Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
The email came from someone in our organization who was asking us to forward any suspicious attachment by clicking on it and saving it before forwarding it on. My reaction was that this was another attempt to get all the recipients to click on something dangerous. I immediately sent an email to say "don't do what the email asks". The originator apologised but said what he asked for was perfectly reasonable. Very poor. On Sat, Sep 26, 2020 at 3:31 AM zMan wrote: > Wayne Bickerdike wrote: > > >My "spoof" email was apparently genuine. The > > >person who sent it has no idea > > >how much he got wrong with the request. > > Eh? Can you elaborate? First sentence makes no sense. It was spoofed or it > wasn't?! > -- > zMan -- "I've got a mainframe and I'm not afraid to use it" > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Wayne V. Bickerdike -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
Wayne Bickerdike wrote: >My "spoof" email was apparently genuine. The >person who sent it has no idea >how much he got wrong with the request. Eh? Can you elaborate? First sentence makes no sense. It was spoofed or it wasn't?! -- zMan -- "I've got a mainframe and I'm not afraid to use it" -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
The issues are: 1. What is the cost or risk of a false positive? 2. What is the cost/risk of a false negative 3. What are the probabilities for each. Using a spam folder rather than rejection increases the risk of losing legitimate e-mail with no notice. It also increases the risk that someone will open a malware message, falsely believing it to be erroneously in the junk folder. On the flip side, rejecting suspect spam has the risk that the sendeer's e-mail software is broken and fails to notify hime of the 5xx response. Most of us receive legitimate e-mail from previously unknown legitimate senders. Using, e.g., a DNSBL to flag tainted sources and generating an appropriate 5xx can have a much lower risk than a spam folder or silently dropping. It all comes down to what has the lowest cost/risk in a given environment; any action, including inaction, will have costs and risks. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of CM Poncelet Sent: Thursday, September 24, 2020 4:25 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment The whitelist is created step-by-step by the end-user, as message filters, by checking through the trash folder and recognizing which received emails are *not* SPAM/scam. It's a "learning curve." Phony emails that conform to the rules (as in from spoofed senders' email IDs) should be reported to Spamcop and, with some adequate reasoning (as in "if not this *and* also that etc."), can then be trapped and dropped in the trash folder. For what my experience of anti-spam software is worth, I have regularly received spam/scam emails whose headers contained something like "Spamassassin score 4.7, 5.0 required" and which were thus allowed through as legitimate emails even though they were not. Perhaps RACF does it better than ACF2 now. But in the 80's only ACF2 blocked everything unless an explicit rule allowed it - which is why security conscious companies chose ACF2 instead of RACF (in those days.) I would still choose ACF2 or TSS over RACF. But thanks anyway for the 'update' ;-) On 24/09/2020 12:40, R.S. wrote: > W dniu 24.09.2020 o 03:10, CM Poncelet pisze: >> All software filters are fundamentally flawed, because they presume to >> recognize and 'understand' what is or not SPAM - which is logically >> impossible. The only reliable filter is the hardware one, which assumes >> by default that every received email is SPAM *unless* a message filter >> rule says it is legitimate. That is how ACF2 enforced security - by >> denying any access to a resource unless an ACF rule permitted it. > > How do you create whitelist? > What if phony email conform the rules? > > No, spam-nospam decision is "fuzzy logic". Commercial filters may use > some input from provider, something like virus definition. There are > some popular spam (or malicious msg) messages with some characteristics. > > BTW: RACF does it better than ACF2 - while it is possible to deny by > default, usually the decision is left to resource owner, who knows > better what to do. ;-) > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
The whitelist is created step-by-step by the end-user, as message filters, by checking through the trash folder and recognizing which received emails are *not* SPAM/scam. It's a "learning curve." Phony emails that conform to the rules (as in from spoofed senders' email IDs) should be reported to Spamcop and, with some adequate reasoning (as in "if not this *and* also that etc."), can then be trapped and dropped in the trash folder. For what my experience of anti-spam software is worth, I have regularly received spam/scam emails whose headers contained something like "Spamassassin score 4.7, 5.0 required" and which were thus allowed through as legitimate emails even though they were not. Perhaps RACF does it better than ACF2 now. But in the 80's only ACF2 blocked everything unless an explicit rule allowed it - which is why security conscious companies chose ACF2 instead of RACF (in those days.) I would still choose ACF2 or TSS over RACF. But thanks anyway for the 'update' ;-) On 24/09/2020 12:40, R.S. wrote: > W dniu 24.09.2020 o 03:10, CM Poncelet pisze: >> All software filters are fundamentally flawed, because they presume to >> recognize and 'understand' what is or not SPAM - which is logically >> impossible. The only reliable filter is the hardware one, which assumes >> by default that every received email is SPAM *unless* a message filter >> rule says it is legitimate. That is how ACF2 enforced security - by >> denying any access to a resource unless an ACF rule permitted it. > > How do you create whitelist? > What if phony email conform the rules? > > No, spam-nospam decision is "fuzzy logic". Commercial filters may use > some input from provider, something like virus definition. There are > some popular spam (or malicious msg) messages with some characteristics. > > BTW: RACF does it better than ACF2 - while it is possible to deny by > default, usually the decision is left to resource owner, who knows > better what to do. ;-) > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
W dniu 24.09.2020 o 03:10, CM Poncelet pisze: All software filters are fundamentally flawed, because they presume to recognize and 'understand' what is or not SPAM - which is logically impossible. The only reliable filter is the hardware one, which assumes by default that every received email is SPAM *unless* a message filter rule says it is legitimate. That is how ACF2 enforced security - by denying any access to a resource unless an ACF rule permitted it. How do you create whitelist? What if phony email conform the rules? No, spam-nospam decision is "fuzzy logic". Commercial filters may use some input from provider, something like virus definition. There are some popular spam (or malicious msg) messages with some characteristics. BTW: RACF does it better than ACF2 - while it is possible to deny by default, usually the decision is left to resource owner, who knows better what to do. ;-) -- Radoslaw Skorupka Lodz, Poland == Jeśli nie jesteś adresatem tej wiadomości: - powiadom nas o tym w mailu zwrotnym (dziękujemy!), - usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś na dysku). Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza) tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać karze. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 025237, NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na 01.01.2020 r. wynosi 169.401.468 złotych. If you are not the addressee of this message: - let us know by replying to this e-mail (thank you!), - delete this message permanently (including all the copies which you have printed out or saved). This message may contain legally protected information, which may be used exclusively by the addressee.Please be reminded that anyone who disseminates (copies, distributes) this message or takes any similar action, violates the law and may be penalised. mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950 Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register, KRS 025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN 169.401.468 as at 1 January 2020. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
My "spoof" email was apparently genuine. The person who sent it has no idea how much he got wrong with the request. On Thu, Sep 24, 2020 at 12:44 PM Seymour J Metz wrote: > That's not reliable either, and there are many different ways of being > flawed, some more serious than others. The model that you proposed is > deeply flawed for anybody that doesn't have a closed set of correspondents > using an identical security model. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > > From: IBM Mainframe Discussion List on behalf > of CM Poncelet > Sent: Wednesday, September 23, 2020 9:10 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a > potentially harmful attachment > > All software filters are fundamentally flawed, because they presume to > recognize and 'understand' what is or not SPAM - which is logically > impossible. The only reliable filter is the hardware one, which assumes > by default that every received email is SPAM *unless* a message filter > rule says it is legitimate. That is how ACF2 enforced security - by > denying any access to a resource unless an ACF rule permitted it. > > > > On 22/09/2020 23:14, Seymour J Metz wrote: > > The commercial filters are mostly broken in all sorts of fascinating > ways. If it's an option your best choice is to find a provider competent to > select or write decent filters. > > > > > > -- > > Shmuel (Seymour J.) Metz > > http://mason.gmu.edu/~smetz3 > > > > > > > > From: IBM Mainframe Discussion List on > behalf of Charles Mills > > Sent: Tuesday, September 22, 2020 5:25 PM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: Caution: "Hacked" email caused the distribution of a > potentially harmful attachment > > > > The commercial e-mail malware filters watch for e-mail where the "from" > address and the headers do not match. > > > > They did not used to. The *SPAM* filters watched for the mis-match, but > not the malware filters. The notorious RSA hack began with a spear-phishing > e-mail with an attachment of an Excel spreadsheet containing a zero-day > exploit. RSA's SPAM filter caught it! However, two enterprising employees > dragged the e-mail out of their SPAM folder and opened it and the attached > spreadsheet. > > > > Ever since then the malware filter publishers have been watching for > this mismatch and treating it as potential malware rather than merely > potential SPAM. > > > > Charles > > > > > > -----Original Message- > > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of CM Poncelet > > Sent: Tuesday, September 22, 2020 2:05 PM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: Caution: "Hacked" email caused the distribution of a > potentially harmful attachment > > > > Hence, check your trash/deleted folder and then create message filters > > for any legitimate emails it contains, then run your message filters > > against your trash/deleted folder to move the legitimate emails out of > > there and into your "Inbox" folder or whatever other appropriate folders > > - and these legitimate emails will then no longer be trapped as > > spam/scam emails. What these 'not spam/scam' message filters should > > contain and check for is up to you. > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > . > > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Wayne V. Bickerdike -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
