Forum Discussion

thsc04646's avatar
thsc04646
On our wavelength
2 years ago

Stopping phishing blackmail emails?

For some time now, I have been receiving weekly(ish) phishing blackmail scam emails saying he (the scammer) has taken very dodgy webcam footage of me, and will share with all my friends on family on social media unless I pay bitcoin to an untraceable account. Obviously there is no such footage so I'm not worried about that, and I'd normally just add the scammers email address to the Blocked Email address list (currently 250 limit) and move on. However, the scammer has managed to spoof the email sender details to make it look like the sender (me@blueyonder) email address is exactly the same as the receiving (me@blueyonder) email address! Obviously I'm not sending myself blackmail scam emails and can't add myself to the blocked list, so I currently just delete them them as they appear. Is there any way to stop them arriving in the first place? Regards, Tony.  

13 Replies

  • 用心棒's avatar
    用心棒
    Very Insightful Person

    Consider creating a webmail Filter Rule similar to the following:

    NB: grey coloured Condition area is created by selecting Nested condition and the filter rule is only applied if a message is delivered to your Inbox folder and:

    • it claims to be from you, i.e. From header contains your email address
    • its not been sent via Virgin Media's email server, i.e. X-Authenticated-Sender does not exist or does not contains your email address

    Be aware that the miscreants may workaround this Filter Rule.

    It is important that you regularly review the content of the Spam folder to make sure the Filter Rule is working as expected. Once you are confident it is you may wish to change the action to just a Discard action so the message is permanently deleted on receipt.

    -- 
    I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
    Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks

    • thsc04646's avatar
      thsc04646
      On our wavelength

      Hi ç”¨å¿ƒæ£’

      Many thanks - I will certainly try this. I have created the filter rule exactly as per the example (not RB@VM obviously) but I do have a question - should the Header condition say Does Not Match? I would have thought it should say Does Match? Can you clarify please? Regards, Tony

  • 用心棒's avatar
    用心棒
    Very Insightful Person

    Does not match is correct as using Match would result in the rule matching email you actually sent.

    I have amended my previous post to handle the case where there is no X-Authenticated-Sender header.

    • thsc04646's avatar
      thsc04646
      On our wavelength

      OK, thanks for the clarification. My email address is the old @blueyonder.co.uk version. Is this covered by the X-Authenticated-Sender thing? How do I know if it is, or it isn't?

  • 用心棒's avatar
    用心棒
    Very Insightful Person

    It seems likely that when the from email addresses is a blueyonder.co.uk alias the X-Authenticated-Sender will be alias's main email address, To confirm if this is the case send an email to yourself using an alias and:

    • select it once received
    • select ☰ > View source
    • press Ctrl + F to search for X-Authenticated-Sender
    • confirm its value is the alias's main email address and not that of the alias
    • thsc04646's avatar
      thsc04646
      On our wavelength

      Hi - I tried 3 versions of filter rule as described (one with Does Not Exist, one with Does not Contain and one with both, but it directed ALL inbound emails to Spam. I also sent myself an email as suggested, and checked the Source, and emails sent to myself have X-Authenticated-Sender - see screenprint - but the scammer emails don't have X-Authenticated-Sender anywhere in the source data.

      I did notice the MESSAGE-ID in the source data from scammer emails were different each time, but all were  @blueyonder.co.uk. For example, the two most recent...

       967607656.202402120135@blueyonder.co.uk and 

      65CA32BA.5060205@blueyonder.co.uk

      Is it possible to set up a filter to send all emails from @blueyonder.co.uk to Spam? I would monitor it for genuine emails, but that's not a problem. Can you advise please?

       

       
       
       
       
       
  • 用心棒's avatar
    用心棒
    Very Insightful Person

    Sorry to read that but it is odd as the From condition excludes the rule from matching other email address,

    Try the following to match all email addresses claiming to be from a blueyonder.co.uk  address:

     

    • thsc04646's avatar
      thsc04646
      On our wavelength

      Hi - I will try all the X-Authenticated-Sender options again, in case I made a mistake, and let you know. Many thanks for this alternative. I set up this new filter rule and sent myself an email - it went straight to Spam. If the X-Authenticated-Sender options don't work as intended, I will go with this. Thanks again. 

      Incidentally, if VM know these emails are Spam, why don't they just route them to the Spam folder automatically, rather than the Inbox?

       

  • thsc04646's avatar
    thsc04646
    On our wavelength

    I wasn't using the nested option previously, so I tried editing the filter, exactly as you have it - my screenprints below - but it won't let me proceed, ie Save. Am I doing something wrong?

     

     

     

     

     

  • thsc04646's avatar
    thsc04646
    On our wavelength

    I wasn't using the nested option previously, so I tried editing the filter, exactly as you have it - my screenprints below - but it won't let me proceed, ie Save. Am I doing something wrong?

     

     

    • thsc04646's avatar
      thsc04646
      On our wavelength

      Thanks for that. Save accepted, so I sent myself a test email, but it appeared in my Inbox. I also tried selecting Exactly, and again with Matches in the Sender box, but they all appeared in my Inbox. I could send screenprints again, but I guess you are fed up with this one by now, so I'll revert to Plan B and use the other filter to divert all @blueyonder emails to Spam.  Thanks for your help on this - much appreciated!