on 23-01-2024 15:58
It's long been the case that some scam emails look as though they have been sent from email addresses you recognise, but the underlying sender details show otherwise. I've started to see a couple of scam emails that really do look like they have been sent by me from my ntlworld email.
I can't see any other sending email address in there. I've no other evidence of my email address being hacked and I have a strong secure and unshared password. It's not impossible, but it seems unlikely. Is there a way to tell what's happening from say the source code on email or something else to look for?
on 23-01-2024 17:18
Consider copying the source text of the email message into an email header analyser to help determine its authenticity or manually review the Received headers, for example Email Header Analyzer, RFC822 Parser - MxToolbox.
Also review X- header values, for example: X-SourceIP, X-Authenticated-Sender, etc
--
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks
on 24-01-2024 10:16
Thanks, that’s helped a little. Although I don't understand enough of the analysis to really make a difference. It does seem to suggest that it’s used my email as a reply address, which maybe overwrites what I was seeing as the From e-mail so it reads as my own. Maybe. I suspect we’ll see more of this approach emerge.
I’ll leep an eye out for any repeats.
on 24-01-2024 14:51
Was there an X-Authenticated-Sender header and if so was its value your ntlworld.com email address, for example X-Authenticated-Sender:richard.branson@ntlworld.com?
on 06-02-2024 10:44
I got an email, apparently from myself, yesterday. It said they had installed Pegasus on all of my devices and could see everything I was doing. Apparently, if I don't pay them, they will send videos to all of my contacts. I know this is a scam so I'm not worried they are watching me. What does worry me is that I tried to block the sender's email address, but was told I can't block myself. I tried hovering over the email address as this usually shows the true address but it only showed mine. I have forwarded the email to Virginmedia and the Fraud Squad. I don't understand how to do what is suggested above. Any help appreciated, please. Also, today my inbox seems to be having difficulty downloading on my laptop but ok on my phone (so might be a laptop problem).
on 07-02-2024 11:37
Hi @pinkywoo 👋.
Thanks for reaching out to us and reporting the scam email to the Fraud Squad, with the email address we may be able to assist in recovering this for you to regain control. With the Pegasus program, if you do a local search on your laptop search bar at the bottom left of the screen, if It is visible you would need to remove this program via "Add/Remove Programs" section of your laptop, which can be found typing it into the search bar and open it, then highlight the program you wish to remove and remove.
Let's bring you into a private message and assist with the email. Please look out for the envelope on the top right of your web browser or if you are using a mobile device, it will be located under your profile icon.
Thanks.
Sabrina
on 07-02-2024 12:50
Hi Sabrina
I have replied to your message.
After doing a search on my laptop for Pegasus only suggested I look at an app store to get it.
Someone suggested copying and pasting the email address to block it. Usually a choice of 'copy email address' comes up. This time it only offered 'copy link'. I copied and pasted this into my search bar and it took me to my inbox. I put it in my email address bar and it pasted the link to my email inbox.
on 07-02-2024 14:05
FWIW when the miscreant refers to Pegasus this is what they mean Pegasus Archives - The Citizen Lab; a foreign commercial spyware. It should be clear from the articles linked to that a miscreant deploying such spyware would not be notifying their targets of this,
on 07-02-2024 14:13
@pinkywoo wrote:⋮
… I don't understand how to do what is suggested above. Any help appreciated, please. Also, today my inbox seems to be having difficulty downloading on my laptop but ok on my phone (so might be a laptop problem).
To view an email's source text in webmail:
on 07-02-2024 19:00
Thank you. I selected 'View source' and got a long line of words/letters some were from ???, some were to ???. I pressed Ctrl + F and got a small empty box. I wrote X-Authenticated-Sender in it, pressed enter and next to it, it said 0/0.