MegaSack DRAW - This year's winner is user - rgwb
We will be in touch
I recently registered on the govt gateway website for some HMRC online stuff. I am now receiving spam from the govt gateway email address. Its those emails with ZIP attachments.
Now at first I thought this was just coincidence, ie I probs had loads of spam from that address in the past, but never noticed as I had not used the govt gateway before. So you would think.
Well luckily I have a store of almost all the spam I have received since 2006. I searched it last night and found not a single email from the govt gateway until less than 24 hrs after I registered on the govt gateway website.
WTF. Is somebody capable of reading my emails? Surely if they can do that they do not need to spam me, the already have a level of access that appears to be higher than getting me to click on a dodgy zip file.
Are you sure the original site you used wasn't a dodgy one ?
😯Well luckily I have a store of almost all the spam I have received since 2006
defo original site, I have had the post from the HMRC confirming, and I am intelligent enough to know a real govt website from a dodgy one..
I'd be doing a malware check - maybe it picked up your visit to the site and then uses a related email address?
I thought there were phishy sites that passed you through to the original but sweep your data on the way past - or did I make that up ?defo original site, I have had the post from the HMRC confirming, and I am intelligent enough to know a real govt website from a dodgy one
I've been getting them too, but I'm going with coincidence as I've been registered with the Govt Gateway for several years. I'm also getting loads more spam with the zip files.
It could well be coincidence as the govt gateway site is newish...
I guess I was kind of wondering if someone might say -"yes thats virus xyz that we know about..."
I thought there were phishy sites that passed you through to the original but sweep your data on the way past - or did I make that up ?
There are, but I started at http://www.hmrc.gov.uk/
Well, if they're coming from the actual govt address then they have the problem, not you. I assume you've checked and the source is correct ?
Doesn't matter where you started, if your PC-computer has had its addresses altered by the Cylons there's nowhere left to hide because all of your bases are theirs... worst-case-scenario speaking.
Its easy to make an email look like it comes from any address, but simple inspection of the header from the emails shows its spam.
Below is the header from mine as it was apart from I have replaced my personal email address with toys19@ etc etc
Return-path: <fraud@aexp.com>
Envelope-to: toys@hispersonalemail.com
Delivery-date: Thu, 07 Nov 2013 08:51:02 +0000
Received: from static-71-174-81-28.bstnma.fios.verizon.net ([71.174.81.28]:26452)
by riddermark.dfsv29.com with esmtp (Exim 4.80.1)
(envelope-from <fraud@aexp.com>)
id 1VeLIs-0002Oi-HC; Thu, 07 Nov 2013 08:51:02 +0000
X-Original-To: toys@hispersonalemail.com
Delivered-To: toys@hispersonalemail.com
X-No-Auth: unauthenticated sender
X-No-Relay: not in my network
received: from mail1.bemta14.messagelabs.com (mail1.bemta14.messagelabs.com [193.109.254.124])by server.justinarcher.net (Postfix) with ESMTP id 4F836C3981 for <toys@hispersonalemail.com>; Thu, 7 Nov 2013 03:51:03 -0500
received: from [85.158.140.179:65086] by server-29.bemta-14.messagelabs.com id 4D/B9-24080-CAC2D525; Thu, 7 Nov 2013 03:51:03 -0500
received: (qmail 6300 invoked from network); Thu, 7 Nov 2013 03:51:03 -0500
received: from gateway-102.energis.gsi.gov.uk (HELO mx.hosting-w.gsi.gov.uk) (62.25.106.208) by server-10.tower-205.messagelabs.com with SMTP; Thu, 7 Nov 2013 03:51:03 -0500
X-Env-Sender: gateway.confirmation@gateway.gov.uk
X-Msg-Ref: server-10.tower-205.messagelabs.com!1381837996!3845254!1
X-Originating-Ip: [62.25.106.208]
X-Starscan-Received:
X-Starscan-Version: 6.9.12; banners=-,-,-
X-Viruschecked: Checked
Thread-Index: CV5GNP5EG7V73S0F1JMURFOUM3T52JHK==
Thread-Topic: Could not process Online Submission for Reference 475/RA0270519
From: <gateway.confirmation@gateway.gov.uk>
To: <toys@hispersonalemail.com>
Cc:
Subject: Could not process Online Submission for Reference 475/RA0270519
Date: Thu, 7 Nov 2013 03:51:03 -0500
Message-Id: <ARYB4H98AUWUC0X1P95MGSR8CJR2V6P2@gateway.gov.local>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_30771_3661956754.4441919561761"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: High
Priority: High
So in the above near the bottom where it says;
From: <gateway.confirmation@gateway.gov.uk>
Is the bit that is easy to do, the rest of the servers and stuff above reveal the actual path and its obviously soemthing to do with either:
server.justinarcher.net
or
bstnma.fios.verizon.net
or
fraud@aexp.com
Ah, see it was things like
that made me assume you knew as little as I do about this shitI am now receiving spam from the govt gateway email address
The limit of my spam knowledge stops just up there, but I do tend to check the headers on most stuff as a precaution..
toys19 - not sure if your scenario is covered on this page http://www.hmrc.gov.uk/security/examples.htm but worth forwarding the email to phishing@hmrc.gsi.gov.uk so they're aware of it and/or can maybe shed some light.
I think forwarding as an attachment is best but may be wrong - whichever method that preserves the original headers is the right one (if that makes sense)
Our accountant had the same kind of Spam, she almost started working through it!!! Wizard with numbers but lacks anything remotely close to common sense
It appears to be a known issue http://blog.mxlab.eu/2013/10/23/another-new-trojan-variant-comes-in-multiple-formats-from-the-smtp-sender-fraudaexp-com/