Re: [mailop] Bitcoin password ransom email from user at outlook.com
On 2018-07-13 08:53, Mihai Costea wrote: At the other side of the spectrum there are one off mails that go ignored due to the signal to noise ratio of the long tail. There’s tons of folks with weird complains (from “I think Xbox live is too expensive” to suggestions on what billGates should do with his money, conspiracy theories, etc) I realize it would be impossible, but were this feed published I would spend far too much of my life reading through it. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bitcoin password ransom email from user at outlook.com
> On Jul 12, 2018, at 1:20 PM, Michael Rathbun wrote: > > On Thu, 12 Jul 2018 10:41:46 -0400, "Eric Tykwinski" > wrote: > >> Did you submit to ab...@outlook.com? > > Unless something has changed profoundly since I worked there, no human will > likely ever read ab...@microsoft.com or the other domains concerned. I would > be delighted to discover that this is no longer the case. There’s no way that any company concerned about abuse can have every incoming mail to abuse@ read by a human. If you’ll remember, back I worked for you, running abuse@ I had a team of 3 people under me handling the mail. We got maybe 2000-3000 complaints a month, and even at that volume we always had a backlog. This was well before the invention of FBLs, so these were all individual complaints. It was clear to me, even then, that manual abuse@ handling simply didn’t scale. That’s one reason I kept pushing so hard to get some automation in place. Just to compare volumes, a few years after that one of our Abacus customers was handling an incoming 250,000 emails a day. This was back where there were like 2 FBLs, rather than the dozen or so we have now. Using the (poor) staffing levels we were working with that’s (if my math isn’t totally screwed up) over 8000 people handling an abuse desk. These volumes absolutely cannot be handled manually. Not if there is any hope of staying on top of things. You absolutely have to have automation in place to sort, categorize and (ideally) do a lot of the rote lookup work like customer identification, problem highlighting, etc. That’s why Abacus does what it does - to condense down 250,000 complaints into something that’s manageable by a single organization. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bitcoin password ransom email from user at outlook.com
Indeed the abuse@ aliases in ms are inspected by automation and different topics get different treatment. Child porn reports for example do have a goal of being 100% reviewed. Bullying, piracy, brand, domains, phish, lots of topics out there. At the other side of the spectrum there are one off mails that go ignored due to the signal to noise ratio of the long tail. There’s tons of folks with weird complains (from “I think Xbox live is too expensive” to suggestions on what billGates should do with his money, conspiracy theories, etc) Ramsomware accounts close to the real attacker are interesting to our Digital Crime Unit folks here and they are combing through abuse feeds themselves looking for value. Separately there are recent scams where the “pay me to release the data” is not reflecting any actual infection or data hostage situation. These are no different than other spam campaigns and should be reported through fbl channels as Laura suggests. These attacks usually manifest through persistent browser pop ups, I am not sure the email spam path is monetizing well for attackers. Most often burning the sending accounts after the campaign went out does no damage to the attacker (victim can still reply to whatever other email address was specified etc) Please provide more details offline into what kind of attack you see. For the real ransomware threat there’s tons of investments happening across the stack. OS drivers/WinDefender/browsers/telemetry/OneDrive/etc and more for enterprise services/features. Than you Mihai ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bitcoin password ransom email from user at outlook.com
On Thu, 12 Jul 2018 16:28:01 -0400, "Eric Tykwinski" wrote: >I really hope your wrong, since it's in their FAQs. >https://support.office.com/en-us/article/Deal-with-abuse-phishing-or-spoofing-in-Outlook-com-0d882ea5-eedc-4bed-aebc-079ffa1105a3 > >Reporting abuse > >If you're being threatened, call your local law enforcement. > >To report harassment, impersonation, child exploitation, child > pornography, or other illegal activities received via an Outlook.com account, > forward the offending email as an attachment to ab...@outlook.com. Include > any relevant info, such as the number of times you've received messages from > the account and the relationship, if any, between you and the sender. Note, however, that this documents how customers should handle abusive communications received by a customer, not non-customers receiving abusive traffic sent by a customer. We did handle a fair bit of the former, but the reports came from senior execs' telephones ringing, not reports to abuse@. I was in the group that should have received reports of abusive traffic leaving Microsoft's networks. I made myself more than a little unpopular by raising sand about what, from inside the organization, appeared to be a total indifference to ab...@microsoft.com and presumably allied abuse@ accounts. The insistance that there needed to be a knowledgeable Policy Enforcement organization was tut-tutted away. mdr -- "There are no laws here, only agreements." -- Masahiko ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bitcoin password ransom email from user at outlook.com
Keep in mind that "no human will likely ever read..." does not mean that the mailbox is ignored. At this scale abuse handling is automated in one fashion or another. I have no knowledge of what specifically Microsoft is doing. On 2018-07-12 14:28, Eric Tykwinski wrote: I really hope your wrong, since it's in their FAQs. https://support.office.com/en-us/article/Deal-with-abuse-phishing-or-spoofing-in-Outlook-com-0d882ea5-eedc-4bed-aebc-079ffa1105a3 Reporting abuse If you're being threatened, call your local law enforcement. To report harassment, impersonation, child exploitation, child pornography, or other illegal activities received via an Outlook.com account, forward the offending email as an attachment to ab...@outlook.com. Include any relevant info, such as the number of times you've received messages from the account and the relationship, if any, between you and the sender. I never rely on just emailing standards since I've noticed more and more form submittals, so I usually search first. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bitcoin password ransom email from user at outlook.com
I really hope your wrong, since it's in their FAQs. https://support.office.com/en-us/article/Deal-with-abuse-phishing-or-spoofing-in-Outlook-com-0d882ea5-eedc-4bed-aebc-079ffa1105a3 Reporting abuse If you're being threatened, call your local law enforcement. To report harassment, impersonation, child exploitation, child pornography, or other illegal activities received via an Outlook.com account, forward the offending email as an attachment to ab...@outlook.com. Include any relevant info, such as the number of times you've received messages from the account and the relationship, if any, between you and the sender. I never rely on just emailing standards since I've noticed more and more form submittals, so I usually search first. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 > -Original Message- > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael > Rathbun > Sent: Thursday, July 12, 2018 4:21 PM > To: mailop@mailop.org > Subject: Re: [mailop] Bitcoin password ransom email from user at outlook.com > > On Thu, 12 Jul 2018 10:41:46 -0400, "Eric Tykwinski" > wrote: > > >Did you submit to ab...@outlook.com? > > Unless something has changed profoundly since I worked there, no human > will > likely ever read ab...@microsoft.com or the other domains concerned. I > would > be delighted to discover that this is no longer the case. > > At this moment, Michael Wise is on holiday in Uganda, so Monday would be > the > earliest he might respond. > > mdr > -- > "The fact of being reported multiplies the apparent extent of any > deplorable development by five- to tenfold" > -- Tuchman's Law > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bitcoin password ransom email from user at outlook.com
On Thu, 12 Jul 2018 10:41:46 -0400, "Eric Tykwinski" wrote: >Did you submit to ab...@outlook.com? Unless something has changed profoundly since I worked there, no human will likely ever read ab...@microsoft.com or the other domains concerned. I would be delighted to discover that this is no longer the case. At this moment, Michael Wise is on holiday in Uganda, so Monday would be the earliest he might respond. mdr -- "The fact of being reported multiplies the apparent extent of any deplorable development by five- to tenfold" -- Tuchman's Law ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bitcoin password ransom email from user at outlook.com
On 07/12/2018 08:41 AM, Eric Tykwinski wrote: We received a password ransom email requesting payment via bitcoin from an outlook.com user. Is there someone from outlook.com that I can contact off list. Did you submit to ab...@outlook.com? You should get an automated response, but no ticket number. I just sent in two of the exact same thing, so I think it's something going around. https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/ -- Raymond Burkholder r...@oneunified.net https://blog.raymond.burkholder.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bitcoin password ransom email from user at outlook.com
> On Jul 11, 2018, at 8:26 PM, Geoff Mulligan wrote: > > We received a password ransom email requesting payment via bitcoin from an > outlook.com user. > > Is there someone from outlook.com that I can contact off list. Michael Wise posts here regularly with his MS address, he might be able to point you in the right direction or pass things on internally. There’s at least one other MS employee who does as well. You can search the list archives for @microsoft.com addresses and see. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bitcoin password ransom email from user at outlook.com
Geoff, may I forward this to our contact at Microsoft? Dictated on my phone, apologies for any tupos. > On Jul 11, 2018, at 9:26 PM, Geoff Mulligan wrote: > > We received a password ransom email requesting payment via bitcoin from an > outlook.com user. > > Is there someone from outlook.com that I can contact off list. > > Thanks, > Geoff > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop