Are links to a Zoom meeting at possible risk of being altered? This thought came to me recently. I had received an email 10 days ago from an old friend about the passing of his wife (not unexpected). It was followed by an email 5 days ago with a Zoom link to watch the ceremony. Both these emails in my inbox had his email address (name@bigpond.com) as the sender and were confirmed as genuine. I then received an obviously suspicious email at 4.34am three days ago. My inbox had my friend’s name but without his email address as the sender, and the email had a bizarre long address ending in ‘ro’. The email was:-
Re: pics ‘name of my friend’
Begin forwarded message:
As far as I understand you should know these 2 guys - in the pics here: (followed by a link)
My friend knew nothing about this email. He asked 2 of the dozen non-local friends to whom he had sent the zoom link email but they hadn’t received the suspicious email. He also confirmed that the zoom link that I received was the same as the one that had been sent to him by their cafe at which the ceremony was to be held. I have changed my bank and super passwords as per cyber.gov.au’s advice.
Is it apparent how this fake email was sent to me, and should it have been sent to junk?
It is hard to say whether this was a scam, without details and investigation.
It is possible that videoconferencing is organised by the company doing the ceremony and as such the link might not come from your friend but instead from some random company. However I wouldn’t necessarily expect it to come from .ro (Romania).
Just putting it out there … traditionally “death notices” are public. Maybe scammers have cottoned on to the idea that you can take a death notice and cross that with available friend network data in order to send out malicious ceremony links. I’m not saying that this is happening but it is conceivable, and it would be typical of scammers to be taking advantage of the fact that people might be less vigilant if in a vulnerable or harried state at the time of someone’s death.
Email addresses can be forged. So while that is vaguely helpful, you should not rely on it.
Note that the email @tim3 received wasn’t spoofed as coming from the friend’s email address. So the sender didn’t have that email address, and there’s no indication that the friend was compromised.
But they had somehow cross-linked the friend’s name with tim3’s email address.
Maybe names and email addresses in an online condolence book were publicly visible, or that data was compromised? That could link tim3’s friend’s name with the email addresses of the people who signed the book, without necessarily also revealing the friend’s address.
This is the way that I see it too, but bear in mind that I am very much a non-expert in these matters. I have not seen a death notice or condolence book. I am not on Facebook, I am not sure about my friend, but his wife was on it. Maybe this is of relevance?
At the end of the day, it is a bit disconcerting to receive this sort of email. My main concern is whether it subsequently puts me at greater risk than before.
The risk for you is that you cannot trust any email purporting to be from your friend.
Somehow your friend’s data like address book has been accessed and is being used for malicious intent. Just do not click on any links in those emails and you should be safe. Oh, and do not reply.
Create a new email to send to your friend advising what you received.
Thanks for your help Gregr. It could be quite disruptive. We are a group of 4 old friends who arrange the occasional social bridge game every few months by email. Presumably the other 2 guys could be at risk as well. Hopefully, WhatsApp would be a safer option.
Whatsapp is good. Easy to set up a group. Those tech-savvy in my family use it all the time rather than SMS or MMS to communicate amongst friends. We do a video conference at times like xmas because we are in different countries. But that is for smart phones.
Or those of us on Facebook use messenger.
But no reason not to use email. Your group of friends could have a special name, and unless that key name appears in emails in say the subject field, or perhaps in the initial greeting, it is considered bogus. Just a thought.
Fortunately, this wasn’t a factor in my situation. However, an update is that I received a second email with pics to look at, supposedly from my friend, but from a different bizarre email address. My friend also recalled another of his contacts had received a similar email a while back, and probably unwisely, she did click on the link. He has now emailed his contacts with a warning about these scam emails.
You may want to look at putting in some email filtering rules to block stuff coming into your mailbox.
I take the view that the whole world knows my commonly used email address, so I then put rules to ‘vanish’ emails coming in from top level domains that are not what I want to see.
So .biz, .info, .icu, .ru and a number of others just never reach my inbox.
I have no idea how many of these emails are ever sent. Never see them. I do get some obvious spam coming in through hotmail and gmail addresses but can’t do much about that, since many legitimate people use those email systems. Including me.
Thanks Gregr. I may be able to bring it up next term at the iPad group sessions I have been attending at our local U3A. I have stopped being amazed at how much I don’t know. Every week there is something new, much of which is useful.
