Re: [mailop] Russian crypto phish campaign via sendgrid to stolen Robinhood account
On Sun, Apr 24, 2022 at 11:02:42PM -0400, John R Levine via mailop wrote: > I've gotten several copies of this phish sent to an address stolen > from a closed Robinhood brokerage account. It's sent from Sendgrid, > with a link to a web host at AWS that does a couple of web redirects > to a web server at 176.113.115.238 in St Petersburg. The web site > purports to be Metamask, which is a crypto wallet. I suppose people > wth Robinhood accounts would be good targets. > > Anyone else seeing this? Yes, the Koli-Lõks spamtraps have the same. Not in great quantities, but some trickled in both yesterday and today. > > Copy of the spam here: http://spample.iecc.com/rvj/23695345 > > R's, > John -- Atro Tossavainen, Founder, Partner Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel. +372-5883-4269, http://www.koliloks.eu/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Russian crypto phish campaign via sendgrid to stolen Robinhood account
On Apr 24, 2022, at 23:09, John R Levine via mailop wrote: Anyone else seeing this? I’ve received a similar spam email supposedly from Metamask almost a month ago, from an O365 tenant to my O365 tenant: https://pastebin.com/Tb3S8BuD There are slight differences in the email I received: * the headers imply Mailgun instead of SendGrid * the sending IP was O365, unrelated to Mailgun itself -- Alex ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] $GOOG
The systems may not *strictly* require a Gmail account, only a Google account, Your adding "strictly" does not change the fact that a Gmail account is not required. but that doesn't mean it is not perceived as such. Sure, the Google account sign-up page offers to create a Gmail address for you, but it has immediately underneath that in bold font "Use my current email address instead". However we are digressing somewhat from the thread... However, even if it isn't actually a hard requirement, if it is perceived as a requisite to use the software, there is still such effect. The comment I responded to was: People are forced to get a Gmail account... They are not, as you have also acknowledged. They are offered it, as one would expect, but clearly given an alternate option. -- Simon Wilson M: 0400 12 11 16 ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] $GOOG
On 2022-04-18 at 19:32 +1000, Simon Wilson wrote: > *Completely* and objectively not true. > > I've run Android phones for many years with a Google account based on > my own personal non-Gmail email. I have never activated or used Gmail, > and at no stage has an Android phone ever tried to force me to use > Gmail. > > When using Android without Gmail, at no stage in the "defaults" or > "preinstalled apps" is this anything other than "enter your Google > account email address and login"-difficult to achieve. > > > > or for a number of other reasons related to other services. > > Without knowing what "other services" you refer to, it's hard to be > specific, but I use a lot of Google services without having a Gmail > account without any difficulties. Which services (specifically) do you > have in mind that are forced to use Gmail? The systems may not *strictly* require a Gmail account, only a Google account, but that doesn't mean it is not perceived as such. I still remember how, many moons ago (i.e. 20 years back), I was introduced to MSN Messenger¹ and when asking what it required, told that in order to use it I needed a hotmail account. Was it accurate? No. What it actually required was a Microsoft Passport account (later renamed Windows Live ID), which could be added onto an email address by a different provider (something I only learned time later). However, even if it isn't actually a hard requirement, if it is perceived as a requisite to use the software, there is still such effect. Best regards ¹ https://en.wikipedia.org/wiki/MSN_Messenger ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] $GOOG. Domain age?
On 2022-04-16 at 14:26 +0200, Jaroslaw Rafa via mailop wrote: > Dnia 15.04.2022 o godz. 20:18:54 John Levine via mailop pisze: > > > You quoted that. Eu.org is a *domain registrar*. Only. They don't > > > offer any > > > email service and never did. So how can they "police users for > > > email"? > > > > They can turn off people when they get credible spam reports. > > Maybe they do. Honestly, I don't know as I'm not a spammer. What I know is > that they explicitly state in their policy that you cannot use the domain to > spam. This doesn't have to translate to any actual action against spammers, > but it can. > > Is there anybody here who knows for sure? > > Also, as I have mentioned in another mail, it takes some effort and quite a > lot of time to get an .eu.org domain up and running. Free doesn't mean it's > a few clicks and you're set. Having to wait 10 days or so until your domain > is manually accepted doesn't make it an attractive option for spammers. It's > an "old school" service and their registration process is clearly oriented > towards people interested in using the domain for long time. It's a long shot, but I wonder if this may be related to their whois not showing the creation date. The age of a domain has long been an important feature when measuring the worthiness of domain. Typically a domain registered last month would be seen more suspiciously than one registered 15 years ago. So I am certain this feature is taken into account by Google. However, a whois of you domain does not show a creation date (there are old changed: lines, but a system should not need to look at them as a fallback). I don't know how Google actually measures domain age (whois queries don't seem a likely way, but e.g. eu.org is unlikely to be in the CZDS, either), but if it doesn't provide a registration date (which for a niche pseudo-TLD like this doesn't seem much likely to be noticed), old domains like yours would be grouped the same as completely new ones. Regards ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] $GOOG
On 2022-04-24 at 00:44 +0200, Jaroslaw Rafa via mailop wrote: > Dnia 23.04.2022 o godz. 14:48:05 Dan Mahoney via mailop pisze: > > I would LOVE there to be legal structure to say “Gee, Equifax, you failed > > to demonstrate the basic opsec of paying some junior admin to type `yum > > upgrade apache-struts`, so you don’t get to keep my PII anymore.” I would > > love if there was an option to simply put a flag on my SSN that says > > “gather/sell no data” to any of the dozens of agencies that harvest this > > (radaris et al) and package it up neatly. > > Isn't European GDPR something that is supposed to achieve exactly > this? > > Yes, it doesn't work perfectly, and there are multiple companies that try to > go around it in multiple ways, but it's a step in good direction IMHO. > > At least at the moment when GDPR came into effect I observed a BIG drop in > amount of spam coming to my server. And still, after several years, it > didn't return to pre-GDPR quantities yet... > > Of course YMMV, especially outside Europe... Yes, I don't think GDPR would allow Equifax to process this data.* But AFAIK they mostly work with USA data. What made this incident completely embarrassing was that the apache- structs vulnerability had been known for a very long time (6-9 months?) and widely publicised. One might understand a small company not "getting the memo", but such a big company? Didn't they have any security people? (it would probably have been harder than a yum upgrade, but using it on production should have rang all alarms months before) That said, I am kind expecting a similar case of "big company that should have known better getting compromised by obvious security fail" with the log4j vulnerability that was discovered last December. Best regards * There are probably a number of loopholes though, such as your companies (banks, insurance, utilities...) looking you up and reporting certain data to this kind of services. But in general, things should be much better under EU legisation than in the US. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Interesting passage from the new EU Digital Services Act
On 2022-04-24 at 00:55 +0200, Jean-François Bachelet wrote: > Hello ^^) > > Haven't read the full EU stuff yet, but question : > > How can we be possibly become aware of such possible threats without > SPYING -read it all- the email passing by our mail servers ??? Well, it only applies *when* you become aware of that. The clear example I can think of would be a Facebook post saying "I will install a number of bombs next week". That is published automatically by the user (Facebook is not aware of it). Then the post is flagged by a user and reviewed by a moderator. *At that point* Facebook would "become aware" of such information, and need to report it to the Law Enforcement. On the other hand, if you are a site which accepts guest posts, with a policy of reviewing everything before publishing, you would be expected to have been become aware of that. Of course, if you are instead the NSA, you would probably want a trigger on every mention of the word "bomb", you know, for the Greater Good of National Security, even if that means getting a lot of False Positives... such as this thread. > only a jackass wana be terrst will put dangerous/alarm trigger > stuff in the Subject of his emails. I don't think the Subject line of emails would be any different than the body wrt to not spying your users. (Nevertheless, I am sure many crooks have used incriminating Subject lines on their emails) > so do the EU wants us to play as NSA for free ? and pursue us if we > don't... As mentioned above, I don't think so. Moreover, the proposal itself reminds > the prohibition of general monitoring obligations, as interpreted EN > 4 EN by the Court of Justice of the European Union⁸. > ⁸ For instance, Judgment of 3 October 2019, Glawischnig-Piesczek (C- > 18/18). Also of interest, this proposal doesn't seem to have been approved yet https://eur-lex.europa.eu/procedure/EN/2020_361 Best regards ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop