Hi,
we too saw an increase of this types of scams. What I observed is that
the BTC wallets are reused many times, so I ended up creating a DNSBL
based on BTC wallets that I feed from various trap feeds. Just for the
sake of information, the most reused wallet has been seen more than 1600
times in 21 days
Daniele
On 15/11/18 19:07, Tobi wrote:
Hi Mike
we see this kind of scam for months. Some are better made and some are
bad. We got the Cisco CVE scam as well. But what is new is that the crap
now comes from a big one like outlook.com.
Think they speculate on "outlook is too big to block" and using legit
outlook.com servers gives the scam some more credibility :-)
Just wonder if others see an increase in this kind of scam from big
providers as well
Have a good one
tobi
Am 15.11.18 um 18:32 schrieb Mike Hillyer:
The passwords on these generally will be legit. It's a somewhat clever use of
compromised account lists from one security breach or another. It certainly
adds a sense of credibility to such spam to see your password in the subject
line. I recently encountered one that tried a lot harder than previous
examples, but in doing so made it an even more obvious scam, because it tried
to tell me I was compromised via my Cisco router, when I don't have a Cisco
router.
Mike
Mike Hillyer
Email Infrastructure Specialist
email: [email protected]
phone: 443-472-7226
twitter: @mikehillyer
-----Original Message-----
From: mailop <[email protected]> On Behalf Of Tobi
Sent: Thursday, November 15, 2018 12:12 PM
To: mailop <[email protected]>
Subject: [mailop] Lot of bitcoin spam now from outlook.com servers?!
Hi
For the last couple of days we see a remarkable increase in bitcoin
(gotcha-watching-porn-scam) coming from legit outlook.com servers. The subject
mentions a username and a password. From what I see the PW could be legit, at
least they're not '1234' or 'password'
Anyone else seeing such an increase in this crap coming from outlook.com
servers?
Cheers
tobi
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
