[AusNOG] Bigpond email abuse
Bradley Amm
brad at bradleyamm.com
Wed Jun 2 20:05:26 EST 2021
And enable MFA
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Phil Memery <memery at clevernetit.com.au>
Sent: Wednesday, June 2, 2021 1:43:12 PM
To: James Williamson <james.williamson at plc.wa.edu.au>
Cc: ausnog at lists.ausnog.net <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Bigpond email abuse
Greetings James (and Others)
Yes I have seen it (I have well and truly deleted the SPAM emails and moved on though).
It was a google hosted domain. From recollection the user changed his access details related to the domain and his email, end of problem. So it seems not to be just a bigpond or Google issue.
A good reminder to "change passwords" and make sure they are of a good secure structure. I am often still amazed out how poor some individuals are about passwords.
Regards, Phil
----- Original Message -----
From: "James Williamson" <james.williamson at plc.wa.edu.au>
To: ausnog at lists.ausnog.net
Sent: Wednesday, 2 June, 2021 3:03:22 PM
Subject: [AusNOG] Bigpond email abuse
Hi All,
We saw an external user a few months ago who had their Bigpond address compromised, and the entire mailbox dumped. Afterwards, they discovered friends and colleagues are receiving replies to years-old threads (although the new message is from a random email address), usually with some sort of phishing link. Now we've seen it again with a second and unrelated Bigpond user.
Has anybody seen anything similar before? I'm not familiar with this breed of spam, and to see two of them from the same host has my curiosity up a bit. Trying to find other cases like this eluded my Google-fu.
[example, redactions mine]
From: Robyn ******* <Robyn*********@anetafons.pl>
Sent: Friday, 21 May 2021 2:32 AM
To: Allison ******* <Allison.******@******.au>
Subject: Re: RE: ********
--EMAIL FROM EXTERNAL ADDRESS, CHECK LINKS & ATTACHMENTS BEFORE CLICKING OR OPENING THEM--
Good afternoon,
It's Robyn *******. Please look at the report and deal with any problems. Here is the document link:
https://1drv.ms/u/s!*******?e=ysj***
password: 5214
On 2018-12-07 15:34, Allison ******** wrote:
Hi Allison
Thanks so much for your time in showing me around **** recently. I was
really impressed with your knowledge of the programs and facilities,
and the ***** in general.
(snip)
[end example]
Cheers,
James
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
--
Phil Memery www.clevernetit.com.au<http://www.clevernetit.com.au> A.B.N: 24 172 081 538
DELL PartnerDirect Registered
www.hillclimbracing.com<http://www.hillclimbracing.com>
+61 (0) 417 315 935
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20210602/ddc9e44f/attachment.html>
More information about the AusNOG
mailing list