Spam

Very few, and if a withheld number or one I don't recognise comes up I let it go to voicemail. Either way, I use a mobile and I don't need the land line ringing more often than it has to (at least two calls a day get blocked).

I just need a doorbell that can detect Jahovah's Witnesses.
 
kevindickinson said:
I don't want everybody I ring to ring me back.
Click to expand...

So, block your number as necessary, then. Stick 141 on the beginning of their number.

By blocking caller ID on calls to friends, you are just annoying them, and making it difficult for them to distinguish you from spam callers, as gomezz pointed out.
 
Mike,

Good point but ...

I don't use my mobile to phone friends as it's a work mobile. I use my landline to call friends or use the BT Smarttalk app (recommended).

I do use my mobile to ring my wife which could explain why I annoy her?

P.S. Is it ok to end the above statement with a ??
 
Can I appeal for those who know more about this stuff than me (ie most of you) to offer advice on this one?:

I have received an email that purports to come from one of my known contacts:
I Hope you get this on time, I made a trip to Kiev (Ukraine) from the UK and had my bag stolen from me with my passport and personal effects therein. The embassy has just issued me a temporary passport but I have to pay for a ticket and settle my hotel bills with the Manager.
I have made contact with my bank but it would take me 3-5 working days to access funds in my account, the bad news is my flight will be leaving very soon but I am having problems settling the hotel bills and the hotel manager won't let me leave until I settle the bills, I need your help/LOAN financially and I promise to make the refund once I get back home, you are my last resort and hope, Please let me know if I can count on you and I need you to keep checking your email because it's the only way I can reach you.
Xxxxxx {signature anonymised}
Click to expand...
I knew immediately this is a hoax, so I have been looking for clues. The "from" field is correct (I have anonymised the details, but all appears OK), but the "reply to" field is one character different (which I discovered by starting a reply and examining the "to" field in the reply):
Code: 
From Xxxxxx Mon Jun  9 11:05:17 2014
X-Apparently-To: xxxxxxxx@talk21.com via 188.125.85.245; Mon, 09 Jun 2014 10:05:19 +0000
Return-Path: <xxxxxxxxx@aol.com>
Received-SPF: softfail (transitioning domain of aol.com does not designate 65.20.0.12 as permitted sender)
cmlwIHRvIEtpZXYgKFVrcmFpbmUpIGZyb20gdGhlIFVLIGFuZCBoYWQgbXkg
YmFnIHN0b2xlbiBmcm9tIG1lIHdpdGggbXkgcGFzc3BvcnQgYW5kIHBlcnNv
bmFsIGVmZmVjdHMgdGhlcmVpbi4gVGhlIGVtYmFzc3kgaGFzIGp1c3QgaXNz
dWVkIG1lIGEgdGVtcG9yYXJ5IHBhc3Nwb3J0IGJ1dCBJIGhhdmUgdG8gcGF5
IGZvciBhIHRpY2tldCBhbmQgc2V0dGxlIG15IGhvdGVsIGJpbAEwAQEBAQN0
ZXh0L3BsYWluAwMwAgN0ZXh0L2h0bWwDAzE-
X-YMailISG: KkkT9vEWLDugvX0dOOEdhE2kfiIQTMPOOw_NJ23Sc6TBJIGR
RSn.JeJDMPJLuG3daDlfgBxfIjLrcy2hJFLfP28SCFRA9g1k6si5aRIrDKJ_
EQSo93jy2oE2JaUTh7HJihqwJGKISLDDHdfGYCjhbbDTD7G6KrtQlvHV4lgD
AcRaefYQiSSPJHSgCgSQu3eODj3RHnJpmuoBPPt5qUlu3a49IoILjxWRIQWf
Yiz6FJgQq7RTsNdoyO2mNA.1Bm1s6KkfCTHBaLvjdfD_uzc5OuVmgKknc5Jt
r4CtCaFGBIlWC55hWIdZwlYcwpnnNSUuAWRNeam2ZxFaEyMF99KTluGKQToJ
j5uznq65F.hSjehRSG3mIoQoeuQrB6mBTdZdPSmGwFFVx8hko5ng0FODdp47
jykNY1VYAEv5eysJecxFgzRmVjLqoXIV95MsvAkEJOQtbAozDuxkVJkWju9i
symDimynEcG7SGZD2dsA3FUAL4_8_s35CL6WuZdcoBpYqeVHOEYS5fRt5lRT
5uZaoy3SrU9cZHUezabDlHM.OPVRkDGHA6HdOL3PDME5UfR9P27fiMsqZ1ky
C9quSZxF5X1tJmu.4tFrbItqyEYju48ogwy.jPFkpRs4_0zBMAQlow_xmiYj
FmSpsat7lF_CEGKlo.o4kC0ZsrTHaa1nfCA0m8_be0ucEzyItLkYSCmS0t0x
cX81nFM5ODGHtDbJbkZwfMe2aZYNnx0QneO8R9XuSlyC2rHjopiWjlsHv1ZH
DQLIt6rc5zbRPdUIecYoSx4wJgtWPfHkdIa3UfBLaIHZzmvgVsd7kwVh2YQE
sFhP7oL0dPRlX778CA_ukPC_5I240WxQD8y9SQG8vF_sBjzwMFCQnhAP8Fgf
6hiq8sCC6WuS7fMCi4Ttp5b7OzFl.VEyiEHrB9q6W3N.sMh8mw1WMynSZ9aa
VEisZsF7v6fFQ6EUK4YGzNs.pEUuThk4xzqxTFm4Hy1TbLMXSVurDIO8gsBo
bJeVqSPavEXeBZxvlH9b02T2uR19kkgPtdH046W3UkZexfPd3wm65mhiZo2C
d9V0PKmNbhB3DibI58PebQgOBIllDOJlHAuNSpKASZI025hT5naNskKY666d
FQLyX5egLPv0RomCzUauQJ8uswvF5XqmKWulp4S2yIsRSuwDq7iQc.yuKJnm
0alg8S7zqoa9S_3whOklVVNdoDRiZ4ZS_Bqc6OcN.9fMQhlRXH26kKIJZiur
4Q__AmwkzRwjK4WtYohPMmpOv_Wsi0YgUvFH1Hd..6MT9tOi_CWa5YkfEWa0
roK7
X-Originating-IP: [65.20.0.12]
Authentication-Results: mta1016.bt.mail.ir2.yahoo.com  from=aol.com; domainkeys=neutral (no sig);  from=mx.aol.com; dkim=pass (ok)
Received: from 127.0.0.1  (EHLO smtpin24.bt.ext.cpcloud.co.uk) (65.20.0.12)
  by mta1016.bt.mail.ir2.yahoo.com with SMTP; Mon, 09 Jun 2014 10:05:19 +0000
X-CTCH-RefID: str=0001.0A090204.539586DF.00D3,ss=1,re=0.000,recu=0.000,reip=0.000,pt=F_23021760,cl=4,cld=1,fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Confirmed
Received: from omr-m10.mx.aol.com (64.12.143.86) by smtpin24.bt.ext.cpcloud.co.uk (8.6.100.99.10223)
        id 53906C63006EE59A for [EMAIL]xxxxxxxx@talk21.com[/EMAIL]; Mon, 9 Jun 2014 11:05:19 +0100
Message-ID: <53906C63006EE59A@smtpin24.bt.ext.cpcloud.co.uk> (added by postmaster@btinternet.com)
Received: from mtaout-mcc01.mx.aol.com (mtaout-mcc01.mx.aol.com [172.26.253.77])
by omr-m10.mx.aol.com (Outbound Mail Relay) with ESMTP id B106F702667A9
for <xxxxxxxx@talk21.com>; Mon,  9 Jun 2014 06:05:18 -0400 (EDT)
Received: from Tunji-HP (unknown [41.138.176.161])
by mtaout-mcc01.mx.aol.com (MUA/Third Party Client Interface) with ESMTPA id 8E3B938000089
for <xxxxxxxx@talk21.com>; Mon,  9 Jun 2014 06:05:15 -0400 (EDT)
From: "Xxxxxx" <xxxxxxxxx@aol.com>
Subject: Unrest In Kiev
To: xxxxxxxx@talk21.com
Content-Type: multipart/alternative; boundary="2nNqi7bPUvR63NqLwy4w4QdcDSCcB3=_5D0"
MIME-Version: 1.0
Reply-To: xxxxxxyxx@aol.com
Date: Mon, 9 Jun 2014 11:05:17 +0100
X-Antivirus: avast! (VPS 140608-1, 06/08/2014), Outbound message
X-Antivirus-Status: Clean
x-aol-global-disposition: G
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;
s=20121107; t=1402308318;
bh=Px23y2nb8BEDXabFpdyMgWDMzZGOO9QPYLClO9EGN2o=;
h=From:To:Subject:Date:MIME-Version:Content-Type;
b=bDoWo6i5ypDagna2p8U/3MYBYU0P9bnqUamdWUn1YgYXB14OuuKZ3yF4JwWKpMzCR
5d/Hv2iSizXDwa2iY/ObizcERe2DotCL0IuZumN0GpegDLIJ1FFxQeffcp19Y+zb4l
DmyjjFgAlNTxC4tkYflDQYbsQFqR2Fpn0W1Pp9Bw=
x-aol-sid: 3039ac1afd4d539586db5f4a
X-AOL-IP: 41.138.176.161
Content-Length: 2103
So: either some nefarious character has obtained a contact from my address book, or they have intercepted some traffic to obtain a valid (and expected) set of credentials, or they have obtained my contact's address book, and then set up an email address capable of receiving replies to the modified address.

Am I correct in thinking that, in order to receive email to an "aol.com" domain, they would need access to the AOL servers? And therefore have set up an email account on aol.com?

If so, it seems to me far more likley that they have obtained the credentials by hacking my contact's account than by hacking mine or intercepting traffic.

What does the line "X-CTCH-Spam: Confirmed" mean? If it is confirmed as spam, it did not end up in my trash. Maybe it means "confirmed as not spam"?
 
They have somehow determined an existing relationship between xxxxxx@aol.com and yourself and, having done that, have sent you an email from xxxxxx@aol.com using AOL's mail relays as a trusted (i.e. authenticated) sender. I can't tell from those headers whether they authenticated as xxxxxx@aol.com or xxxxxy@aol.com though.

The most likely way they obtained your email address is by having broken into your contact's email account in some way, but if they have done that then why go to the effort of setting up a similar AOL account and setting the reply-to? Unless they didn't want any replies going to the real contact's mailbox. I'd have thought that the effort of signing up for a similar account wasn't worth it to them. So, my best guess would be that they don't have access to your contact's account meaning they found the relationship elsewhere.

The "X-CTCH-Spam: Confirmed" header was added by
smtpin24.bt.ext.cpcloud.co.uk - presumably a cloud-based anti-spam system in front of talk21/yahoo. CTCH probably relates to 'Commtouch' which is a popular commercial anti-spam system, among other things.
It's just a header in the message. If your email client isn't configured to look at that it won't use it in any way.

Oh, and the message originated in Lagos!
 
You don't need to set up an account to forge a reply-to header. You can stick any email address there, but the objective is to fool the receiver into thinking the email is genuine, and I agree that the objective is to get the recipient to reply, but to the phisher, not the genuine contact.

I agree with BH, he should warn his contact that his account has been hacked. It is almost certainly the case, in view of this:

http://www.nbcnews.com/tech/securit...irms-significant-number-mail-users-hit-n91701

The biggest surprise is that people still use AOL!
 
Wot? All those Russian girls who constantly spam me are really MEN???
 
The email I received had the lost soul in "Madrid(Spain)". The email was "sent" by the owners of a B&B I had stayed in once.

Went straight into the Deleted Messages folder.
 
Well, at least I am popular with the Spammers. Not content with seeking information through my (non-existent) Apple, PayPal and Ebay accounts, they have made the logical deduction that if I have a BT email address, then I must have a BT account.

I have been invited to confirm my (payment) account details in a well-presented email with the BT logo. Given that my BT payment was due yesterday I did a double-take. Thunderbird declared the email to be junk.

The email fell short because it came from the "BT Billing Departement"; it used "send" in place "sent"; and included "last payment of bill" rather then the more likely "last payment".
 
The number of missed deliveries I am getting is astonishing! Not only do they send me an e-mail to let me know, they also include a link to fill in my details so I can go to a local post office (for all sorts of carriers!) and collect the package.

Sadly, there seems to be something wrong with their links, because they all point at another site entirely. Also, gmail classifies every one of them as spam, so I am lucky I check my spam regularly before setting off to the post office. Unfortunately, my trips are unsuccessful, as I always get greeted with blank faces.

I also get loads of emails from women wanting to make contact and also from pharmacies. My spam folder is never empty!
 
Mike0001 said:
Unfortunately, my trips are unsuccessful, as I always get greeted with blank faces.
Click to expand...


Are you going to the right post office?
Some years ago I had a missed delivery by RM/Parcelfarce and was left a card that seemed to say it had been left at the post office. I went to my local PO - nope. Then I checked all the neighbours, etc, as the card was very unclear. Eventually I determined that it had been left at a PO about 6 miles away - probably the 4th or 5th nearest to us !!!?
 
You must log in or register to reply here.
Back
Top