For some time now, I have been receiving weekly(ish) phishing blackmail scam emails saying he (the scammer) has taken very dodgy webcam footage of me, and will share with all my friends on family on social media unless I pay bitcoin to an untraceable account. Obviously there is no such footage so I'm not worried about that, and I'd normally just add the scammers email address to the Blocked Email address list (currently 250 limit) and move on. However, the scammer has managed to spoof the email sender details to make it look like the sender (me@blueyonder) email address is exactly the same as the receiving (me@blueyonder) email address! Obviously I'm not sending myself blackmail scam emails and can't add myself to the blocked list, so I currently just delete them them as they appear. Is there any way to stop them arriving in the first place? Regards, Tony.

Hi - I will try all the X-Authenticated-Sender options again, in case I made a mistake, and let you know. Many thanks for this alternative. I set up this new filter rule and sent myself an email - it went straight to Spam. If the X-Authenticated-Sender options don't work as intended, I will go with this. Thanks again. Incidentally, if VM know these emails are Spam, why don't they just route them to the Spam folder automatically, rather than the Inbox?

Thanks for that. Save accepted, so I sent myself a test email, but it appeared in my Inbox. I also tried selecting Exactly, and again with Matches in the Sender box, but they all appeared in my Inbox. I could send screenprints again, but I guess you are fed up with this one by now, so I'll revert to Plan B and use the other filter to divert all @blueyonder emails to Spam. Thanks for your help on this - much appreciated!

Consider creating a webmail Filter Rule similar to the following:NB: grey coloured Condition area is created by selecting Nested condition and the filter rule is only applied if a message is delivered to your Inbox folder and:it claims to be from you, i.e. From header contains your email addressits not been sent via Virgin Media's email server, i.e. X-Authenticated-Sender does not exist or does not contains your email addressBe aware that the miscreants may workaround this Filter Rule.It is important that you regularly review the content of the Spam folder to make sure the Filter Rule is working as expected. Once you are confident it is you may wish to change the action to just a Discard action so the message is permanently deleted on receipt.-- I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn moreHave I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks

Hi 用心棒Many thanks - I will certainly try this. I have created the filter rule exactly as per the example (not RB@VM obviously) but I do have a question - should the Header condition say Does Not Match? I would have thought it should say Does Match? Can you clarify please? Regards, Tony

Does not match is correct as using Match would result in the rule matching email you actually sent.I have amended my previous post to handle the case where there is no X-Authenticated-Sender header.

Stopping phishing blackmail emails? | Virgin Media Community

13 Replies

用心棒
Very Insightful Person
2 years ago
Consider creating a webmail Filter Rule similar to the following:

NB: grey coloured Condition area is created by selecting Nested condition and the filter rule is only applied if a message is delivered to your Inbox folder and:
it claims to be from you, i.e. From header contains your email address
its not been sent via Virgin Media's email server, i.e. X-Authenticated-Sender does not exist or does not contains your email address
Be aware that the miscreants may workaround this Filter Rule.
It is important that you regularly review the content of the Spam folder to make sure the Filter Rule is working as expected. Once you are confident it is you may wish to change the action to just a Discard action so the message is permanently deleted on receipt.
--
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks
- thsc04646
  On our wavelength
  2 years ago
  Hi 用心棒
  Many thanks - I will certainly try this. I have created the filter rule exactly as per the example (not RB@VM obviously) but I do have a question - should the Header condition say Does Not Match? I would have thought it should say Does Match? Can you clarify please? Regards, Tony
用心棒
Very Insightful Person
2 years ago
Does not match is correct as using Match would result in the rule matching email you actually sent.
I have amended my previous post to handle the case where there is no X-Authenticated-Sender header.
- thsc04646
  On our wavelength
  2 years ago
  OK, thanks for the clarification. My email address is the old @blueyonder.co.uk version. Is this covered by the X-Authenticated-Sender thing? How do I know if it is, or it isn't?
用心棒
Very Insightful Person
2 years ago
It seems likely that when the from email addresses is a blueyonder.co.uk alias the X-Authenticated-Sender will be alias's main email address, To confirm if this is the case send an email to yourself using an alias and:
select it once received
select ☰ > View source
press Ctrl + F to search for X-Authenticated-Sender
confirm its value is the alias's main email address and not that of the alias
- thsc04646
  On our wavelength
  2 years ago
  Hi - I tried 3 versions of filter rule as described (one with Does Not Exist, one with Does not Contain and one with both, but it directed ALL inbound emails to Spam. I also sent myself an email as suggested, and checked the Source, and emails sent to myself have X-Authenticated-Sender - see screenprint - but the scammer emails don't have X-Authenticated-Sender anywhere in the source data.
  I did notice the MESSAGE-ID in the source data from scammer emails were different each time, but all were @blueyonder.co.uk. For example, the two most recent...
  967607656.202402120135@blueyonder.co.uk and
  65CA32BA.5060205@blueyonder.co.uk
  Is it possible to set up a filter to send all emails from @blueyonder.co.uk to Spam? I would monitor it for genuine emails, but that's not a problem. Can you advise please?
用心棒
Very Insightful Person
2 years ago
Sorry to read that but it is odd as the From condition excludes the rule from matching other email address,
Try the following to match all email addresses claiming to be from a blueyonder.co.uk address:
- thsc04646
  On our wavelength
  2 years ago
  Hi - I will try all the X-Authenticated-Sender options again, in case I made a mistake, and let you know. Many thanks for this alternative. I set up this new filter rule and sent myself an email - it went straight to Spam. If the X-Authenticated-Sender options don't work as intended, I will go with this. Thanks again.
  Incidentally, if VM know these emails are Spam, why don't they just route them to the Spam folder automatically, rather than the Inbox?
thsc04646
On our wavelength
2 years ago
I wasn't using the nested option previously, so I tried editing the filter, exactly as you have it - my screenprints below - but it won't let me proceed, ie Save. Am I doing something wrong?
thsc04646
On our wavelength
2 years ago
I wasn't using the nested option previously, so I tried editing the filter, exactly as you have it - my screenprints below - but it won't let me proceed, ie Save. Am I doing something wrong?
thsc04646
On our wavelength
2 years ago
用心棒
Very Insightful Person
2 years ago
Press the Tab key to move around the page until Save option becomes active.
- thsc04646
  On our wavelength
  2 years ago
  Thanks for that. Save accepted, so I sent myself a test email, but it appeared in my Inbox. I also tried selecting Exactly, and again with Matches in the Sender box, but they all appeared in my Inbox. I could send screenprints again, but I guess you are fed up with this one by now, so I'll revert to Plan B and use the other filter to divert all @blueyonder emails to Spam. Thanks for your help on this - much appreciated!

Forum Discussion

Stopping phishing blackmail emails?

13 Replies

Related Content

Forwarding Phishing Emails to phishing@virginmedia.com

Email phishing

iPlayer stopped working

Phishing email

Phishing Scam: British Gas email