That's not reliable either, and there are many different ways of being flawed, some more serious than others. The model that you proposed is deeply flawed for anybody that doesn't have a closed set of correspondents using an identical security model. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of CM Poncelet Sent: Wednesday, September 23, 2020 9:10 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment All software filters are fundamentally flawed, because they presume to recognize and 'understand' what is or not SPAM - which is logically impossible. The only reliable filter is the hardware one, which assumes by default that every received email is SPAM *unless* a message filter rule says it is legitimate. That is how ACF2 enforced security - by denying any access to a resource unless an ACF rule permitted it. On 22/09/2020 23:14, Seymour J Metz wrote: > The commercial filters are mostly broken in all sorts of fascinating ways. If > it's an option your best choice is to find a provider competent to select or > write decent filters. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > > From: IBM Mainframe Discussion List on behalf of > Charles Mills > Sent: Tuesday, September 22, 2020 5:25 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a potentially > harmful attachment > > The commercial e-mail malware filters watch for e-mail where the "from" > address and the headers do not match. > > They did not used to. The *SPAM* filters watched for the mis-match, but not > the malware filters. The notorious RSA hack began with a spear-phishing > e-mail with an attachment of an Excel spreadsheet containing a zero-day > exploit. RSA's SPAM filter caught it! However, two enterprising employees > dragged the e-mail out of their SPAM folder and opened it and the attached > spreadsheet. > > Ever since then the malware filter publishers have been watching for this > mismatch and treating it as potential malware rather than merely potential > SPAM. > > Charles > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of CM Poncelet > Sent: Tuesday, September 22, 2020 2:05 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a potentially > harmful attachment > > Hence, check your trash/deleted folder and then create message filters > for any legitimate emails it contains, then run your message filters > against your trash/deleted folder to move the legitimate emails out of > there and into your "Inbox" folder or whatever other appropriate folders > - and these legitimate emails will then no longer be trapped as > spam/scam emails. What these 'not spam/scam' message filters should > contain and check for is up to you. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > . > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
All software filters are fundamentally flawed, because they presume to recognize and 'understand' what is or not SPAM - which is logically impossible. The only reliable filter is the hardware one, which assumes by default that every received email is SPAM *unless* a message filter rule says it is legitimate. That is how ACF2 enforced security - by denying any access to a resource unless an ACF rule permitted it. On 22/09/2020 23:14, Seymour J Metz wrote: > The commercial filters are mostly broken in all sorts of fascinating ways. If > it's an option your best choice is to find a provider competent to select or > write decent filters. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > > From: IBM Mainframe Discussion List on behalf of > Charles Mills > Sent: Tuesday, September 22, 2020 5:25 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a potentially > harmful attachment > > The commercial e-mail malware filters watch for e-mail where the "from" > address and the headers do not match. > > They did not used to. The *SPAM* filters watched for the mis-match, but not > the malware filters. The notorious RSA hack began with a spear-phishing > e-mail with an attachment of an Excel spreadsheet containing a zero-day > exploit. RSA's SPAM filter caught it! However, two enterprising employees > dragged the e-mail out of their SPAM folder and opened it and the attached > spreadsheet. > > Ever since then the malware filter publishers have been watching for this > mismatch and treating it as potential malware rather than merely potential > SPAM. > > Charles > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of CM Poncelet > Sent: Tuesday, September 22, 2020 2:05 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a potentially > harmful attachment > > Hence, check your trash/deleted folder and then create message filters > for any legitimate emails it contains, then run your message filters > against your trash/deleted folder to move the legitimate emails out of > there and into your "Inbox" folder or whatever other appropriate folders > - and these legitimate emails will then no longer be trapped as > spam/scam emails. What these 'not spam/scam' message filters should > contain and check for is up to you. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > . > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
This one is a doozy, came today: Hello All If any member receives a suspicious email from Cab Sec V2 Lee-Ann Anselmo (as per image below) can you please do the following. Please save the email as an attachment. If using Outlook you need to double click on the email to open it up and then right click go to Save As and then save it to wherever you save your files. Please then email the attachment to Scott Harrison at Nice trick.. On Wed, Sep 23, 2020 at 8:14 AM Seymour J Metz wrote: > The commercial filters are mostly broken in all sorts of fascinating ways. > If it's an option your best choice is to find a provider competent to > select or write decent filters. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > > From: IBM Mainframe Discussion List on behalf > of Charles Mills > Sent: Tuesday, September 22, 2020 5:25 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a > potentially harmful attachment > > The commercial e-mail malware filters watch for e-mail where the "from" > address and the headers do not match. > > They did not used to. The *SPAM* filters watched for the mis-match, but > not the malware filters. The notorious RSA hack began with a spear-phishing > e-mail with an attachment of an Excel spreadsheet containing a zero-day > exploit. RSA's SPAM filter caught it! However, two enterprising employees > dragged the e-mail out of their SPAM folder and opened it and the attached > spreadsheet. > > Ever since then the malware filter publishers have been watching for this > mismatch and treating it as potential malware rather than merely potential > SPAM. > > Charles > > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of CM Poncelet > Sent: Tuesday, September 22, 2020 2:05 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a > potentially harmful attachment > > Hence, check your trash/deleted folder and then create message filters > for any legitimate emails it contains, then run your message filters > against your trash/deleted folder to move the legitimate emails out of > there and into your "Inbox" folder or whatever other appropriate folders > - and these legitimate emails will then no longer be trapped as > spam/scam emails. What these 'not spam/scam' message filters should > contain and check for is up to you. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Wayne V. Bickerdike -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
The commercial filters are mostly broken in all sorts of fascinating ways. If it's an option your best choice is to find a provider competent to select or write decent filters. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Charles Mills Sent: Tuesday, September 22, 2020 5:25 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment The commercial e-mail malware filters watch for e-mail where the "from" address and the headers do not match. They did not used to. The *SPAM* filters watched for the mis-match, but not the malware filters. The notorious RSA hack began with a spear-phishing e-mail with an attachment of an Excel spreadsheet containing a zero-day exploit. RSA's SPAM filter caught it! However, two enterprising employees dragged the e-mail out of their SPAM folder and opened it and the attached spreadsheet. Ever since then the malware filter publishers have been watching for this mismatch and treating it as potential malware rather than merely potential SPAM. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of CM Poncelet Sent: Tuesday, September 22, 2020 2:05 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Hence, check your trash/deleted folder and then create message filters for any legitimate emails it contains, then run your message filters against your trash/deleted folder to move the legitimate emails out of there and into your "Inbox" folder or whatever other appropriate folders - and these legitimate emails will then no longer be trapped as spam/scam emails. What these 'not spam/scam' message filters should contain and check for is up to you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
