Leave a comment

Spam Using Breached Contact List / Address Book

In the past 3 weeks, I have started receiving spam emails using friends’ email as FROM. I notice 3 things about these emails:

  1. They have many contacts from my friends’ address / contact list in the TO list, which means the spammer has or had access at some point to my friends’ email accounts. 
  2. When my friends run up to date Anti-Virus scans on their computers, they find no malware or problems.
  3. The originating IP address is not the user’s account. For example I have this happen to friends whose email accounts are either Yahoo or AOL, but the originating IP address is perhaps in France or as in the case today, from:

Received: from unila.ac.id (unknown [181.29.164.254]) by zimbra.unila.ac.id

Even the emails don’t originate from Yahoo or AOL, I strongly suspect it was their online accounts that were hacked at some point. 

If anyone has heard how these spammers are getting these address books, I’d be interested in knowing what is happening. I do note that one of my friends never sends me email with multiple addresses in the TO list, so I don’t think it was just a case of harvesting. 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: