Viewing 18 posts - 1 through 18 (of 18 total)
  • Spam-are they this clever?
  • toys19
    Free Member

    I recently registered on the govt gateway website for some HMRC online stuff. I am now receiving spam from the govt gateway email address. Its those emails with ZIP attachments.

    Now at first I thought this was just coincidence, ie I probs had loads of spam from that address in the past, but never noticed as I had not used the govt gateway before. So you would think.

    Well luckily I have a store of almost all the spam I have received since 2006. I searched it last night and found not a single email from the govt gateway until less than 24 hrs after I registered on the govt gateway website.

    WTF. Is somebody capable of reading my emails? Surely if they can do that they do not need to spam me, the already have a level of access that appears to be higher than getting me to click on a dodgy zip file.

    scaredypants
    Full Member

    Are you sure the original site you used wasn’t a dodgy one ?

    fasthaggis
    Full Member

    Well luckily I have a store of almost all the spam I have received since 2006

    😯

    toys19
    Free Member

    defo original site, I have had the post from the HMRC confirming, and I am intelligent enough to know a real govt website from a dodgy one..

    wwaswas
    Full Member

    I’d be doing a malware check – maybe it picked up your visit to the site and then uses a related email address?

    scaredypants
    Full Member

    defo original site, I have had the post from the HMRC confirming, and I am intelligent enough to know a real govt website from a dodgy one

    I thought there were phishy sites that passed you through to the original but sweep your data on the way past – or did I make that up ?

    geoffj
    Full Member

    I’ve been getting them too, but I’m going with coincidence as I’ve been registered with the Govt Gateway for several years. I’m also getting loads more spam with the zip files.

    toys19
    Free Member

    It could well be coincidence as the govt gateway site is newish…
    I guess I was kind of wondering if someone might say -“yes thats virus xyz that we know about…”

    toys19
    Free Member

    I thought there were phishy sites that passed you through to the original but sweep your data on the way past – or did I make that up ?

    There are, but I started at http://www.hmrc.gov.uk/

    scaredypants
    Full Member

    Well, if they’re coming from the actual govt address then they have the problem, not you. I assume you’ve checked and the source is correct ?

    wordnumb
    Free Member

    Doesn’t matter where you started, if your PC-computer has had its addresses altered by the Cylons there’s nowhere left to hide because all of your bases are theirs… worst-case-scenario speaking.

    toys19
    Free Member

    Its easy to make an email look like it comes from any address, but simple inspection of the header from the emails shows its spam.
    Below is the header from mine as it was apart from I have replaced my personal email address with toys19@ etc etc

    Return-path: <fraud@aexp.com>
    Envelope-to: toys@hispersonalemail.com
    Delivery-date: Thu, 07 Nov 2013 08:51:02 +0000
    Received: from static-71-174-81-28.bstnma.fios.verizon.net ([71.174.81.28]:26452)
    by riddermark.dfsv29.com with esmtp (Exim 4.80.1)
    (envelope-from <fraud@aexp.com>)
    id 1VeLIs-0002Oi-HC; Thu, 07 Nov 2013 08:51:02 +0000
    X-Original-To: toys@hispersonalemail.com
    Delivered-To: toys@hispersonalemail.com
    X-No-Auth: unauthenticated sender
    X-No-Relay: not in my network
    received: from mail1.bemta14.messagelabs.com (mail1.bemta14.messagelabs.com [193.109.254.124])by server.justinarcher.net (Postfix) with ESMTP id 4F836C3981 for <toys@hispersonalemail.com>; Thu, 7 Nov 2013 03:51:03 -0500
    received: from [85.158.140.179:65086] by server-29.bemta-14.messagelabs.com id 4D/B9-24080-CAC2D525; Thu, 7 Nov 2013 03:51:03 -0500
    received: (qmail 6300 invoked from network); Thu, 7 Nov 2013 03:51:03 -0500
    received: from gateway-102.energis.gsi.gov.uk (HELO mx.hosting-w.gsi.gov.uk) (62.25.106.208) by server-10.tower-205.messagelabs.com with SMTP; Thu, 7 Nov 2013 03:51:03 -0500
    X-Env-Sender: gateway.confirmation@gateway.gov.uk
    X-Msg-Ref: server-10.tower-205.messagelabs.com!1381837996!3845254!1
    X-Originating-Ip: [62.25.106.208]
    X-Starscan-Received:
    X-Starscan-Version: 6.9.12; banners=-,-,-
    X-Viruschecked: Checked
    Thread-Index: CV5GNP5EG7V73S0F1JMURFOUM3T52JHK==
    Thread-Topic: Could not process Online Submission for Reference 475/RA0270519
    From: <gateway.confirmation@gateway.gov.uk>
    To: <toys@hispersonalemail.com>
    Cc:
    Subject: Could not process Online Submission for Reference 475/RA0270519
    Date: Thu, 7 Nov 2013 03:51:03 -0500
    Message-Id: <ARYB4H98AUWUC0X1P95MGSR8CJR2V6P2@gateway.gov.local>
    Mime-Version: 1.0
    Content-Type: multipart/mixed; boundary=”—-=_Part_30771_3661956754.4441919561761″
    Content-Transfer-Encoding: 7bit
    X-Mailer: Microsoft CDO for Windows 2000
    Content-Class: urn:content-classes:message
    Importance: High
    Priority: High

    toys19
    Free Member

    So in the above near the bottom where it says;

    From: <gateway.confirmation@gateway.gov.uk>

    Is the bit that is easy to do, the rest of the servers and stuff above reveal the actual path and its obviously soemthing to do with either:

    server.justinarcher.net
    or
    bstnma.fios.verizon.net
    or
    fraud@aexp.com

    scaredypants
    Full Member

    Ah, see it was things like

    I am now receiving spam from the govt gateway email address

    that made me assume you knew as little as I do about this shit

    toys19
    Free Member

    The limit of my spam knowledge stops just up there, but I do tend to check the headers on most stuff as a precaution..

    BoomBip
    Full Member

    toys19 – not sure if your scenario is covered on this page http://www.hmrc.gov.uk/security/examples.htm but worth forwarding the email to phishing@hmrc.gsi.gov.uk so they’re aware of it and/or can maybe shed some light.

    I think forwarding as an attachment is best but may be wrong – whichever method that preserves the original headers is the right one (if that makes sense)

    almightydutch
    Free Member

    Our accountant had the same kind of Spam, she almost started working through it!!! Wizard with numbers but lacks anything remotely close to common sense

Viewing 18 posts - 1 through 18 (of 18 total)

The topic ‘Spam-are they this clever?’ is closed to new replies.