The commercial e-mail malware filters watch for e-mail where the "from" address and the headers do not match. They did not used to. The *SPAM* filters watched for the mis-match, but not the malware filters. The notorious RSA hack began with a spear-phishing e-mail with an attachment of an Excel spreadsheet containing a zero-day exploit. RSA's SPAM filter caught it! However, two enterprising employees dragged the e-mail out of their SPAM folder and opened it and the attached spreadsheet. Ever since then the malware filter publishers have been watching for this mismatch and treating it as potential malware rather than merely potential SPAM. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of CM Poncelet Sent: Tuesday, September 22, 2020 2:05 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Hence, check your trash/deleted folder and then create message filters for any legitimate emails it contains, then run your message filters against your trash/deleted folder to move the legitimate emails out of there and into your "Inbox" folder or whatever other appropriate folders - and these legitimate emails will then no longer be trapped as spam/scam emails. What these 'not spam/scam' message filters should contain and check for is up to you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
Having to check a spam folder negates the purpose of a spam filter and just about guranties losing legitimate messages. Reject apparent spam during the SMTP session with an apporopriate messages so legitimate senders know to try other channels, and treat anything else as probably legitimate. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of CM Poncelet Sent: Tuesday, September 22, 2020 5:05 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Hence, check your trash/deleted folder and then create message filters for any legitimate emails it contains, then run your message filters against your trash/deleted folder to move the legitimate emails out of there and into your "Inbox" folder or whatever other appropriate folders - and these legitimate emails will then no longer be trapped as spam/scam emails. What these 'not spam/scam' message filters should contain and check for is up to you. On 22/09/2020 18:42, Seymour J Metz wrote: > Many of us receive legitimate e-mail from unknown senders, or from known > senders with new addresses. > > The e-mail addresses in headers are not trustworthy. Digital signatures are > only trustworthy if you got the public key from a trusted source. > > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > > From: IBM Mainframe Discussion List on behalf of > CM Poncelet > Sent: Monday, September 21, 2020 10:18 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a potentially > harmful attachment > > FWIW > > (a) Begin by assuming that *all* received emails are spam/scam (and > define this as the bottom line catch-all message filter) *unless* a > higher up message filter recognizes both the sender(s)'s and the 'to' > recipient's addresses as valid. > (b) The sender's original email address can be found towards the end in > the message headers, as in the "received from ... for ..." message > header line. > (c) Spam/scam emails can be sent to > https://www.spamcop.net/mcgi?action=loginform for verification, if need be. > > The 'trick' to get around spammers/scammers is to use message filters, > with the bottom line catch-all filter saying something like "if the > subject does not contain *and* > the sender is not @ then save > the email in the trash/delete folder" - which then ensures that the > email is never saved in the "Inbox" folder. > > A more skilful 'trick' is to have many different email IDs and give out > a different email ID to every company, individual etc. (and keep a > record of which email ID was given to whom) - so that, if a spammer or > scammer gets hold of it, it can be deleted and a replacement new email > ID can be created ... and then also determine from whom the > spammer/scammer harvested the old and now deleted email ID. That kills > off spammers and scammers, because any further emails sent to the old > email ID just bounce as "undeliverable" and they cannot guess what the > new email ID is. But that requires owning one or more domain names and > being able to create/delete email IDs associated with it/them. (I > have/use more than 200 email IDs across more than 30 domain names.) > > HTH. > > Cheers, Chris Poncelet (retired sysprog) > > > > On 22/09/2020 00:04, Bob Bridges wrote: >> -Original Message- >> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >> Behalf Of Jesse 1 Robinson >> Sent: Monday, September 21, 2020 17:08 >> >> JR> The idea of deliberately dumbing down language in spam is preposterous. >> First of all I don't understand the purported logic of it. >> >> BB> Radoslaw's logic seemed clear to me, but when I set out to spell it out >> for you, I began to wonder whether I'd mistaken it. He wrote "a method to >> filter out bright people and leave only the fools", which I interpreted this >> way: Intelligent people (according to Radoslaw) are less likely to produce >> profit for the scammer, in the long run. If the scam is written badly, an >> intelligent person is more likely to throw it out, and thus less likely to >> waste the scammer's time with replies that will in the end lead nowhere. >> Fools, meanwhile, will not notice (or notice less) the atrocious writing, >> and thus be more likely to proceed. >> >> I'll leave it to him to say whether I read him correctly. But ~if~ that is >> indeed the scammer's motive for writin
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
Hence, check your trash/deleted folder and then create message filters for any legitimate emails it contains, then run your message filters against your trash/deleted folder to move the legitimate emails out of there and into your "Inbox" folder or whatever other appropriate folders - and these legitimate emails will then no longer be trapped as spam/scam emails. What these 'not spam/scam' message filters should contain and check for is up to you. On 22/09/2020 18:42, Seymour J Metz wrote: > Many of us receive legitimate e-mail from unknown senders, or from known > senders with new addresses. > > The e-mail addresses in headers are not trustworthy. Digital signatures are > only trustworthy if you got the public key from a trusted source. > > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > > From: IBM Mainframe Discussion List on behalf of > CM Poncelet > Sent: Monday, September 21, 2020 10:18 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Caution: "Hacked" email caused the distribution of a potentially > harmful attachment > > FWIW > > (a) Begin by assuming that *all* received emails are spam/scam (and > define this as the bottom line catch-all message filter) *unless* a > higher up message filter recognizes both the sender(s)'s and the 'to' > recipient's addresses as valid. > (b) The sender's original email address can be found towards the end in > the message headers, as in the "received from ... for ..." message > header line. > (c) Spam/scam emails can be sent to > https://www.spamcop.net/mcgi?action=loginform for verification, if need be. > > The 'trick' to get around spammers/scammers is to use message filters, > with the bottom line catch-all filter saying something like "if the > subject does not contain *and* > the sender is not @ then save > the email in the trash/delete folder" - which then ensures that the > email is never saved in the "Inbox" folder. > > A more skilful 'trick' is to have many different email IDs and give out > a different email ID to every company, individual etc. (and keep a > record of which email ID was given to whom) - so that, if a spammer or > scammer gets hold of it, it can be deleted and a replacement new email > ID can be created ... and then also determine from whom the > spammer/scammer harvested the old and now deleted email ID. That kills > off spammers and scammers, because any further emails sent to the old > email ID just bounce as "undeliverable" and they cannot guess what the > new email ID is. But that requires owning one or more domain names and > being able to create/delete email IDs associated with it/them. (I > have/use more than 200 email IDs across more than 30 domain names.) > > HTH. > > Cheers, Chris Poncelet (retired sysprog) > > > > On 22/09/2020 00:04, Bob Bridges wrote: >> -Original Message- >> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >> Behalf Of Jesse 1 Robinson >> Sent: Monday, September 21, 2020 17:08 >> >> JR> The idea of deliberately dumbing down language in spam is preposterous. >> First of all I don't understand the purported logic of it. >> >> BB> Radoslaw's logic seemed clear to me, but when I set out to spell it out >> for you, I began to wonder whether I'd mistaken it. He wrote "a method to >> filter out bright people and leave only the fools", which I interpreted this >> way: Intelligent people (according to Radoslaw) are less likely to produce >> profit for the scammer, in the long run. If the scam is written badly, an >> intelligent person is more likely to throw it out, and thus less likely to >> waste the scammer's time with replies that will in the end lead nowhere. >> Fools, meanwhile, will not notice (or notice less) the atrocious writing, >> and thus be more likely to proceed. >> >> I'll leave it to him to say whether I read him correctly. But ~if~ that is >> indeed the scammer's motive for writing badly, I think the scammer isn't >> thinking very clearly. >> >> The next part of your comment I think is just a confusion about who said >> what. I said Nigerians are mostly capable of better English than I see in >> "Nigerian old ministers' " emails, but that's just a side comment, not part >> of Radoslaw's reasoning. >> >> JR> More important, while English is an official language in Nigeria, it is >> no one's mother tongue. It's learned, mostly in school, to whatever >> proficiency the learner can achieve. The average spammer has probably never &
