thanks for the useful data how to prevent scams, I have printed it off.

alf28

I am now getting a more regular flow of these dating e-mails, still into the 'Junk' box where I erase them on sight. As described above, they appear to contain a hyperlink. I prefer to erase them rather than investigate further.

I hope that this latest trend in junk will stop soon but while these e-mails are easily identified and erased, I assume they should not be a big problem.

DATING EMAILS and other spam emails.

Best not to click on any links and delete them out. 

If they go to spam they will delete after 30 days.

I have set up an email  filter to block such spam/scam emails using  conditions such as from, to and  subjects, covering domains, email addresses & subject key words and then action them to discard, efectively blocking them from my virgin email inbox. (ntlworld.com)

I have filtered out the spam which was approx 50 per month and it has drastically reduced the spam emails.

Some of these spam emails have the potential to be fraudualnt, phishing and a source of malware/virus/trojans etc.

If the sender is not known then it is probably spam or may be  fake/forged/spofed emails pretending to be from virgin or a bank etc.

Always check the sender adddress, and if it keeps changing it might be prudent to block a "whole domain" in some cases.

It is a drastic step I have taken to discard emails, but it is so easy to accidently click on a risky hyperlink, I have done this, so I try to now remove that risk but I will have to update the discarding filter each time a new spam email  is recieved.

Virgin does detect about 50 % or more of spam <spam>, but some may get through undetected, and they can be dangerous.

alf28

Dating emails.

The dating emails seem to have stopped now so I am no longer needing to discard such emails.

I have noticed other spam emails with unusual content which can consist of embedded base 64 attachments/mages, html files, attachments etc.

Some spam emails have very large blocks of html text or embedded coded data inserted into the emails which may contain unknown threats. It is wise not to click on any spam email hyperlinks, images or  attachments in the type of emails.

If I do not know the sender, then I just assume it is spam anyway.

I even switch of (untick) html  in virgin email setting and so read the  emails in  text format which is safer but it still displays the hyperlinks.

Thunderbird  can also be set to view in text only, very few email clients have this facility.

Virgin spam filters are tagging the spam as <spam> which is a help.

Most of the spam emails are spoofed so the sender address may not be the true identity of the unknown sender.

Attached images may could be disguised .exe files or used for tracking, hyperlinks may link to fake phishing websites, attachments may contain malware.

I filter genuine emails  to my own folder, so those that remain are all unknown easily identified as unknown senders which could be spam.

alf28

Yes, the regular flow of dating e-mails has stopped although there was one today that slipped through the filters and landed in my 'inbox', now deleted. I have also just received my first demand for money [bitcoins] with menaces from a thug claiming to have control of my computer and in possession of embarrassing videos. It arrived in junk where it richly deserved to be, now deleted. What a wonderful place the internet can be!

Hi @ahrbee,

Really glad to hear you're not receiving these emails as often anymore. If you're receiving emails that are demanding money, you can forward this to our Phishing Team who will look into this.

Please forward the emails to phishing@virginmedia.com and one of the team will investigate this for you 🙂

Cheers,

Dating emails and other recent spam emails-update.

My dating emails have still stopped at the moment, I have had approx100 over the last few years, some contain inline images.

I had a batch of 7 dating emails received in April/May 2022 and they had embedded content (base64 encoded) and addressed to 14 people, it is unusual to display the full list of recipients and more usual to issue to a group using Bcc to keep the list private. These dating  are sent to email addresses blueyonder.com, ntlworld.com,virginmedia.com, talktalk.net, tiscali.co.uk, but many other spam emails on other subjects come from the same spammer group and  sent to a group of email addresses. The emails are probabaly not traceable as they hide their true identity and ip address  using VPN and hosted servers or bulk mail services so the sender address is usually spoofed but they may use a mail box set up for the scam.

I have had recent spam in the last months  claiming to be netflix, Dyson, nhs prescriptions, t-shirts, cars, Wells fargo bank,Virgin media fake bill,MBNA bank, funeral plans, insurance, post office delivery, african money scam. Some emails are empty, with a greeeting but no mesage with just a link.

I also had the nasty emails in the past claiming to have videos and have your passswords and  wanting payment in bitcoin, I had 14 similar emails but they have stopped in 2020 after I reported them to action fraud. These are known as blackmail emails and best ignored or deleted.

Most emails both spam and genuine emails  generally use emails ending with extensions .com , .co.uk, .net. .org. 

Many spam emails do use conventional addresses such as gmail.com , hotmail.com, outlook.com as they look to be more genuine.

I have had over 300 spam emails from gmail.com which I get regularly.

Other email extensions may be unusual such as fake virgin bills etc. with extensions .edu, .de, .it, .biz,.ch, .org.uk, jp etc.which are not the usual email addresses and can be detected as probably fake.

Some of the emails are so obviously fake, stupid and with dubious content and dangerous hyperlinks or attachments and I think some are "prank emails" sent by a "prankster" and may be generated using online services to send weird emails annonymously . One email actally had a prankster domain in the header.

The extensions for the email domains all have a meaning/origin and there is a chart to look this up which is useful-

see

List of Countries Domain Name Extensions | Webopedia

alf28

TROJAN email-rare event

I did a routine security scan  and  found a trojan that was in a virgin email but via my thunderbird email client.

The trojan  was- win32killmrr.yecca. (ransomewear) logged as B5AF5DDF

This was in an email with embedded content (base 64 encoded)

I have had this  before in similar spam emails in 2020, 2021 and they can appear to be from a known contact (spoofed)

It is possible that the trojan gets in via a script. It did not cause me any problems, but only appeared and was detected when I used the thunderbird email client.

I did not click on any links in the email, but will ensure I do not open spam emails again, just ignore/delete them. I had kept them as they at first appered to be from my known contact from 13 years ago and have had several such emails always via hotmail and using outlook email client  to send them.

I have removed thunderbird, It may be safer to use virgin web mail? One problem with using an email client is that the emails are downloaded and stored on my computer along with the trojan which got in there somehow from imap/virginmedia email.

Not related, but I also detected some unusual cookies and 4 on another laptop were deleted but one would not delete so I have ran a cleaner and cleaned my browser data. I will run another scan to see if the trojan has infected my other laptop.

One cookie was  a browser addon/hijak.

Always worth doing a security scan often with several  different antivirus scanners which also removes any malware they find.

alf28

CORRECTION

The trojan found in a phishing  email was win32killmbr.yecca  (wrong spelling in previous post)

The trojan can hide from most antivirus and difficult to find, and can monitor paswords and is used for ransomeware.

I did manage to remove this nasty trojan but hope it has not compromised my security.

see

https://howtofix.guide/trojanwin32-killmbr/

The emails that may have caused the infection were marked as spam by virgin.

I have removed the email client which may have been propogating the ransomeware trojan, which works by downlading files from the internet onto the computer infected.

I did have some very odd unusal cookies including double click  one laptop which can be downloaded from a mallicious website.

see

Solved: McAfee Enterprise Support Community - Doubleclick cookie virus? - McAfee Enterprise Support ...

Both laptops now seem OK I hope, but I continue to do checks and re-scans but have not scanned in safe mode yet.

This highlights the danger of phishing emails and mallicious websites which can  infect computers with ransomeware etc and to take notice if tagged <spam> by virgin, not to click on the email if you suspect it is dangerous phishing spam.

It is so easy to get your computer infected, and  I use the inbuilt   widows antivirus defender and malwarebytes, but perhaps that is not enough?  I also use several  free online antivirus scans which found some infections not detected by the windows defender or malwarebytes.

The infections  can make  computers  go very slow and browsers crashing etc. and they change the registry, I had some strange registry entries which I did not recognise, but have cleaned the registry following software and cookie deletions and the trojan removal

alf28