Spam, Junk Mail, Email Scams, Phishing, etc issues

< SHIFT > Delete does the job in Thunderbird.

I’ve been getting a marked increase in spam and phishing emails. Setting a client-side rule or marking the emails as junk wasn’t terribly helpful because:

• The rule was unique to one device only, so I’d have to flag it separately across all devices (PC, mobile, tablet).
• The mobile email app doesn’t have provision for configuring a rule - only for flagging an email as spam. This seems to operate on a consistent sender property existing across multiple instances of spam. I notice some of these spam emails are omitting the sender property (or possibly including special characters) and so successive spams from the same source weren’t being automatically moved to the junk mailbox.

To tackle this, I first subscribed to an email filtering application that has provision for centralising filtering rules across multiple platforms. It has a client-side application that is installed on each device, then the rules are stored on a central server allied on one’s account. Unfortunately, there’s a defect with the current version of the application and I was unable to connect to the server-side account from the application. The company’s IT help desk acknowledged the defect but didn’t have an ETA on a fix so I abandoned the option of a separate email filtering application.

I then moved to Microsoft’s MS Exchange service: “Outlook Live” which is freely available (possibly only free with my MS 365 licence). With MS Exchange, one links one’s email account(s) to MS Exchange then the local clients on all devices connect to the exchange server to retrieve emails. My mobile is using Android and the other devices using Windows. This has been working quite well and I’ll stick with it due to the benefits but has not been an entirely fulsome experience.

The positives:

• My contacts, calendar and email inbox and sent box are automatically synchronised across all devices so I no longer need to manually sync content to my mobile phone. Previously, I was using Samsung’s SmartSwitch, which was buggy. One problem with SmartSwitch was that it didn’t operate out-of-the-box on a 64-bit operating system (fixed by separately downloading the appropriate Microsoft redistributable package) and also didn’t cope with older calendar entries inherited from previous versions of Outlook. For those older calendar entries, SmartSwitch spawned huge numbers of duplicated entries in my calendar. The calendar still worked fine, but these duplicates slowed down the sync cycle significantly. But I digress. This automatic synching with MS Exchange is a huge bonus, particularly with contacts and calendar commitments. I have automatic visibility of this content across all devices. Meeting notifications also automatically trigger on all devices so having this seamlessly propagate is marvellous!
• I can set server-side filtering rules on MS Exchange and the functionality is quite rich (i.e. not just blocking senders - which can easily be changed by spammers from one email to the next). I’m living dangerously and set the rule to automatically delete these emails, rather than just moving them to the junk folder, when particular patterns are identified in the emails. Being deleted on the server side, they don’t hit my client-side inboxes.
• If I manually delete or move an email on one device, that change is automatically reflected across all devices using the same MS Exchange mailbox. Again, that’s fabulous. I receive emails with security camera photos when my security cameras are triggered so it’s a quick process to scan the images and delete the email on one device and that deletion is automatically propagated. Fabulous!
• The Outlook.Live web interface is fairly intuitive and it’s easy to use and manage the inbox online if one so desires.

The negatives:

• The Outlook.Live MS Exchange service doesn’t appear to have any provision for automatically deleting fetched emails from the source mailbox (i.e. from one’s internet provider) when those emails are deleted from MS Exchange. I believe my provider has a limit to the number of emails it will host on the server so I’ve been routinely clearing content from that mailbox to avoid a scenario where legitimate senders receive a “mailbox full” error when sending me an email. I can’t confidently make any assertions about this potential issue as I’ve been housekeeping the source mailbox but it would be preferable for the Exchange server to include an option to automatically remove deleted content from the source mailbox.
• There’s a lag on the Outlook.Live sync function. When I was originally configuring the linked account, it wasn’t synching to my client mailbox so I kept trying different configurations. I eventually realised all I had to do was wait 15 minutes or so until the synch kicked in and it worked.
• On one occasion, the sync function did not work for approx 24 hours. I can still access my source mailbox online and through other apps so it wasn’t a major problem but this suggests that Microsoft has not worked out the kinks in Outlook.Live.
• Any filtering rules that I set at the Outlook client-side are exclusive to that client so it’s better to set these rules on the server side so unwanted emails are filtered before they hit the client inbox.

All in all, using MS Exchange has offered me more benefits than disadvantages so I’ll be sticking with it. It took me a few hours initially to get my head around the concept of Outlook.Live, getting the server-side configuration working and doing the client-side configuration across all devices (on Android, I’m using the Microsoft Outlook app).

I have two gmail accounts and they do an excellent job of putting spam automatically in the spam folder, occasionally along with legitimate emails. So I always check my spam folder and delete true spam daily.
One of my accounts (the newer one which I have still had for some years), I’ve only ever had one or two spam emails, whereas the other account which I’ve had for 13 years gets a steady stream. I put this down to it being the email address that was among those stolen through hacked accounts such as Adobe some years ago. Unfortunately, nothing I can do about that - so just continue my vigilance.

My ISP (Internode) holds suspect emails on the server or deletes them automatically according to a set of criteria I’ve nominated via my user account on its website (e.g an email address or part thereof, subject or certain keywords), which cuts down the number that make it through to my computer significantly. An email report every couple of days lets me know what’s been held and what’s been ‘vanished’ so I can check nothing legitimate has been wrongly caught up. Mind you, I do miss the entertainment at times - like the ‘Coles’ voucher I’d won that could be spent at my local ‘Woolworhts’ (sic) store!

Recently I had problems down loading emails and contacted Telstra. To cut a long story, according to the Telstra tech, Telstra upgrades are blocking emails from going to VPN users. It seems to me that Telstra wants to know the address your email client uses. Maybe it’s something to do with the government’s data retention intrusion?

I set up my VPN to allow a tunnel for my email client (Thunderbird).

Has anyone else run into this problem?

Is this from your Telstra email address? or just as Telstra as your ISP?

Purely as an ISP I think it would be hard for them to tackle traffic they can’t detect as emails, downloads etc. However as an email service I am sure they could implement some process just as streaming services have done to support geo-blocking that identifies known VPN portals. Some VPNs try to use changing addresses to thwart this but as the streaming services locate the new portals they add them to their lists. To perhaps avoid this issue you may wish to cease using your Telstra address for most of your emails (if not doing so already) and any that do land there have another service eg Gmail, Live retrieve those emails for you or have them forwarded (if Telstra client supports this) to the other email service.

https://support.google.com/mail/answer/6304825?co=GENIE.Platform%3DDesktop&hl=en

I wonder if this has been done to try and reduce number of Telstra email accounts being hacked, particularly when it may lead to spam generation from such accounts or even identity theft.

It might be like the banks transaction monitoring to try and detect fraudlent behaviour. If one has a static IP (which is unlikely when using a VPN), Telstra could whitelist this IP.

It is my email account.

I have a Macbook Air but still receive heaps of scams/spams (because I use Outlook mail I guess) - mostly ending up in my Junk box. I had a routine of going to webmail and “blocking” the sender before deleting the email. Unbelievably I got to 1000 blocked senders when Telstra advised I had reached my limit and could not continue blocking (unless I deleted some of the previous ones and blocked domain names instread of senders’ names -unfortunately it’s not very clever to block @gmail.com or the like or I’d lose a heap of genuine senders).In this day and age, it seems unfair to have “a limit of 1000 blocked senders” - but that’s Telstra.

Blocking senders often doesn’t work as many spam emails are spoofed or result from hacked accounts/email servers. The spammers create/use new email addresses to get around email filter blacklists.

It is better to set up filters with key words as outlined by @grahroll in an earlier post. It is worth reading the subject of some of the spam emails as they tend to use familiar wording which can be used in filters. Examples may be casino, viagra, Russian goddesses etc. Once one sees a pattern, it is very easy to set up filters to put any emails containing these works in the spam folder. It is worth moving to a spam folder than automatically deleting, just in case a personal email contains the same words.

You might find that the SPAM email has addresses that are not the spammer. They get lists of real email addresses and use them as the origins.

The sad reality is that if you had 1 million blocked addresses you would still be receiving SPAM as the spammers would be using ever more real addresses they hijack.

Email and whether one uses an Apple product or Windows are disjoint. Email is email and not an operating system. You might do well to try setting upThunderbird email client since Outlook mail apparently only has brute force methods you are already using at some level.

Thunderbird checks known spam lists against your choice of list sources such as spamassassin - not perfect but it helps. Likewise gmail has a pretty good spam filter in its own right.

My email accounts are on gmail and that host provides my primary spam filtering, with Thunderbird picking up most of the slack. I only get the odd SPAM get through these days.

