Forum Discussion

RobertIain's avatar
RobertIain
Dialled in
6 months ago

Two questions regarding scam mail and a possible fake Virgin phishing address!

First : Recently a lot of the scam/spam emails I have been seeing have included something rather odd in the cc list of addresses it was sent to - the address gsupportfool @ virginmedia.com

Would be interested to know if anyone can tell me what that is about!

Second : When reporting scam emails to virgin at the address phishing @ virginmedia.com, the acknowledgements  seem to come from Phishing2 @ virginmediauk.mail.onmicrosoft.com

Seems rather strange, why is this address being used?

 

10 Replies

Sort By
  • Nathan_B's avatar
    Nathan_B
    Icon for Forum Team rankForum Team
    6 months ago

    Hi there RobertIain 👋 Welcome back to our forum and thanks for your post 😊

    We've checked the email addresses you've shown and it looks like these addresses are genuine ones to report spam. We tried on our end and can see a message back giving further instructions of making sure the spam is reported. Did you get this message too?

    Let us know.

    Regards

    Nathan

    • RobertIain's avatar
      RobertIain
      Dialled in
      6 months ago

      Thank you for the reply - I can see that the two 'reporting' addresses might be valid, although I am still intrigued that one comes from 'onmicrosoft', seems odd when you have your own mail servers and systems. I have never seen anything about further instructions, though, all I get is the rather garish multicoloured text of the email that acknowledges the report :

      "Thank you for sending this report into the Virgin Media O2 Customer Security team. If needed we will get in touch directly with you otherwise this report will be processed by our analysts and any potentially harmful or malicious content will be dealt with as appropriate.

      For any non-phishing related concerns please get in touch with us via our netreport platform or the customer support phone line; 150 on a Virgin Media Mobile device or 8002 on an O2 mobile device, otherwise 0800 519 6902 for Virgin Media customers or 020 8239 3902 for O2 customers on any standard mobile network or landline.

       Kind Regards, Customer Security Monitoring"

      I am still baffled by the regular use of the gsupportfool @ Virginmedia.com in the address list of spam sent to me though, all the many other addresses in the list are in multiple different providers, with various far more sensible looking names. 

      As noted by ALF28 the 'true' source of these seems to consistently be foundrybrands, and as with JPL8 I am getting more and more of these despite reporting them as spam over several weeks, so I am not convinced your antispam systems are working as you think they should - and I also find it very annoying that if I receive spam email, often when I try report it to the actual government authorities ( report @ phishing.gov.uk) I often find me sending that mail triggers the Virgin system to block MY mail to the authorities as spam!  It would be  better if you actually stopped it before it got to me, as your systems obviously CAN detect it. Currently the way things work is rather than blocking spam and scam mail to me, it lets me get spam and scam mail and stops me doing what I legally SHOULD do and reporting it to the government body that monitors this stuff. That's really not how anything should be working.

      • ALF28's avatar
        ALF28
        Super solver
        6 months ago

        spam email-

        Many of the spam emails I receive us the word "support" in the email header, this implies that they are giving you aid for a service offered  or to purchase goods etc.

        In some cases it may be genuine, but many spam emails use the word support so you think it is offering to aid/help you in some way. 

        It was strange to see a VM email username  gsupportfool@, which was removed in the last email from foundrybrands and replaced with my own email address. The email was fake and sent from "myvirgin media" stating that my account has been suspended-click the link below to restore access. (unknown link)

        I suspect the spammer is using distribution lists and sending out to a group of names.

  • JPL8's avatar
    JPL8
    Rising star
    6 months ago

    I’m getting exactly the same thing with the scammers pretending to be VM. More and more of these spam emails over the past few weeks/months. I tried to report some to Apple and Amazon, but the Virgin Media servers blocked the emails for being … spam 🤦‍♂️ Which begs the question, if they can block me from forwarding them then why am I receiving them in the first place?

    I keep reporting them to the VM phishing email address, but it hasn’t made any difference. I’m getting more, not less.

  • ALF28's avatar
    ALF28
    Super solver
    6 months ago

    I am also getting these emails which have to cc gsupportfool and also an invalid aol.com  address, but is not addresses to my own email and is from foundrybrands.com.

    I have had 8, the last one tagged as spam, so VM may are now tagging this as spam since it as reported.

    The subjects are regarding various services such as anivirus renwal, coffe machines, failed delivery etc, and may may be phishing emails or dangerous links. They originate from an Italian IP address.

    Also be careful of any email that looks familiar but the sender address has changed slightly, I just had on today that has 4 downloads. I have ignored this newsletter as it form a different IP address to the usual one, I do not know if genuine or not , hard to tell but tagged as spam by VM which indicated it may be spoofed email, but unsure how it could happen to get a fake version of this regular email, or it could be the spam filter was too strict?

    I ignored the email just to be safe.

    • ALF28's avatar
      ALF28
      Super solver
      6 months ago

      I also note the editing option is not there today so I could not do any corrections if needed to the post?

      • ALF28's avatar
        ALF28
        Super solver
        6 months ago

        My last post was automatically deleted as soon as it was posted? I repeat it-

        I advised that forwarding of spam emails can be blocked as VM protect their own servers and can be detected as spam activity.

        Forwarding a spam email opens the email and images and might pass tracking to the sender, best to place unknown emails in spam or delete such emails, I hope VM do investigate gsupportfool@virginmedia.com as it is a valid email address being used.

         

  • RobertIain's avatar
    RobertIain
    Dialled in
    5 months ago

    Sadly I am not seeing noticeably fewer spam emails, although proportionally now most claim to be from fullopt-70641003 @ vidangedefosse.com so maybe progress, of a sort - although in the past months these have been a fairly large component of the spam I get, and they have been reported to Virgin by me many times in recent months, yet still continue.

    I also note my earlier post regarding Virgin stopping scam mails being forwarded to the authorities ( phishing.gov.uk) yet allowing them to reach me, remains unanswered. 

    • ALF28's avatar
      ALF28
      Super solver
      5 months ago

      I am still getting a few spam emails,I had one addressed to another person , not myself which is common.

      Also I think the spammers will set up fake free email accounts in another person's name (sender) so the emails can not be traced and probably using VPN to mask the sender IP address, and some email just give the IP address of the server such as gmail and outlook, so the source IP geolocation  remains unknown in some providers.

      Best to just ignore them, they send out thousands of emails in the hope a small % of people will click on the dodgy email which are often phishing emails.

      So it is impossible to know who is sending the spam emails and also improbable that they can be stopped.

      It is often not easy to differentiate between genuine and spam emails with artificial intelligence enabling spammers to send authentic looking emails.

      It is wise to check all emails before clicking on anything, especially if the sender is unknown and manually remove them or use filters.

      Checking the source  IP address in the header and looking it up is a good way to check who sent the email