Menu
Reply
  • 3
  • 0
  • 0
Alangb
Tuning in
235 Views
Message 1 of 5
Flag for a moderator

Old blueyonder spoof spam

Hi

I have an old @blueyonder.co.uk email address I moved away from using a few months ago. However in last few days it has been accessed and one of the email addresses in the address book spoofed and then sent out an email with malicious link in to all my other contacts.

As I moved away from VM I can no longer log in to delete the email - the log in message says no longer exists.

Could you get in touch so I can get the old email address deleted.

Thanks
Alan
0 Kudos
Reply
  • 252
  • 19
  • 114
Wrock
Fibre optic
211 Views
Message 2 of 5
Flag for a moderator

Re: Old blueyonder spoof spam

Hello Alan,

Do you have these symptoms?

1)  Your contacts are receiving a short email message containing little more than a link and an entreaty for them to click on the link.  The display name and false from address on the message may vary and be that of an address from your account.

2) The subjects of the messages which are sent to your contacts are found in this list, or similar to the subjects in this list in Table 2.  http://wardinewrock.blogspot.com/2015/09/email-sent-under-my-name-not-from-me.html

3)  Your account is receiving notifications about messages which could not be delivered, messages which you did not send.

Beginning in August 2015, there are about 540 known cases of Virgin Media email accounts where spammers have accessed the email account, stolen all of the email addresses in the account, and then send spoofed spam messages to these stolen addresses. The rounds of spam are chronic, being delivered at irregular intervals every few weeks and have continued for months.

-Wrock

0 Kudos
Reply
  • 3
  • 0
  • 0
Alangb
Tuning in
204 Views
Message 3 of 5
Flag for a moderator

Re: Old blueyonder spoof spam

Hi Wrock

Thanks for replying.

Yes to all 3!!!

As I no longer use this email I would think best course of action would be to delete it - do you have any further advice on how I can get VM to do this if I no longer can gain access?

Thanks and much appreciated
Alan
0 Kudos
Reply
  • 252
  • 19
  • 114
Wrock
Fibre optic
190 Views
Message 4 of 5
Flag for a moderator

Re: Old blueyonder spoof spam

Hello Alan,

Right.  You are lucky that you are in a position to delete the account quickly.  Many others with this problem are actively using their accounts, and so have more work to do to limit the damage.

The fraudsters who are operating this spam extravaganza are storing all of the email addresses they have harvested from your account.  Our experience since August 2015 shows that they will continue to send spam to the addresses collected from your account.  They will have collected not only every address you have sent email to from the account, but also every incoming email address, both on the To: and CC: lines.  

They will continue to send the spam at irregular intervals, and that will happen even if you shut down the account.  Depending on how many addresses were present in the account, and what damage continued spam being sent under your name could have on your personal and professional relationships, you might want to put an "out-of-office" automatic reply on the account for some time before deleting it, to explain the situation to people you know.   Something like "This email account has been hijacked by spammers who are periodically sending spam email to every email address found in the account.  If you receive spam which appears to come from me, know that I did not send it, the address was spoofed.  To help combat this problem, please forward the spam to the Federal Trade Commission at spam@uce.gov.  Please also create a filter to delete all future emails from this address."

If on the other hand, there were no addresses of importance in the account, and ongoing spam appearing to come from you will not damage any personal or business relationships, then yes, insist on having the account deleted now.  I don't have more information on how that is done and trust that someone will come along who does.

If someone you know inadvertently clicks on one of the links, they may not come to any harm.  The links in the spam are more fraudulent than malicious, although the redirection structure in which the link goes to a hacked web site which redirects to another web site allows the spammers to get up to all sorts of mischief by changing the redirection link on the first web site.  Typically the links are advertizing assorted schemes in which the spammers sell their wares.  The United States Federal Trade Commission has been prosecuting an extremely similar spam operation and recouping millions of dollars from the underlying diet-pill scam.  More information here, https://www.ftc.gov/news-events/press-releases/2015/05/ftc-halts-deceptive-marketing-bogus-weight-lo...

I have evidence to suggest that at least 5,000 Virgin Media email accounts are affected as well as hundreds of accounts at a number of other email providers such as TalkTalk.  I imagine the resulting volume of spam and backscatter messages about emails which could not be delivered may be putting a strain on the Virgin Media email systems since August 2015 when these cases first began.  When AOL had an identical problem with thousands of their accounts in April 2014, the volume of spam in their email system increased dramatically and then fell just as quickly when they applied a DMARC p=reject policy to protect their users against the spoofing as described here, https://blog.cloudmark.com/2014/04/29/aols-dmarc-change-fends-off-com-spammers-attack-but-data-breac...  

If you haven't already, you may want to file a Net-Report case, under the "Email Account Hijacking" category, http://netreport.virginmedia.com/netreport/  

-Wrock.

 

 

  • 420
  • 12
  • 352
malsiluk
Fibre optic
177 Views
Message 5 of 5
Flag for a moderator

Re: Old blueyonder spoof spam

Nice one Wrock! Another cracking post on this subject. Good reading for all effected and the Virgin Media forum staff could do with reading it.

As you highlight towards the end of the post, when AOL suffered a data loss, they admitted that it had happened and took some positive action to try and help the situation a bit (DMARC)

Talk Talk were famously hacked last year and lost a lot of data. At least they did stand up and admit to it and yes they lost some customers, but time heals as does people seeing some honesty when they has been a problem.

Virgin Media lost all our email data in Aug/Sept 2015 and what did they do about it? Tried to deny it and when there was so much evidence that this really had happened, they stuck their fingers in the ears and sung La La La La very loudly, hoping it would all go away.

I know it's not a great choice, being asked to choose between AOl, TalkTalk and Virgin Media - but which approach would you rather have from your provider? Honesty about their failures, or complete denial of the situation, so doing nothing to help those effected? Bet the Virgin approach doesn't get too many votes!

0 Kudos
Reply