Forum Discussion

Lindee's avatar
Lindee
Tuning in
9 months ago
Solved

Strange email from Virgin_Media02

I've had an email this morning (which I haven't opened) from the above with the subject: info@consumer.net - total change to your bill.  For one thing, I don't know why this email has come to my email address as they all go to my husband's address, for another I can't understand why talktalk are involved with our bill and thirdly, I don't know who the heck derek hambler is????  Has anyone had anything similar to this and can the moderators throw any light on it please.  I have sent it to reportphishing@gov.uk and talktalk but the copy I sent to Virgin at phishing@virginmedia.com was returned by the system administrator as an invalid address!!!  All very strange!

[MOD EDIT: Title (potential spoofed email)]

  • The Derek email is spam. I have sent a test message to the VM "phishing" address and it went through okay for me. The acknowledgement does say:

    If you are trying to forward an email via Virgin Media Webmail and it is rejected due to containing Spam content, this is because there is outbound spam filtering on your webmail account. Should this happen, this means we are already aware of the spam email in question and have updated our spam filters to ensure it is no longer able to be sent to our platform.

  • The Derek email is spam. I have sent a test message to the VM "phishing" address and it went through okay for me. The acknowledgement does say:

    If you are trying to forward an email via Virgin Media Webmail and it is rejected due to containing Spam content, this is because there is outbound spam filtering on your webmail account. Should this happen, this means we are already aware of the spam email in question and have updated our spam filters to ensure it is no longer able to be sent to our platform.

    • Lindee's avatar
      Lindee
      Tuning in

      Oh great, many thanks for that so I can now go ahead and delete it.  Also, thanks for the explanation about the returned email, much appreciated. 👍😊

  • This email and others like it from that email address and name are definitely dangerous. If opened and instructions followed your 'puter will be infected. Shame i was running on autopilot and did just that. I have a full system image taken a day or so prior so I am getting ready to send my machine back in time after spending two days trying to sort it out. It is the only way to be sure that it has been removed completely. Hope it works, much to think about. First time in 28 years on the net. Will not happen again!

    • goslow's avatar
      goslow
      Alessandro Volta

      At least you have a recent image to go back to. My usual rule of thumb with virus recovery tasks is to spend an hour on trying to remove the malware and no more. After that, it becomes a data recovery and reinstallation task or re-imaging.

      I have found in the past that, even if you do remove the malware, it has often corrupted other aspects of the operating system and the computer often still throws up errors during normal use. And, as you say, you are never 100% certain you have cleared the malware entirely.

      • nigelss's avatar
        nigelss
        Up to speed

        I loaded up the emergency recovery boot flash stick and it said my full system backup is corrupt. I thought I validated it at the time. Aargh! Acronis say you can still try to recover stuff from a corrupt archive. Also turns out that being told the archive file is corrupt does not necessarily mean the actual archive file is corrupt. Go figure. Being full system I can recover partitions or selected folders/files. I spent 14 hours on Sunday doing multiple file and folder recovery operations to recover all my user data to an external drive. All operations completed successfully. From examining the drive elsewhere it looks like the recovered stuff is ok. Random sampling of course! Now debating whether to clone the infected drive to a new one and try recovering the partitions to the clone. If that actually works, fine. If not, I haven't destroyed the infected drive and if necessary could use flash boot-based software to recover my files without getting infected windows involved. If the partition restore to clone fails I could do a clean reinstall of W10 22H2, try to reinstall my apps and user data, or do I just cut my losses, get a new laptop, and reinstall the apps I use and my user data? Current laptop is ten years old!

  • Hi

    I've just posted about this; sorry, I didn't see your post.

    I'm getting them, too, and have done what you did, also reporting it to phishing@talktalk.net

     

  • I got one of these this morning. On opening the PDF file it was obvious that it was scammy.  I just hope just looking at the PDF was not a bad thing to do.

    • Sabrina_B's avatar
      Sabrina_B
      Forum Team

      Hi Robertos42 👋.

      Thanks for reaching out to us, apologies that you are unsure of the validity of the email that was sent to you by us, please could you provide more details of the content of this email, and did you also click the email address to see if under the presentation email the real email address. 

      Please let us know. 

      Sabrina
       

      • Robertos42's avatar
        Robertos42
        Dialled in

        Hi Sabrina

        The title of the email was

        Virgin_Media02 total change to your bill.

        On opening it there was a PDF file which pointed to a link, which I didn't click on as the text in the pdf was so badly written and was obviously an attempt at phishing.  To be on the safe side I restored my PC using the previous days disk images, and deleted my outlook directory and restored from the previous days backup. The only slight doubt I have is if the PDF file may have been compromised. The email address it came from was a talktalk one. I forwarded the email to phishing@virginmedia.com and to reportphishing@gov.uk which was returned by the system administrator as being invalid.