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
Well, somebody is sure doing a great job of writing English that does not sound intelligent. I currently have one in my inbox with a subject line of "Wait check defrayment in the number of $3288.78 read at once" Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent: Tuesday, September 22, 2020 3:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Bob, Yes you correctly interpreted my point about the language in scam emails. However ...it is NOT MY observation. I'm only messenger. This is recognized by proffessionals who work (fight) with scam and Internet security, and study the problem. And it is reasonable, not preposterous. Few remarks: 1. Scam is a business. Yes, it is a crime, but many crimes are profitable and well organized. Like drugs. 2. This business is NOT driven by idiots. There are clever people who cheats. Charles Ponzi, Jordan Belfort, Bernard Madoff, Zeek Rewards, OSGold, PIPS... 3. Assumption that nigerian scam is driven by nigerian poeple is plain wrong. 4. Every crime group is clever enough to hire some native speaker to edit some short message without errors and dumb mistakes. 5. Nigerian scam is common name for some type of trick and does not necessarily mean anything related to Nigeria. In Poland we have scam mails from "US Army soldier", usually from some base in Iraq or Germany. And there are more scam topics. 6. Most scam emails are in native language of recipient. So, in Poland we have emails in polish, nevermind how the "US Army Soldier" learnt this language (usually because of polish roots). And phony nigerian minister studied in Poland, which sound reasonable, because we have many students from Africa and Middle East (and Latin America). -- Radoslaw Skorupka Lodz, Poland W dniu 22.09.2020 o 01:04, Bob Bridges pisze: > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Jesse 1 Robinson > Sent: Monday, September 21, 2020 17:08 > > JR> The idea of deliberately dumbing down language in spam is preposterous. > First of all I don't understand the purported logic of it. > > BB> Radoslaw's logic seemed clear to me, but when I set out to spell it out > for you, I began to wonder whether I'd mistaken it. He wrote "a method to > filter out bright people and leave only the fools", which I interpreted this > way: Intelligent people (according to Radoslaw) are less likely to produce > profit for the scammer, in the long run. If the scam is written badly, an > intelligent person is more likely to throw it out, and thus less likely to > waste the scammer's time with replies that will in the end lead nowhere. > Fools, meanwhile, will not notice (or notice less) the atrocious writing, and > thus be more likely to proceed. > > I'll leave it to him to say whether I read him correctly. But ~if~ that is > indeed the scammer's motive for writing badly, I think the scammer isn't > thinking very clearly. > > The next part of your comment I think is just a confusion about who said > what. I said Nigerians are mostly capable of better English than I see in > "Nigerian old ministers' " emails, but that's just a side comment, not part > of Radoslaw's reasoning. > > JR> More important, while English is an official language in Nigeria, it is > no one's mother tongue. It's learned, mostly in school, to whatever > proficiency the learner can achieve. The average spammer has probably never > stepped inside university. Even secondary school certification is improbable. > Add to that the 'dialectical' difference between Nigerian and American > English makes it unlikely that the most fluent spammer could write something > of undetectable of origin. > > BB> I don't buy that last part. I have no idea how many spammers have been > to University, or secondary school, but they can't ~all~ be illiterate and > therefore it's not unlikely - just the reverse - that some of them will be > able to compose a grammatically correct email. No one said anything about > "undetectable"; for verisimilitude you'd want ~some~ degree of "foreign-ness". > > --- > Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 > > /* ...in your bedchamber do not curse a king, and in your sleeping rooms do > not curse a rich man, for a bird of the heavens will carry the sound, and the > winged creature will make the matter known. -Ecclesiastes 10:20 */ > > -Original Message- > From: IBM Mainframe Discussion List On Behalf Of > Bob Bridges > Sent: Monday, September 21, 2020 10:19 AM > > Interesting hypothes
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
Many of us receive legitimate e-mail from unknown senders, or from known senders with new addresses. The e-mail addresses in headers are not trustworthy. Digital signatures are only trustworthy if you got the public key from a trusted source. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of CM Poncelet Sent: Monday, September 21, 2020 10:18 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment FWIW (a) Begin by assuming that *all* received emails are spam/scam (and define this as the bottom line catch-all message filter) *unless* a higher up message filter recognizes both the sender(s)'s and the 'to' recipient's addresses as valid. (b) The sender's original email address can be found towards the end in the message headers, as in the "received from ... for ..." message header line. (c) Spam/scam emails can be sent to https://www.spamcop.net/mcgi?action=loginform for verification, if need be. The 'trick' to get around spammers/scammers is to use message filters, with the bottom line catch-all filter saying something like "if the subject does not contain *and* the sender is not @ then save the email in the trash/delete folder" - which then ensures that the email is never saved in the "Inbox" folder. A more skilful 'trick' is to have many different email IDs and give out a different email ID to every company, individual etc. (and keep a record of which email ID was given to whom) - so that, if a spammer or scammer gets hold of it, it can be deleted and a replacement new email ID can be created ... and then also determine from whom the spammer/scammer harvested the old and now deleted email ID. That kills off spammers and scammers, because any further emails sent to the old email ID just bounce as "undeliverable" and they cannot guess what the new email ID is. But that requires owning one or more domain names and being able to create/delete email IDs associated with it/them. (I have/use more than 200 email IDs across more than 30 domain names.) HTH. Cheers, Chris Poncelet (retired sysprog) On 22/09/2020 00:04, Bob Bridges wrote: > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Jesse 1 Robinson > Sent: Monday, September 21, 2020 17:08 > > JR> The idea of deliberately dumbing down language in spam is preposterous. > First of all I don't understand the purported logic of it. > > BB> Radoslaw's logic seemed clear to me, but when I set out to spell it out > for you, I began to wonder whether I'd mistaken it. He wrote "a method to > filter out bright people and leave only the fools", which I interpreted this > way: Intelligent people (according to Radoslaw) are less likely to produce > profit for the scammer, in the long run. If the scam is written badly, an > intelligent person is more likely to throw it out, and thus less likely to > waste the scammer's time with replies that will in the end lead nowhere. > Fools, meanwhile, will not notice (or notice less) the atrocious writing, and > thus be more likely to proceed. > > I'll leave it to him to say whether I read him correctly. But ~if~ that is > indeed the scammer's motive for writing badly, I think the scammer isn't > thinking very clearly. > > The next part of your comment I think is just a confusion about who said > what. I said Nigerians are mostly capable of better English than I see in > "Nigerian old ministers' " emails, but that's just a side comment, not part > of Radoslaw's reasoning. > > JR> More important, while English is an official language in Nigeria, it is > no one's mother tongue. It's learned, mostly in school, to whatever > proficiency the learner can achieve. The average spammer has probably never > stepped inside university. Even secondary school certification is improbable. > Add to that the 'dialectical' difference between Nigerian and American > English makes it unlikely that the most fluent spammer could write something > of undetectable of origin. > > BB> I don't buy that last part. I have no idea how many spammers have been > to University, or secondary school, but they can't ~all~ be illiterate and > therefore it's not unlikely - just the reverse - that some of them will be > able to compose a grammatically correct email. No one said anything about > "undetectable"; for verisimilitude you'd want ~some~ degree of "foreign-ness". > > --- > Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 > > /* ...in your bedchamber do not curse a king, and in your sleeping rooms do > not curse a rich man, for a bird of
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
