cancel
Showing results for 
Search instead for 
Did you mean: 

Stopping phishing blackmail emails?

thsc04646
On our wavelength

For some time now, I have been receiving weekly(ish) phishing blackmail scam emails saying he (the scammer) has taken very dodgy webcam footage of me, and will share with all my friends on family on social media unless I pay bitcoin to an untraceable account. Obviously there is no such footage so I'm not worried about that, and I'd normally just add the scammers email address to the Blocked Email address list (currently 250 limit) and move on. However, the scammer has managed to spoof the email sender details to make it look like the sender (me@blueyonder) email address is exactly the same as the receiving (me@blueyonder) email address! Obviously I'm not sending myself blackmail scam emails and can't add myself to the blocked list, so I currently just delete them them as they appear. Is there any way to stop them arriving in the first place? Regards, Tony.  

13 REPLIES 13

用心棒
Very Insightful Person
Very Insightful Person

Consider creating a webmail Filter Rule similar to the following:
2024-02-14.jpeg
NB: grey coloured Condition area is created by selecting Nested condition and the filter rule is only applied if a message is delivered to your Inbox folder and:

  • it claims to be from you, i.e. From header contains your email address
  • its not been sent via Virgin Media's email server, i.e. X-Authenticated-Sender does not exist or does not contains your email address

Be aware that the miscreants may workaround this Filter Rule.

It is important that you regularly review the content of the Spam folder to make sure the Filter Rule is working as expected. Once you are confident it is you may wish to change the action to just a Discard action so the message is permanently deleted on receipt.

-- 
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks

Hi 用心棒

Many thanks - I will certainly try this. I have created the filter rule exactly as per the example (not RB@VM obviously) but I do have a question - should the Header condition say Does Not Match? I would have thought it should say Does Match? Can you clarify please? Regards, Tony

用心棒
Very Insightful Person
Very Insightful Person

Does not match is correct as using Match would result in the rule matching email you actually sent.

I have amended my previous post to handle the case where there is no X-Authenticated-Sender header.

OK, thanks for the clarification. My email address is the old @blueyonder.co.uk version. Is this covered by the X-Authenticated-Sender thing? How do I know if it is, or it isn't?

用心棒
Very Insightful Person
Very Insightful Person

It seems likely that when the from email addresses is a blueyonder.co.uk alias the X-Authenticated-Sender will be alias's main email address, To confirm if this is the case send an email to yourself using an alias and:

  • select it once received
  • select > View source
  • press Ctrl + F to search for X-Authenticated-Sender
  • confirm its value is the alias's main email address and not that of the alias

Hi - I tried 3 versions of filter rule as described (one with Does Not Exist, one with Does not Contain and one with both, but it directed ALL inbound emails to Spam. I also sent myself an email as suggested, and checked the Source, and emails sent to myself have X-Authenticated-Sender - see screenprint - but the scammer emails don't have X-Authenticated-Sender anywhere in the source data.

thsc04646_1-1707996340121.png

I did notice the MESSAGE-ID in the source data from scammer emails were different each time, but all were  @blueyonder.co.uk. For example, the two most recent...

 967607656.202402120135@blueyonder.co.uk and 

65CA32BA.5060205@blueyonder.co.uk

Is it possible to set up a filter to send all emails from @blueyonder.co.uk to Spam? I would monitor it for genuine emails, but that's not a problem. Can you advise please?

 

 
 
 
 
 

用心棒
Very Insightful Person
Very Insightful Person

Sorry to read that but it is odd as the From condition excludes the rule from matching other email address,

Try the following to match all email addresses claiming to be from a blueyonder.co.uk  address:

2024-02-15.jpeg

 

Hi - I will try all the X-Authenticated-Sender options again, in case I made a mistake, and let you know. Many thanks for this alternative. I set up this new filter rule and sent myself an email - it went straight to Spam. If the X-Authenticated-Sender options don't work as intended, I will go with this. Thanks again. 

Incidentally, if VM know these emails are Spam, why don't they just route them to the Spam folder automatically, rather than the Inbox?

 

thsc04646
On our wavelength

I wasn't using the nested option previously, so I tried editing the filter, exactly as you have it - my screenprints below - but it won't let me proceed, ie Save. Am I doing something wrong?

thsc04646_6-1708009705517.png

thsc04646_4-1708009351226.png