cancel
Showing results for 
Search instead for 
Did you mean: 

Spam, scam and using my email address as sender

EG1
Up to speed

It's long been the case that some scam emails look as though they have been sent from email addresses you recognise, but the underlying sender details show otherwise. I've started to see a couple of scam emails that really do look like they have been sent by me from my ntlworld email.

I can't see any other sending email address in there. I've no other evidence of my email address being hacked and I have a strong secure and unshared password. It's not impossible, but it seems unlikely. Is there a way to tell what's happening from say the source code on email or something else to look for?

 

 

10 REPLIES 10

用心棒
Very Insightful Person
Very Insightful Person

Consider copying the source text of the email message into an email header analyser to help determine its authenticity or manually review the Received headers, for example Email Header Analyzer, RFC822 Parser - MxToolbox.

Also review X- header values, for example: X-SourceIP, X-Authenticated-Sender, etc

-- 
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks

Thanks, that’s helped a little. Although I don't understand enough of the analysis to really make a difference. It does seem to suggest that it’s used my email as a reply address, which maybe overwrites what I was seeing as the From e-mail so it reads as my own. Maybe. I suspect we’ll see more of this approach emerge.

I’ll leep an eye out for any repeats.

 

用心棒
Very Insightful Person
Very Insightful Person

Was there an X-Authenticated-Sender header and if so was its value your ntlworld.com email address, for example X-Authenticated-Sender:richard.branson@ntlworld.com?

pinkywoo
Dialled in

I got an email, apparently from myself, yesterday. It said they had installed Pegasus on all of my devices and could see everything I was doing. Apparently, if I don't pay them, they will send videos to all of my contacts. I know this is a scam so I'm not worried they are watching me. What does worry me is that I tried to block the sender's email address, but was told I can't block myself. I tried hovering over the email address as this usually shows the true address but it only showed mine. I have forwarded the email to Virginmedia and the Fraud Squad. I don't understand how to do what is suggested above. Any help appreciated, please. Also, today my inbox seems to be having difficulty downloading on my laptop but ok on my phone (so might be a laptop problem).

Hi @pinkywoo 👋


Thanks for reaching out to us and reporting the scam email to the Fraud Squad, with the email address we may be able to assist in recovering this for you to regain control. With the Pegasus program, if you do a local search on your laptop search bar at the bottom left of the screen, if It is visible you would need to remove this program via "Add/Remove Programs" section of your laptop, which can be found typing it into the search bar and open it, then highlight the program you wish to remove and remove. 

Let's bring you into a private message and assist with the email. Please look out for the envelope on the top right of your web browser or if you are using a mobile device, it will be located under your profile icon.
 

Thanks.
 

Sabrina

Hi Sabrina

I have replied to your message.

After doing a search on my laptop for Pegasus only suggested I look at an app store to get it.

Someone suggested copying and pasting the email address to block it. Usually a choice of 'copy email address' comes up. This time it only offered 'copy link'. I copied and pasted this into my search bar and it took me to my inbox. I put it in my email address bar and it pasted the link to my email inbox.

用心棒
Very Insightful Person
Very Insightful Person

FWIW when the miscreant refers to Pegasus this is what they mean Pegasus Archives - The Citizen Lab; a foreign commercial spyware. It should be clear from the articles linked to that a miscreant deploying such spyware would not be notifying their targets of this,

用心棒
Very Insightful Person
Very Insightful Person

@pinkywoo wrote:


… I don't understand how to do what is suggested above. Any help appreciated, please. Also, today my inbox seems to be having difficulty downloading on my laptop but ok on my phone (so might be a laptop problem).


To view an email's source text in webmail:

  • select the message
  • select > View source
  • press Ctrl + F to search the source text shown for X-Authenticated-Sender

 

Thank you. I selected 'View source' and got a long line of words/letters some were from ???, some were to ???. I pressed Ctrl + F and got a small empty box. I wrote X-Authenticated-Sender in it, pressed enter and next to it, it said 0/0.