In the last few days I have received suspect emails from old acquaintances who I have not contacted for ages.
They all come from their legitimate email addresses, none address me by name - it is just “Hi,” The To field is blank. The subject is “Touching Base” or “Catching Up” They all ask me to continue the conversation by email. There may be an excuse, like I’ve got a painful throat infection and can’t talk".
I responded to the first one, wondering what the ex-Mayor who “knows everyone” would want. The reply said “To ask a favor” to which I ask “What can I do for you?” and heard nothing back. The next was similar, but the excuse different. I didn’t reply to any more.
I wondered what is going on here, presumably someone has harvested email addresses and probably trying them out to get a listing of active ones. Anyone else getting this?
A standard approach for hackers is to gather email addresses (from a variety of sources; it’s not difficult to do), then send all of them a generic message just like the ones you’ve seen.
What they’re doing is confirming that the address is valid and active. If you reply, you’re confirming the address is valid. As you found, you don’t get any response.
Those pesky phone calls that hang up the moment you answer are doing exactly the same thing for phone numbers, ie, confirming active ones.
Confirmed emails and phone numbers then go onto lists that they use for their own nefarious purposes (which include selling the lists to other hackers).
That might include associating the email addresses and phone numbers with other personal information they got from somewhere else, creating databases that can be used for targeted phishing attacks, identity theft, and so on.
As a general rule: never reply to an email that comes out of the blue and purports to be from someone you have, or once had, some association with, unless it at least addresses you by name and includes some kind of information that supports their claim to be that person, such as mentioning a shared experience. Be wary if the name they address you by isn’t what someone who does / did know you would have called you when you last had anything to do with them. Eg, full given name rather than your preferred abbreviation / nickname. Or the opposite, if it wasn’t someone you knew well.
Note however that, depending on your mail client setting for “remote content”, the mere act of reading the email may confirm that the address is valid and active. Hence why I have disabled “remote content” by default in my mail client - and hence why I try to block all scam/spam in the mail server before it even hits a mail client.
That’s a bit different and a bit dodgy. Requires closer examination. Usually your mail service provider would filter out any email that is forging the envelope FROM address. So my guess is that the “From:” address may be legitimate but the envelope FROM address will be something completely different.
Sounds to me that spammers / scammers have got hold of not just a list of valid email addresses (not hard to do) but a list of valid email address pairs i.e. a valid destination email address paired with a valid sender email address that might be recognised by the recipient.
I have not been able to determine a common link (other than they were in my email contacts). They come from bigpond, outlook. I chose two quite different, both have been pwnd. Maybe that’s the connection. My address has been pwnd in 2 of the 3 largest data breaches.
The one who I had little email contact with (we are on a local committee and get emailed updates from Govt departments) emailed asking if I could talk via email. I responded, and the email appeared to go to her address, I got a reply saying she couldn’t talk due to a throat infection, but could I do a favor (American spelling?). I replied Yes, what can I do? Heard nothing since. So I am wondering if these email addresses have been hijacked? I did not respond to any others.
Yes, the fact that the apparent senders are known to @zackarii means the hackers have made an association between them somehow.
One method they use is scavenging email addresses from published lists of contacts for various groups / organisations. Eg, the office-holders for a club or P&C association; staff of a school, tertiary institution, research organisation, other public-facing business; elected representatives (federal, state, local); social media - often a rich source of a person’s contacts; and so on.
Not to mention that the association might be made via any of the personal-data breaches that keep happening.
If they got the contact information from online sources like those I mentioned above, they’d be spoofing the sender address. If they’ve compromised the sender’s device and/or email account, they could send the scam emails directly from the person’s mailbox - and they’d have access to their contacts list, so could spam all of the contacts.
There are big Botets out there that can easily be sending emails from genuine addresses, no need for a spoofed address and so can slip through some junk email filtering systems. The more often junk mail is identified by a user and sent to the junk folder of many email programs, educates the system as to what to declare as junk and forward straight to the junk folder without user intervention. Setting up filtering rules is also useful in getting junk and scams out of the normal inbox and they can be sent either to junk or directly to the bin depending on what the assessment filter is set to do. I do recommend that filters should not usually send directly to the bin, but some scam emails are so obvious that they can be directed to the bin without any other intervention.
