email with my username account no. in header.

Discussion in 'privacy problems' started by Ocky, Mar 21, 2014.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Received an email, obviously a phishing attempt (Nat West Bank, inheritance etc.) but instead of my email address my ISP username account appeared as message header/subject. See below for message source. The XXXX in bold was my a/c no. where the email address should have appeared. Flagfox shows the IP (in red) being in Turkey.
    It's pop3

    Does this mean I need to change my email as well as my internet access account passwords ?

    Am behind a Netgear ADSL DG834 router ( p/word is not default).
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Okay, so let me see if I understand this. Customers of telkomsa.net get a default ISP management account login that is in the format: online#######@telkomsa.net, where ####### is simply their account number. And, that address allows inbound email to be delivered to the customer.

    If what I wrote above is true, then there is no sign in this that your account was compromised at all.

    The likely answer to how this was done is that the spam sender simply sent email to a large numeric range of account numbers, using that style email address. I noticed that the salutation (contained in the subject line) does not appear to have your name. It just says "Dear onlineXXXXX@telkomsa.net" If your real name is not in the message, and all it knows is the online##### thing, then clearly they are bulking sending using incrementing account numbers:

    Code:
    online100000@telkomsa.net
    online100001@telkomsa.net
    online100002@telkomsa.net
    online100003@telkomsa.net
    online100004@telkomsa.net
    online100005@telkomsa.net
    online100006@telkomsa.net
    online100007@telkomsa.net...
     
  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Yes, thank you LowWaterMark, I inserted the XXXXX where the account number was. There was no name@telkomsa.net.
    You have set my mind at ease.

    Cheers
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
  5. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    Ditto, if you want you can search "Fake Mail" you will get such mailers to spoof headers. Something like this: -http://emkei.cz/-
     
    Last edited by a moderator: Mar 23, 2014
Loading...
Thread Status:
Not open for further replies.