Really appreciate your advice and will certainly follow up those suggestions

If using the newest Outlook you can get very defined in your ruleset. To do so go to “File” then select the box next to “Rules and Alerts” that has “Manage Rules & Alerts”

Annotation%202019-11-04%20163021899×854 86.5 KB

Click the “New Rule” tab

(You can see some of the Rules I have already created in this image)

then in the “Stay Organised” section use the “Apply rule on messages I receive”

Annotation%202019-11-04%20163021435×538 55.6 KB

then click “Next”.

On the page that appears place a tick in the line that has “with specific words in the subject or the body” (you can also scroll down in this pane and select the “stop processing more rules” option only do this if there are no more word rules you want to process ie final rule) click “specific words” (highlighted in green) in the Step 2 pane (highlighted in red) and you will get a box that allows you to add words for the rule to act on. The “specific words” will change to show the word/s you entered (not shown in this image)

Annotation%202019-11-04%20163021439×539 59.9 KB

Then click “Next”

On the next page put a tick in “move it to the specified folder” or you could choose to delete it (moves it to the “deleted items” folder) or “permanently delete it” (which irreversibly removes it dangerous selection). If you choose the move to specified folder option it will then let you choose which folder to move the message to by clicking the “specified” (highlighted green) in the step 2 pane (highlighted red). The word specified will change to the folder name you selected eg Junk Email.

Annotation%202019-11-04%20163021436×540 57.2 KB

In the case of Junk emails I strongly recommend the “Junk Email” folder but you can choose “Trash” or if you wish “Deleted Items” or indeed a folder that suits your needs (you can create a folder for this purpose if you so desire).

You can click “Finish” to save the rule or if you click “Next” you can then choose exceptions to the rule so that say you receive emails from your spouse/significant other with say “Sexy” in it you might then choose to allow emails from their address to continue into your inbox.

If no exceptions you can click “Finish” or “Next”. If you choose next you will get an option to name the rule (otherwise it will use the specified word/s as the name). You can later edit the rule if you wish to disable it or alter the conditions.

If that simple solution were not so common it would be funny.

True but that’s the way to achieve fine control over any message not just Junk so you can sort mail on a number of choices to do varying things including notifications, playing media etc. It is well worth exploring all the choices if you want fairly exact control of your emails and feeds.

Outlook also has a built in Junk Filter with 4 levels of control based on Junk filters set by MS and updated when Outlook is online. It is active but set to No Automatic filtering but Blocked senders are sent to Junk. Then there is Low which is meant to capture most obvious Junk, then High is next which gets most but also can catch normal emails at times then finally Safe Lists only which only allows obviously your safe list addresses through. You can also use a setting to warn about suspicious domain names in email addresses.

To work with the built in Junk filter you go to the Home Tab and use the drop down in the Delete section labelled Junk. Select “Junk Email Options…” and you are presented with several tabs. First being Options where you select level of filtering, then there is Safe Senders list, Safe Recipients list, Blocked Senders list and International (which allows control over Top Level Domains eg AF (Afghanistan) and Encodings eg Baltic, Arabic etc

Yet another scam arriving by email across Australia purporting to be from Amazon.

If some of these grubs actually used their talents for honest purposes instead, who knows if they could actually be like Bill Gates or Jeff Bezos.

Another attempt to trap the unwary

amazonphish794×408 29.2 KB

Muddying the phish pond
I have an account with the Copyright Agency and when I got an email bearing their name and including a ‘click here’ I noticed a rather odd extension to their email address:

Member Services at Copyright Agency via vgrx94tisfri2y.28-1g6u3eac.ap20.bnc.salesforce.com

Which seemed suspicious enough for me to contact them (using my stored address) to ask if it was genuine - and they said it was. Even though they’ve said that, I look at that address and realise I live in doubt. Better to be careful, though.

Another phishing attempt under guise of Amazon

forward these to stop-spoofing@amazon.com
even Yahoo picked this one up as spam
One simple thing to look at is the email address it came from - note the extension @accptinformation. Well they won’t be ‘accpting’ my information.
Apart from the company involved, I wonder if any authority follows these up to try and catch them at it? I guess they’d be pretty busy -

April nears and this spamming company is sending texts with hotlinks to ‘Dear Firstname’ <- literally – Very professional! No email or contact details on the site excepting their 1300 number. My advice, avoid anything from Compare Club Australia of which this mob is a subsidiary. They claim to honour the Do Not Call. I need to check if ‘that number’ was added