[AusNOG] Bigpond email abuse
jett at lumity.com.au
Wed Jun 2 15:36:41 EST 2021
Working in healthcare and I've seen a huge uptick in phishing emails like these, they're frustratingly difficult to filter out.
They follow the general format of a reply, although I do notice they strip the message info block in the top email in the chain, presumably this is so people don't notice the date on the old email thread.
Hosting and Automation Lead
E Jett at LUMITY.com.au
T 1300 LUMITY (1300 586 489)
A PO BOX 4089 | Success, WA 6964
From: AusNOG <ausnog-bounces at lists.ausnog.net> On Behalf Of James Williamson
Sent: 2 June 2021 1:03 PM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] Bigpond email abuse
We saw an external user a few months ago who had their Bigpond address compromised, and the entire mailbox dumped. Afterwards, they discovered friends and colleagues are receiving replies to years-old threads (although the new message is from a random email address), usually with some sort of phishing link. Now we've seen it again with a second and unrelated Bigpond user.
Has anybody seen anything similar before? I'm not familiar with this breed of spam, and to see two of them from the same host has my curiosity up a bit. Trying to find other cases like this eluded my Google-fu.
[example, redactions mine]
From: Robyn ******* <Robynemail@example.com>
Sent: Friday, 21 May 2021 2:32 AM
To: Allison ******* <Allison.******@******.au>
Subject: Re: RE: ********
--EMAIL FROM EXTERNAL ADDRESS, CHECK LINKS & ATTACHMENTS BEFORE CLICKING OR OPENING THEM--
It's Robyn *******. Please look at the report and deal with any problems. Here is the document link:
On 2018-12-07 15:34, Allison ******** wrote:
Thanks so much for your time in showing me around **** recently. I was really impressed with your knowledge of the programs and facilities, and the ***** in general.
AusNOG mailing list
AusNOG at lists.ausnog.net
More information about the AusNOG