First, the Received: fields contain domain names and IP addresses that depend only on envelopes and connecting IP addresses. You should rely on those that came from nodes you control or trust; anything beyond that is suspect. There are various authentication protocols, e.g., SPF (acronym overload), but those are only as good as thercertificate owner. That is, you can check with the CA that foo owns bar, but not whether foo is a criminal or legitimate. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Bob Bridges Sent: Tuesday, September 22, 2020 10:27 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment I'm pretty sure that in the bad old days, even the headers could not accurately reflect the sender. You could tell what ~server~ the email came from, but the email address depended entirely on the From label that every email client attaches manually, and which isn't necessarily truthful. I put this in the past tense not because I believe it's no longer true, but because it ~might~ no longer be true. I know a lot of the major domains are adding various headers that purport to guarantee at least that the email came from a subscriber at the originating domain. I don't know how advanced those headers are these days. But until Chris posted the below, I would have said you still can't be sure of the sender's email address by looking at the headers. The headers that came with Chris' email, by the way, are much longer than I'm used to seeing. Is this normal, these days, or is it a feature of IBM-MAIN? I think what I'm seeing is a series of authentication methods as it's passed from one server to the next along what I think is called the "backbone": ARC, IronPort, and something called TMASE. (I hope this doesn't break the LISTSERV's filters.) Delivered-To: robhbrid...@gmail.com Received: by 2002:adf:f447:0:0:0:0:0 with SMTP id f7csp3851648wrp; Mon, 21 Sep 2020 19:18:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyZYVYvh3cQWqrXkErWaQ9fj0W+BvZi9Nn3OIAhxJo/3CruwF8hoeAX5Oz2VcYZ5dXeWd3e X-Received: by 2002:a25:4dc3:: with SMTP id a186mr3921730ybb.250.1600741122602; Mon, 21 Sep 2020 19:18:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600741122; cv=none; d=google.com; s=arc-20160816; b=B58897TXTtvQJ7t1gnHyrcV+cq3LL+jDEM9oArNxwngd5gxmJmVU8iQWMRfzwzIErF 171T/6dYrx3amczVIU4+RYVmvhPiw4ciJWp6wEkjj4Crj2Idy3h02jmoPxSI6bfpfSYx FqaUjP7LwKQ/2TClTi+oAhk19o5H/73ukJTA5+mhsv9CBSm/9aAimG18O14JDpzlgKJO CZwngYjwGO/+cJ8VP1MfmKYwOC+Gk1v7+iJLbovbbXQB5yF5tziBBYUjFm2ZJcNDe6zR gPstA7GqeqHoI7Q/YvKuVuDqWI45gSXg1uBZwik+4sYFnPucdPQ9J9gAOZ7Q4+7l7syN 2g6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-archive:list-owner:list-subscribe:list-unsubscribe:list-help :precedence:in-reply-to:to:subject:organization:from:sender:reply-to :date:newsgroups:message-id:content-language :content-transfer-encoding:mime-version:user-agent:references :ironport-phdr:dkim-signature; bh=xak+K7z8G4pm5Gldpny1Rz595iMZvkPotRV2fRPSWh4=; b=N/3iP2pjAMuhJ3ys6eeEachah/tZmrbzUtQlSghrMQ0SAMkmGZruV01BUBVJhJwK/1 Q38yPpfJg+QbzHYPu080i4V4MZNYOWPjTNwZJ/f4rGo+HwGPrRzPY5ZBJ6GnYkgIgCx1 zYENntXTcedNtOC3TS57zGYck/l4DmaNoHpmfyMSdfIyOx3ian0dIC5f7ny1b14ZC6Eg 9fp07gi9ViNNgy5wyNC+KpxHpsK3m2SU1E8dEfDYBIaHLZZERwcy0fjM9mfyVCf61M8a FsFvsqFOLvmk1W4aYLnXxwMC3Uo7oyUNythENV/zL7mweFg5njPKOeHNOXA3+H5PlSHJ j6rQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass (test mode) header.i=@UA.EDU header.s=LISTSERV01 header.b=hoKgtLn3; spf=pass (google.com: domain of owner-ibm-m...@listserv.ua.edu designates 130.160.0.25 as permitted sender) smtp.mailfrom=owner-ibm-m...@listserv.ua.edu Return-Path: Received: from lsvmail01.ua.edu (lsvmail01.ua.edu. [130.160.0.25]) by mx.google.com with ESMTPS id m18si15161936ybp.129.2020.09.21.19.18.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 21 Sep 2020 19:18:42 -0700 (PDT) Received-SPF: pass (google.com: domain of owner-ibm-m...@listserv.ua.edu designates 130.160.0.25 as permitted sender) client-ip=130.160.0.25; Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@UA.EDU header.s=LISTSERV01 header.b=hoKgtLn3; spf=pass (google.com: domain of owner-ibm-m...@listserv.ua.edu designates 130.160.0.25 as permitted sender) smtp.mailfrom=owner-ibm-m...@listserv.ua.edu Received: from listserv01.ua.edu (listserv01.ua.edu [10.8.81.163]) by lsvmail01.ua.edu (Postfix) with ESMTP id 9EF7C2695E9; Mon, 21 Sep 2020 21:18:24 -0500 (CDT) Received: from listserv01 (localhost [127.0.0.1]) by listse
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
SgQseCioZU7Bltw5qVLoIcZ8kDSGx3c9KE2iwgwHpxe m/bPuNbl5MWo5eRkVhST4r6vLqe1XqcixCHFzaYdLjsmuOashGJMkOX0UoduuRFuGoR26L1w7yR 70UzaHOHVsXfkupVIqZhl+M5E4O1lSnnHALWebCZyFiJvyj8nUDAuMzu3eJGjgs0XGsRxKVpnZH oNDMN+oVF0Dz6CWocg2tLLi+OcCOYCWAJNioDShZ10bFzFUNG3GZZmA+NDs0S4FVzIwTbgVTgK6 rBjXxyiddcraUg4/ZRb1xSh2RN51l+2VnQAa92VN19PjPJahlIrU8f3oY88YFnFZNfj6Xm2IZRv Yk3GLWpNYvDaO9t+nGBJNb89mNwBtSzbDslijNQvXATUpYL2KqwfObg093Ck36BFvDcr529Kb8b IfVVvJXl14nsx4+p94urrazonbjxkJbwDA0WnIqo2fOuRT7aa8JzVOUQUG5x0rxNYA09+9rjpnb R8WdwbBjd6/dITuSv10LK3PDYSThha18eHngtzSMFvyr5L84J4Nw4JZFjB6RRnkhLZOCK9FAcpy p5sxOaPZ2BdfONa6cJXOW472UCp8SVv8xCiJrPBFOikWBnGHVG+BHSGRsbg85b+xRMFjssfwxRH /2+eRzcyqkpVb+feOzL9BDvV9Gcgd9to5LaUUGKybY4NKiA1Dm+4joeL+f2Qx0NjGmV8+E8e8uK rAhcoWr087TojJhPbcv/tJBGjYlJAAk7j9W+Xc/m/9PIvpoqnZS/aYgjrzjcQcUZK1ILgfeRHqX TAYgaKdG9jQTUwt3lz13GxNMIPHvm/yqC0xZmeAiCmPx4NwFkMvWAuahr8ooPRqITj5zirusVRy 4an8SAHAopEd76vDiw+z6Jcs5PQksiHxkt+OHPYv6H4I4EiOiaJdeKshjWHJ4eiBgCSqQ== X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0 Message-ID: <63d7551f-6d05-455d-7b68-bd30c1958...@bcs.org.uk> Newsgroups: bit.listserv.ibm-main Date: Tue, 22 Sep 2020 03:18:45 +0100 Reply-To: IBM Mainframe Discussion List Sender: IBM Mainframe Discussion List From: CM Poncelet Organization: L! Logic Integration Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment To: IBM-MAIN@LISTSERV.UA.EDU In-Reply-To: <00c801d6906b$979827c0$c6c87740$@gmail.com> Precedence: list List-Help: <http://listserv.ua.edu/cgi-bin/wa?LIST=IBM-MAIN>, <mailto:lists...@listserv.ua.edu?body=INFO%20IBM-MAIN> List-Unsubscribe: <mailto:ibm-main-unsubscribe-requ...@listserv.ua.edu> List-Subscribe: <mailto:ibm-main-subscribe-requ...@listserv.ua.edu> List-Owner: <mailto:ibm-main-requ...@listserv.ua.edu> List-Archive: <http://listserv.ua.edu/cgi-bin/wa?LIST=IBM-MAIN> --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* Marriage is an act of will, divorce an act of won't. -screenwriter Josh Greenfeld */ -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of CM Poncelet Sent: Monday, September 21, 2020 22:19 (a) Begin by assuming that *all* received emails are spam/scam (and define this as the bottom line catch-all message filter) *unless* a higher up message filter recognizes both the sender(s)'s and the 'to' recipient's addresses as valid. (b) The sender's original email address can be found towards the end in the message headers, as in the "received from ... for ..." message header line. (c) Spam/scam emails can be sent to https://www.spamcop.net/mcgi?action=loginform for verification, if need be. The 'trick' to get around spammers/scammers is to use message filters, with the bottom line catch-all filter saying something like "if the subject does not contain *and* the sender is not @ then save the email in the trash/delete folder" - which then ensures that the email is never saved in the "Inbox" folder. A more skilful 'trick' is to have many different email IDs and give out a different email ID to every company, individual etc. (and keep a record of which email ID was given to whom) - so that, if a spammer or scammer gets hold of it, it can be deleted and a replacement new email ID can be created ... and then also determine from whom the spammer/scammer harvested the old and now deleted email ID. That kills off spammers and scammers, because any further emails sent to the old email ID just bounce as "undeliverable" and they cannot guess what the new email ID is. But that requires owning one or more domain names and being able to create/delete email IDs associated with it/them. (I have/use more than 200 email IDs across more than 30 domain names.) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
Bob, Yes you correctly interpreted my point about the language in scam emails. However ...it is NOT MY observation. I'm only messenger. This is recognized by proffessionals who work (fight) with scam and Internet security, and study the problem. And it is reasonable, not preposterous. Few remarks: 1. Scam is a business. Yes, it is a crime, but many crimes are profitable and well organized. Like drugs. 2. This business is NOT driven by idiots. There are clever people who cheats. Charles Ponzi, Jordan Belfort, Bernard Madoff, Zeek Rewards, OSGold, PIPS... 3. Assumption that nigerian scam is driven by nigerian poeple is plain wrong. 4. Every crime group is clever enough to hire some native speaker to edit some short message without errors and dumb mistakes. 5. Nigerian scam is common name for some type of trick and does not necessarily mean anything related to Nigeria. In Poland we have scam mails from "US Army soldier", usually from some base in Iraq or Germany. And there are more scam topics. 6. Most scam emails are in native language of recipient. So, in Poland we have emails in polish, nevermind how the "US Army Soldier" learnt this language (usually because of polish roots). And phony nigerian minister studied in Poland, which sound reasonable, because we have many students from Africa and Middle East (and Latin America). -- Radoslaw Skorupka Lodz, Poland W dniu 22.09.2020 o 01:04, Bob Bridges pisze: -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Monday, September 21, 2020 17:08 JR> The idea of deliberately dumbing down language in spam is preposterous. First of all I don't understand the purported logic of it. BB> Radoslaw's logic seemed clear to me, but when I set out to spell it out for you, I began to wonder whether I'd mistaken it. He wrote "a method to filter out bright people and leave only the fools", which I interpreted this way: Intelligent people (according to Radoslaw) are less likely to produce profit for the scammer, in the long run. If the scam is written badly, an intelligent person is more likely to throw it out, and thus less likely to waste the scammer's time with replies that will in the end lead nowhere. Fools, meanwhile, will not notice (or notice less) the atrocious writing, and thus be more likely to proceed. I'll leave it to him to say whether I read him correctly. But ~if~ that is indeed the scammer's motive for writing badly, I think the scammer isn't thinking very clearly. The next part of your comment I think is just a confusion about who said what. I said Nigerians are mostly capable of better English than I see in "Nigerian old ministers' " emails, but that's just a side comment, not part of Radoslaw's reasoning. JR> More important, while English is an official language in Nigeria, it is no one's mother tongue. It's learned, mostly in school, to whatever proficiency the learner can achieve. The average spammer has probably never stepped inside university. Even secondary school certification is improbable. Add to that the 'dialectical' difference between Nigerian and American English makes it unlikely that the most fluent spammer could write something of undetectable of origin. BB> I don't buy that last part. I have no idea how many spammers have been to University, or secondary school, but they can't ~all~ be illiterate and therefore it's not unlikely - just the reverse - that some of them will be able to compose a grammatically correct email. No one said anything about "undetectable"; for verisimilitude you'd want ~some~ degree of "foreign-ness". --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* ...in your bedchamber do not curse a king, and in your sleeping rooms do not curse a rich man, for a bird of the heavens will carry the sound, and the winged creature will make the matter known. -Ecclesiastes 10:20 */ -Original Message- From: IBM Mainframe Discussion List On Behalf Of Bob Bridges Sent: Monday, September 21, 2020 10:19 AM Interesting hypothesis. I always supposed that they were badly written either because a) scammers don't care (which is perhaps another way of saying they're illiterate, or b) these Nigerian-oil-minister scams actually are written by foreigners whose English is bad - not, perhaps, by actual Nigerians, whose English is usually better than that - or c) they want to ~appear~ to be written by Nigerians. It never occurred to me that it might be an anti-intelligence filter. But then, I take it as an article of faith that it's not intelligence that'll save you from being scammed. It's not the smart people who fall for "I want you to handle my money for me"; it's the greedy ones. And greedy people are foolish, but they're not necessarily stupid. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent:
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
FWIW (a) Begin by assuming that *all* received emails are spam/scam (and define this as the bottom line catch-all message filter) *unless* a higher up message filter recognizes both the sender(s)'s and the 'to' recipient's addresses as valid. (b) The sender's original email address can be found towards the end in the message headers, as in the "received from ... for ..." message header line. (c) Spam/scam emails can be sent to https://www.spamcop.net/mcgi?action=loginform for verification, if need be. The 'trick' to get around spammers/scammers is to use message filters, with the bottom line catch-all filter saying something like "if the subject does not contain *and* the sender is not @ then save the email in the trash/delete folder" - which then ensures that the email is never saved in the "Inbox" folder. A more skilful 'trick' is to have many different email IDs and give out a different email ID to every company, individual etc. (and keep a record of which email ID was given to whom) - so that, if a spammer or scammer gets hold of it, it can be deleted and a replacement new email ID can be created ... and then also determine from whom the spammer/scammer harvested the old and now deleted email ID. That kills off spammers and scammers, because any further emails sent to the old email ID just bounce as "undeliverable" and they cannot guess what the new email ID is. But that requires owning one or more domain names and being able to create/delete email IDs associated with it/them. (I have/use more than 200 email IDs across more than 30 domain names.) HTH. Cheers, Chris Poncelet (retired sysprog) On 22/09/2020 00:04, Bob Bridges wrote: > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Jesse 1 Robinson > Sent: Monday, September 21, 2020 17:08 > > JR> The idea of deliberately dumbing down language in spam is preposterous. > First of all I don't understand the purported logic of it. > > BB> Radoslaw's logic seemed clear to me, but when I set out to spell it out > for you, I began to wonder whether I'd mistaken it. He wrote "a method to > filter out bright people and leave only the fools", which I interpreted this > way: Intelligent people (according to Radoslaw) are less likely to produce > profit for the scammer, in the long run. If the scam is written badly, an > intelligent person is more likely to throw it out, and thus less likely to > waste the scammer's time with replies that will in the end lead nowhere. > Fools, meanwhile, will not notice (or notice less) the atrocious writing, and > thus be more likely to proceed. > > I'll leave it to him to say whether I read him correctly. But ~if~ that is > indeed the scammer's motive for writing badly, I think the scammer isn't > thinking very clearly. > > The next part of your comment I think is just a confusion about who said > what. I said Nigerians are mostly capable of better English than I see in > "Nigerian old ministers' " emails, but that's just a side comment, not part > of Radoslaw's reasoning. > > JR> More important, while English is an official language in Nigeria, it is > no one's mother tongue. It's learned, mostly in school, to whatever > proficiency the learner can achieve. The average spammer has probably never > stepped inside university. Even secondary school certification is improbable. > Add to that the 'dialectical' difference between Nigerian and American > English makes it unlikely that the most fluent spammer could write something > of undetectable of origin. > > BB> I don't buy that last part. I have no idea how many spammers have been > to University, or secondary school, but they can't ~all~ be illiterate and > therefore it's not unlikely - just the reverse - that some of them will be > able to compose a grammatically correct email. No one said anything about > "undetectable"; for verisimilitude you'd want ~some~ degree of "foreign-ness". > > --- > Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 > > /* ...in your bedchamber do not curse a king, and in your sleeping rooms do > not curse a rich man, for a bird of the heavens will carry the sound, and the > winged creature will make the matter known. -Ecclesiastes 10:20 */ > > -Original Message- > From: IBM Mainframe Discussion List On Behalf Of > Bob Bridges > Sent: Monday, September 21, 2020 10:19 AM > > Interesting hypothesis. I always supposed that they were badly written > either because a) scammers don't care (which is perhaps another way of saying > they're illiterate, or b) these Nigerian-oil-minister scams actually are > written by foreigners whose English is bad - not, perhaps, by actual > Nigerians, whose English is usually better than that - or c) they want to > ~appear~ to be written by Nigerians. It never occurred to me that it might > be an anti-intelligence filter. > > But then, I take it as an article of faith that it's not
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
-Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Monday, September 21, 2020 17:08 JR> The idea of deliberately dumbing down language in spam is preposterous. First of all I don't understand the purported logic of it. BB> Radoslaw's logic seemed clear to me, but when I set out to spell it out for you, I began to wonder whether I'd mistaken it. He wrote "a method to filter out bright people and leave only the fools", which I interpreted this way: Intelligent people (according to Radoslaw) are less likely to produce profit for the scammer, in the long run. If the scam is written badly, an intelligent person is more likely to throw it out, and thus less likely to waste the scammer's time with replies that will in the end lead nowhere. Fools, meanwhile, will not notice (or notice less) the atrocious writing, and thus be more likely to proceed. I'll leave it to him to say whether I read him correctly. But ~if~ that is indeed the scammer's motive for writing badly, I think the scammer isn't thinking very clearly. The next part of your comment I think is just a confusion about who said what. I said Nigerians are mostly capable of better English than I see in "Nigerian old ministers' " emails, but that's just a side comment, not part of Radoslaw's reasoning. JR> More important, while English is an official language in Nigeria, it is no one's mother tongue. It's learned, mostly in school, to whatever proficiency the learner can achieve. The average spammer has probably never stepped inside university. Even secondary school certification is improbable. Add to that the 'dialectical' difference between Nigerian and American English makes it unlikely that the most fluent spammer could write something of undetectable of origin. BB> I don't buy that last part. I have no idea how many spammers have been to University, or secondary school, but they can't ~all~ be illiterate and therefore it's not unlikely - just the reverse - that some of them will be able to compose a grammatically correct email. No one said anything about "undetectable"; for verisimilitude you'd want ~some~ degree of "foreign-ness". --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* ...in your bedchamber do not curse a king, and in your sleeping rooms do not curse a rich man, for a bird of the heavens will carry the sound, and the winged creature will make the matter known. -Ecclesiastes 10:20 */ -Original Message- From: IBM Mainframe Discussion List On Behalf Of Bob Bridges Sent: Monday, September 21, 2020 10:19 AM Interesting hypothesis. I always supposed that they were badly written either because a) scammers don't care (which is perhaps another way of saying they're illiterate, or b) these Nigerian-oil-minister scams actually are written by foreigners whose English is bad - not, perhaps, by actual Nigerians, whose English is usually better than that - or c) they want to ~appear~ to be written by Nigerians. It never occurred to me that it might be an anti-intelligence filter. But then, I take it as an article of faith that it's not intelligence that'll save you from being scammed. It's not the smart people who fall for "I want you to handle my money for me"; it's the greedy ones. And greedy people are foolish, but they're not necessarily stupid. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent: Monday, September 21, 2020 10:00 3. Puzzle: why Nigerian scam emails are so horribly written? I mean a lot of language mistakes. The answer is this is intentional. This is a method to filter out bright people and leave only the fools. Only fool people are good candidates to further steps of scam, which are expensive because that require manwork. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
On Mon, Sep 21, 2020 at 09:08:22PM +, Jesse 1 Robinson wrote: > The idea of deliberately dumbing down language in spam is > preposterous. First of all I don't understand the purported logic of > it. More important, while English is an official language in > Nigeria, it is no one's mother tongue. It's learned, mostly in > school, to whatever proficiency the learner can achieve. The average > spammer has probably never stepped inside university. Even secondary > school certification is improbable. Add to that the 'dialectical' > difference between Nigerian and American English makes it unlikely > that the most fluent spammer could write something of undetectable > of origin. > > Let's get real. The reality is, a spammer from poor country has access to a computer, internet and list of addresses. If he was wise enough to jump this many hops... he may also be a reasonably good chess player. Good enough to improve his game over time. -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_r...@bigfoot.com ** -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
The idea of deliberately dumbing down language in spam is preposterous. First of all I don't understand the purported logic of it. More important, while English is an official language in Nigeria, it is no one's mother tongue. It's learned, mostly in school, to whatever proficiency the learner can achieve. The average spammer has probably never stepped inside university. Even secondary school certification is improbable. Add to that the 'dialectical' difference between Nigerian and American English makes it unlikely that the most fluent spammer could write something of undetectable of origin. Let's get real. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -Original Message- From: IBM Mainframe Discussion List On Behalf Of Bob Bridges Sent: Monday, September 21, 2020 10:19 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment CAUTION EXTERNAL EMAIL Interesting hypothesis. I always supposed that they were badly written either because a) scammers don't care (which is perhaps another way of saying they're illiterate, or b) these Nigerian-oil-minister scams actually are written by foreigners whose English is bad - not, perhaps, by actual Nigerians, whose English is usually better than that - or c) they want to ~appear~ to be written by Nigerians. It never occurred to me that it might be an anti-intelligence filter. But then, I take it as an article of faith that it's not intelligence that'll save you from being scammed. It's not the smart people who fall for "I want you to handle my money for me"; it's the greedy ones. And greedy people are foolish, but they're not necessarily stupid. --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* War is God's way of teaching Americans geography. -Ambrose Bierce */ -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent: Monday, September 21, 2020 10:00 3. Puzzle: why Nigerian scam emails are so horribly written? I mean a lot of language mistakes. The answer is this is intentional. This is a method to filter out bright people and leave only the fools. Only fool people are good candidates to further steps of scam, which are expensive because that require manwork. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
On Mon, Sep 21, 2020 at 04:00:04PM +0200, R.S. wrote: [...] > But seriously: > 1. Anyone can put any name in the "sender" field. There are even > free web services for kiddies who want to be "hackers". However > hacked (hijacked) email account means access to address database. I > do not expect any email from Tony, however Tony's customer or his > brother will not be surprised by email from Tony. ... and will probably not feel any need to look under the hood, or know there is a hood to look under. I wonder, how many people out there know there is such thing as email headers? How many click to view, more than once a week? Every few days? Once a day? Well, I do not click, I have a key for this. > 2. Attachments can be dangerous ...or not. It strongly depend on > what do you do with the attachment and if you are using Windows or > not. For non-Windows OS (read: Linux) vast majority of malware will > not work. Very popular malicious PDF attachments are not malicious > when opened by some freeware viewers. For doubtful cases one may use > isolated virtual machine and delete/refresh it just after use. Of > course the simplest method is to delete it. I am afraid it is only a matter of time. Linux is changing in certain direction and at the same time gaining more users. Besides, I suspect majority is using webmail, thus they are exposing themselves to clever html hacks, regardless of OS. I have been, for years, maybe for more than a decade, switching off font loading in a browser. Only one, maybe three fonts allowed in browser, all installed and loaded from disk. I routinely use browser which cannot do Javascript and can have loading of CSS disabled, by design (dillo). When I have to use firefox, I block all Javascript by default (well, I suspect, not really, but close), and unlock only so much so I can view the page - one lock after another, until it loads. It takes few tens seconds, would be faster if page can load with JS disabled. But quite often I decide that "scre wit" and close tab before I go too far. Thanks to my interests, I do not depend on websites which cannot load in dillo. And I do not webmail. But the 99 percent are just sitting ducks. They are free meal for kraxors, digging coinbits in users' browsers and maybe doing even more funny things. How many people out there actually look at their cpu load more often than once per hour, noticing if the browser is moving too much? But they do not care. And I have so many interesting books to read... > 3. Puzzle: why Nigerian scam emails are so horribly written? I mean > a lot of language mistakes. The answer is this is intentional. This > is a method to filter out bright people and leave only the fools. > Only fool people are good candidates to further steps of scam, which > are expensive because that require manwork. > Conclusion: answering to every scam by clever volunteers would blow > up this trick. Hackers would be unable to manually cheat everyone, > with only very small percentage of potential victims. ;-) I am afraid the ratio of clever volunteers to idiots is too small. Idiots have already bent the internet to their wishes, disregarding possible harm that can be done to them, because "*I* have to shine". When millions of buffalos are running to the cliff, the only clever thing one can do is run off their way. Just MHO... -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_r...@bigfoot.com ** -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
Interesting hypothesis. I always supposed that they were badly written either because a) scammers don't care (which is perhaps another way of saying they're illiterate, or b) these Nigerian-oil-minister scams actually are written by foreigners whose English is bad - not, perhaps, by actual Nigerians, whose English is usually better than that - or c) they want to ~appear~ to be written by Nigerians. It never occurred to me that it might be an anti-intelligence filter. But then, I take it as an article of faith that it's not intelligence that'll save you from being scammed. It's not the smart people who fall for "I want you to handle my money for me"; it's the greedy ones. And greedy people are foolish, but they're not necessarily stupid. --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* War is God's way of teaching Americans geography. -Ambrose Bierce */ -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent: Monday, September 21, 2020 10:00 3. Puzzle: why Nigerian scam emails are so horribly written? I mean a lot of language mistakes. The answer is this is intentional. This is a method to filter out bright people and leave only the fools. Only fool people are good candidates to further steps of scam, which are expensive because that require manwork. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
W dniu 20.09.2020 o 17:00, Tony Brown pisze: Please be advised: My email account was hacked while I was on vacation last week. Generated from my email address were two variations of emails with subjects of "Proof of Payment" or "Receipt of Payment" each containing an "html" attachment. If you receive either of these emails, please delete without opening the attachment. Apparently, there are a number of variations of this "hack" being circulated with some type of reference to "payment" and/or "invoice"; please be cautious with any similar emails that you receive. Regards, Tony -- Tony Brown Software Development Dino-Software Corporation How can we believe the message sent by unknown person? Note: this email account was hacked, so there is no warranty who is the sender. But seriously: 1. Anyone can put any name in the "sender" field. There are even free web services for kiddies who want to be "hackers". However hacked (hijacked) email account means access to address database. I do not expect any email from Tony, however Tony's customer or his brother will not be surprised by email from Tony. 2. Attachments can be dangerous ...or not. It strongly depend on what do you do with the attachment and if you are using Windows or not. For non-Windows OS (read: Linux) vast majority of malware will not work. Very popular malicious PDF attachments are not malicious when opened by some freeware viewers. For doubtful cases one may use isolated virtual machine and delete/refresh it just after use. Of course the simplest method is to delete it. 3. Puzzle: why Nigerian scam emails are so horribly written? I mean a lot of language mistakes. The answer is this is intentional. This is a method to filter out bright people and leave only the fools. Only fool people are good candidates to further steps of scam, which are expensive because that require manwork. Conclusion: answering to every scam by clever volunteers would blow up this trick. Hackers would be unable to manually cheat everyone, with only very small percentage of potential victims. ;-) -- Radoslaw Skorupka Lodz, Poland == Jeśli nie jesteś adresatem tej wiadomości: - powiadom nas o tym w mailu zwrotnym (dziękujemy!), - usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś na dysku). Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza) tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać karze. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 025237, NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na 01.01.2020 r. wynosi 169.401.468 złotych. If you are not the addressee of this message: - let us know by replying to this e-mail (thank you!), - delete this message permanently (including all the copies which you have printed out or saved). This message may contain legally protected information, which may be used exclusively by the addressee.Please be reminded that anyone who disseminates (copies, distributes) this message or takes any similar action, violates the law and may be penalised. mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950 Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register, KRS 025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN 169.401.468 as at 1 January 2020. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
My first thought is "you can telephone if you want, but email's ok too. But if you email, send a ~fresh~ email, addressing it from your own address book". Don't use the Reply function, because the spoofer can set the reply-to option. I once got a plea for emergency funds from an aunt, supposedly vacationing in Portugal and needing money for a friend's operation there. Unlike so many spoofs, this one was fairly literate. I didn't really believe it, though, because it lacked the personal endearments I would have expected from her, and (always a solid clue) the text included no dates. I almost replied, asking "is this you?". Instead I started a fresh email, and only then noticed that it came not from auntco...@aol.com but auntca...@aol.com - a single transposed pair of letters that I didn't notice at first glance. (That's not the actual address, but done like that.) I guess if there's a real fear that the friend's account has been hijacked, an email to that account may not prove anything. ("Nobody here but us chickens!") But in many cases, as others here have pointed out, the account wasn't hijacked, it was merely spoofed. --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* I much prefer life under the U.S. Government to life under the brutal Chinese regime, because many of our freedoms have, after all, survived the U.S. Government's efforts to whittle them away. But this is not to say that we owe those freedoms to our government -Joseph Sobran, 2001-04-03 */ -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Charles Mills Sent: Sunday, September 20, 2020 14:13 The general rule is "don't open attachments that you were not expecting." If in doubt, telephone -- do not e-mail -- the sender and ask if he or she actually sent it. -Original Message- From: Tony Brown Sent: Sunday, September 20, 2020 8:00 AM Please be advised: My email account was hacked while I was on vacation last week. Generated from my email address were two variations of emails with subjects of "Proof of Payment" or "Receipt of Payment" each containing an "html" attachment. If you receive either of these emails, please delete without opening the attachment. Apparently, there are a number of variations of this "hack" being circulated with some type of reference to "payment" and/or "invoice"; please be cautious with any similar emails that you receive. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
On Mon, 21 Sep 2020 00:39:21 +, Seymour J Metz wrote: >Maybe, but it is more likely that someone is just putting your name and >address in the header. > LISTSERVs are a treasure trove. IIRC someone once masquerading as an IBM-MAIN subscriber sent a Spanish Prisoner message to other subscribers. Mere human engineering; no attachments necessary. From: IBM Mainframe Discussion List on behalf of Tony Brown Sent: Sunday, September 20, 2020 11:00 AM My email account was hacked while I was on vacation last week. Generated from my email address were two variations of emails with subjects of "Proof of Payment" or "Receipt of Payment" each containing an "html" attachment. If you receive either of these emails, please delete without opening the attachment. Apparently, there are a number of variations of this "hack" being circulated with some type of reference to "payment" and/or "invoice"; please be cautious with any similar emails that you receive. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
Maybe, but it is more likely that someone is just putting your name and address in the header. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Tony Brown Sent: Sunday, September 20, 2020 11:00 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Please be advised: My email account was hacked while I was on vacation last week. Generated from my email address were two variations of emails with subjects of "Proof of Payment" or "Receipt of Payment" each containing an "html" attachment. If you receive either of these emails, please delete without opening the attachment. Apparently, there are a number of variations of this "hack" being circulated with some type of reference to "payment" and/or "invoice"; please be cautious with any similar emails that you receive. Regards, Tony -- Tony Brown Software Development Dino-Software Corporation -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
The general rule is to look at the Received header fields to see where it really came from. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 From: IBM Mainframe Discussion List on behalf of Charles Mills Sent: Sunday, September 20, 2020 2:12 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment The general rule is "don't open attachments that you were not expecting." If in doubt, telephone -- do not e-mail -- the sender and ask if he or she actually sent it. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tony Brown Sent: Sunday, September 20, 2020 8:00 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Please be advised: My email account was hacked while I was on vacation last week. Generated from my email address were two variations of emails with subjects of "Proof of Payment" or "Receipt of Payment" each containing an "html" attachment. If you receive either of these emails, please delete without opening the attachment. Apparently, there are a number of variations of this "hack" being circulated with some type of reference to "payment" and/or "invoice"; please be cautious with any similar emails that you receive. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
The from address on an e-mail is exactly like the return address on an envelope. It may in fact bear no relation to the actual origin of the e-mail. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Thompson Sent: Sunday, September 20, 2020 2:23 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Your account does not have to be “Hacked” to send emails that are made to look like your account was used to send them. >From time to time, based on what you said, I have sent extortion/blackmail >emails to myself -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
Your account does not have to be “Hacked” to send emails that are made to look like your account was used to send them. From time to time, based on what you said, I have sent extortion/blackmail emails to myself Checking the headers, and tracking the ip addresses... I’ve been traveling the globe and didn’t realize it. Sent from my iPhone — small keyboarf, fat fungrs, stupd spell manglr. Expct mistaks > On Sep 20, 2020, at 11:00 AM, Tony Brown wrote: > > Please be advised: > > My email account was hacked while I was on vacation last week. Generated > from my email address were two variations of emails with subjects of "Proof > of Payment" or "Receipt of Payment" each containing an "html" attachment. If > you receive either of these emails, please delete without opening the > attachment. > > Apparently, there are a number of variations of this "hack" being circulated > with some type of reference to "payment" and/or "invoice"; please be cautious > with any similar emails that you receive. > > Regards, > > Tony > -- > Tony Brown > Software Development > Dino-Software Corporation > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
This sort of hack seems to have increased during the C-19 pandemic because people who are staying home a lot order more and more stuff online, making phony 'acknowledgments' harder to catch. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -Original Message- From: IBM Mainframe Discussion List On Behalf Of Charles Mills Sent: Sunday, September 20, 2020 11:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment CAUTION EXTERNAL EMAIL The general rule is "don't open attachments that you were not expecting." If in doubt, telephone -- do not e-mail -- the sender and ask if he or she actually sent it. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tony Brown Sent: Sunday, September 20, 2020 8:00 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Please be advised: My email account was hacked while I was on vacation last week. Generated from my email address were two variations of emails with subjects of "Proof of Payment" or "Receipt of Payment" each containing an "html" attachment. If you receive either of these emails, please delete without opening the attachment. Apparently, there are a number of variations of this "hack" being circulated with some type of reference to "payment" and/or "invoice"; please be cautious with any similar emails that you receive. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment
The general rule is "don't open attachments that you were not expecting." If in doubt, telephone -- do not e-mail -- the sender and ask if he or she actually sent it. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tony Brown Sent: Sunday, September 20, 2020 8:00 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Caution: "Hacked" email caused the distribution of a potentially harmful attachment Please be advised: My email account was hacked while I was on vacation last week. Generated from my email address were two variations of emails with subjects of "Proof of Payment" or "Receipt of Payment" each containing an "html" attachment. If you receive either of these emails, please delete without opening the attachment. Apparently, there are a number of variations of this "hack" being circulated with some type of reference to "payment" and/or "invoice"; please be cautious with any similar emails that you receive. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN