was in the list of recipients.  When lists containing untold millions of these lists of associated addresses that have been aggregated over time and sold and resold on the black market (and, though not used for phishing or spoofing, on the not-black markets, too) it's just too simple to get a ready supply without much of any effort at all.

 

If you have an e-mail message in your inbox that was sent to you as part of a group of recipients, or a message in your sent box that was sent to a group of recipients, I suggest you do whatever it is that your e-mail client requires you to do in order to "Show header" for that message.   You will see everything I've outlined above.

 

People need to have a much better understanding of exactly how e-mail works and that e-mail headers (and e-mail bodies, too), are not confidential in any meaningful sense unless you were to be using end-to-end encrypted e-mail service, and most of us are not.

 

One's e-mail account itself is very seldom hacked to obtain the information needed to go on a phishing expedition or to spoof because it's just so much easier to get via other means.

Interesting. Please bear with me for a little longer, though: of course, whoever sent me that e-mail need not have entered my computer system like a hacker does. Somebody might have simply sold him  a list containing my e-mail address.  I do get lots of unsolicited e-mails because of these lists and also because of the cookies. I know it but I don't worry.   But how could he "sniff " the addressee's e-mail address, too, in this case my cousin's address, unless  he was able either to to access the folder containing  the e-mails I have been receiving and  sending over time (PST files) or he is able to intercept  all my outgoing and incoming  e-mails " on the fly" through some kind of device ( trojan?) much as a fisherman catches fish by setting up a net across a waterway? If so, isn't "sniffing" a form of hacking? Somebody might have well sold him a list with X's e-mail address( mine) , but how could he also find Y's address, my addressee  ( my cousin) and link it to me , so that he could send me a fake e-mail pretending to be my cousin? 

 

Thanks for the clarfications

 

Ittiandro



#6 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:25 AM

Posted 02 July 2018 - 05:58 PM

The term "sniffing" refers to monitoring network traffic and doing "quick and dirty" analysis to pick out e-mail messages from the flow of information.

 

I do not consider it hacking as the term is typically used, as it is not targeted at a specific user or computer system.   It is certainly not legal, and the closest analogy I can come up with is it's like wiretapping, but even that activity tends to have very specific targets and is seeking out very specific information.  Sniffing is just hoping for an adventitious encounter with e-mail messages, any e-mail messages, in the data stream so that addresses can be culled from them.  If the sniffer is unlucky they'll encounter an isolated e-mail address with a connection to no other and if they're lucky they'll encounter an e-mail message with a ton of recipients where they can use any one of the recipients' addresses, as well as the sender's address, to spoof all others.  Your analogy of the fishing net across the flow of a river is a good one.  The net being the sniffer software, which would "catch" a lot of material besides fish, but that looks at what's being caught and if it isn't a fish it's just ignored.  Computers are very good at very rapid filtering of very large volumes of information when something as standard in format as an e-mail address is involved.

 

I have told you, already, exactly how anyone who is sniffing can get the e-mail addresses for the sender and all recipients:  they are in the message header that's part and parcel of sending regular (as opposed to end-to-end encrypted) e-mail.   Find any message you've received as one of many recipients or sent out to multiple recipients and look at the message header.  Here's an example (partial, I had a lot more recipients on the original message and I wasn't going to try to redact all 46 of 'em):

 

redacted_email_header.jpg 

 

On every e-mail message you send your e-mail address is in the "From:" field in the header and the recipients names (if you use contact names) and e-mail addresses are in the To: and CC: fields, BCC being handled differently or else it wouldn't be "blind carbon copy."   You can see this on any message in your mail folders.

 

All someone has to do is to insert a sniffer somewhere in the great river of cyberspace and they'll be encountering more e-mail addresses than they could never know what to do with (at a human pace, anyway, as opposed to using automation) in a very, very short period of time.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users