Menu
Reply
  • 12
  • 0
  • 2
muey1
Tuning in
210 Views
Message 1 of 9
Flag for a moderator

spam

Hi all,

I am getting lots of e-mails from " mailer-daemon@virginmedia "  saying we could not deliver this e-mail etc. My problem is I havn't sent any e-mails to any of the addys it mentions. should I be worried or just ignore them ? They have attatchments linked to them ,which I havn't opened , nor will I. Any advice would be greatly appreciated !

Regards Mark

0 Kudos
Reply
  • 7.36K
  • 830
  • 3.1K
Superuser
Superuser
204 Views
Message 2 of 9
Flag for a moderator

Re: spam

Plenty of examples of this on the Board. You are right to be cautious.

Most likely to be this:

http://community.virginmedia.com/t5/Email/Email-Spoofing/td-p/2941294

We need the full error message you are getting back, make sure you edit out your e-mail address. Edit and post it here. We'll advise further.

-----------------------

Superuser 2017/18
Use Kudos to say thanks
Mark answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
0 Kudos
Reply
  • 12
  • 0
  • 2
muey1
Tuning in
196 Views
Message 3 of 9
Flag for a moderator

Re: spam

Hi Howard,

Thanks for the swift reply. Sadly, I deleted them all before I posted here. I will post back next time it occurs if that's ok. I not that computer savvy so if I just copy and paste the e-mail, will that be good enough ? Thanks for your time,

Regards Mark

0 Kudos
Reply
  • 7.36K
  • 830
  • 3.1K
Superuser
Superuser
190 Views
Message 4 of 9
Flag for a moderator

Re: spam

It's OK, but the rest of your thoughts are not right.

We want to see the full mailer-daemon message with your e-mail address edited out. Mailer-daemon is not anything to be worried about it the a common server name that most ISPs use when they return a message as undeliverable. They think they are returning it to the sender which isn't you but appears to be you because your address has been spoofed.

Edit and paste here. If we want to see the enclosure (which will be a copy of the e-mail that is being returned) we'll ask for it. Don't delete any of these. Set up a folder and keep them for a short period while we help you investigate.

-----------------------

Superuser 2017/18
Use Kudos to say thanks
Mark answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
0 Kudos
Reply
  • 12
  • 0
  • 2
muey1
Tuning in
186 Views
Message 5 of 9
Flag for a moderator

Re: spam

Hi Howard,

I will set up a folder as you said and post a copy of the next one on here. Do you want the e-mail of the recipient it was allegedly destined for included,( sorry to be a pain )

Regards Mark

0 Kudos
Reply
  • 7.36K
  • 830
  • 3.1K
Superuser
Superuser
153 Views
Message 6 of 9
Flag for a moderator

Re: spam

No - unless we ask to see it. Just the mailer-daemon message for the time being, if you get any more of them.

-----------------------

Superuser 2017/18
Use Kudos to say thanks
Mark answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
0 Kudos
Reply
  • 12
  • 0
  • 2
muey1
Tuning in
125 Views
Message 7 of 9
Flag for a moderator

Re: spam

Hi Howard,
As mysteriously as the "mailer daemon " messages started, they have now stopped. None since Wednesday now. Virgin have requested I change my password, which I did and have also sent me a letter with some helpful advice in it , hopefully that will put a stop to it.
I presume you had a hand in proceedings, so thanks for that, but if not, thanks for your time anyway, it is appreciated.
Have a Great Xmas and New Year !
Regards Mark
0 Kudos
Reply
  • 252
  • 19
  • 114
Wrock
Fibre optic
101 Views
Message 8 of 9
Flag for a moderator

Re: spam

Mark,

You should be worried enough to check the addresses to which the emails which could not be delivered and which you did not send were sent.  Are any of those addresses known to you as those of friends, family, colleagues, or businesses with which you have a relationship?

Also check the subject lines of the messages which were not delivered and see if they resemble those in Table 2 here,

http://wardinewrock.blogspot.com/2015/09/email-sent-under-my-name-not-from-me.html

There are more than 600 known cases at Virgin Media since August 2015 (and a similar number at TalkTalk but not at other UK email providers) where spammers have been able to access the email accounts and steal all of the email addresses inside the account and then are using the resulting list of correspondents as the recipients for chronic spoofed spam.  In these cases, the rounds of outgoing spoofed email which will have your name and from address attached occur at irregular intervals with a number of weeks between them and the person with this problem receives irregularly-spaced rounds of large quantities of mailer-daemon messages.

Since Virgin Media hasn't taken sufficient action to protect accounts from spoofing, and due to the chronic nature of the problem and fact that the users have not been able to obtain specific information from Virgin Media about how the accounts were accessed having ruled out viruses and malware, this problem tends to make the hijacked Virgin Media account unusable.  I advise all Virgin Media account holders with this problem to move their email operations to an account with better protection against this sort of problem such as a Google email account with two-step verification turned on.  If you have symptoms 1 and 2 above, then you should to pay attention and take further action because it is not a benign problem.  The spammers behind this particular operation are highly-motived experts on fraud.

-Wrock.

0 Kudos
Reply
  • 12
  • 0
  • 2
muey1
Tuning in
85 Views
Message 9 of 9
Flag for a moderator

Re: spam

Hi Wrock ,
No family or friends have received any dodgy e-mails that I am aware of . No e-mails that I didn't send are showing up in my "sent mail " folder and the subjects don't match any of them in list 2.
Its purely a social e-mail account and none of the declined delivery addresses come anywhere close to any of my contacts in my address list. I have also run a full scan on my laptop and nothing was flagged up there so hopefully they will leave me alone now .
Thanks for your time and advice, its appreciated.
Regard Mark