cancel
Showing results for 
Search instead for 
Did you mean: 

Strange email from Virgin_Media02

Lindee
Tuning in

I've had an email this morning (which I haven't opened) from the above with the subject: info@consumer.net - total change to your bill.  For one thing, I don't know why this email has come to my email address as they all go to my husband's address, for another I can't understand why talktalk are involved with our bill and thirdly, I don't know who the heck derek hambler is????  Has anyone had anything similar to this and can the moderators throw any light on it please.  I have sent it to reportphishing@gov.uk and talktalk but the copy I sent to Virgin at phishing@virginmedia.com was returned by the system administrator as an invalid address!!!  All very strange!

[MOD EDIT: Title (potential spoofed email)]

1 ACCEPTED SOLUTION

Accepted Solutions

Cardiffman282
Problem sorter

The Derek email is spam. I have sent a test message to the VM "phishing" address and it went through okay for me. The acknowledgement does say:

If you are trying to forward an email via Virgin Media Webmail and it is rejected due to containing Spam content, this is because there is outbound spam filtering on your webmail account. Should this happen, this means we are already aware of the spam email in question and have updated our spam filters to ensure it is no longer able to be sent to our platform.

---------------
Cancel VM here
Complain to VM
here
Demand compensation from VM here
Demand your call recordings here
Monitor the state of your VM connection here

See where this Helpful Answer was posted

11 REPLIES 11

Cardiffman282
Problem sorter

The Derek email is spam. I have sent a test message to the VM "phishing" address and it went through okay for me. The acknowledgement does say:

If you are trying to forward an email via Virgin Media Webmail and it is rejected due to containing Spam content, this is because there is outbound spam filtering on your webmail account. Should this happen, this means we are already aware of the spam email in question and have updated our spam filters to ensure it is no longer able to be sent to our platform.

---------------
Cancel VM here
Complain to VM
here
Demand compensation from VM here
Demand your call recordings here
Monitor the state of your VM connection here

Oh great, many thanks for that so I can now go ahead and delete it.  Also, thanks for the explanation about the returned email, much appreciated. 👍😊

nigelss
Up to speed

This email and others like it from that email address and name are definitely dangerous. If opened and instructions followed your 'puter will be infected. Shame i was running on autopilot and did just that. I have a full system image taken a day or so prior so I am getting ready to send my machine back in time after spending two days trying to sort it out. It is the only way to be sure that it has been removed completely. Hope it works, much to think about. First time in 28 years on the net. Will not happen again!

goslow
Alessandro Volta

At least you have a recent image to go back to. My usual rule of thumb with virus recovery tasks is to spend an hour on trying to remove the malware and no more. After that, it becomes a data recovery and reinstallation task or re-imaging.

I have found in the past that, even if you do remove the malware, it has often corrupted other aspects of the operating system and the computer often still throws up errors during normal use. And, as you say, you are never 100% certain you have cleared the malware entirely.

I loaded up the emergency recovery boot flash stick and it said my full system backup is corrupt. I thought I validated it at the time. Aargh! Acronis say you can still try to recover stuff from a corrupt archive. Also turns out that being told the archive file is corrupt does not necessarily mean the actual archive file is corrupt. Go figure. Being full system I can recover partitions or selected folders/files. I spent 14 hours on Sunday doing multiple file and folder recovery operations to recover all my user data to an external drive. All operations completed successfully. From examining the drive elsewhere it looks like the recovered stuff is ok. Random sampling of course! Now debating whether to clone the infected drive to a new one and try recovering the partitions to the clone. If that actually works, fine. If not, I haven't destroyed the infected drive and if necessary could use flash boot-based software to recover my files without getting infected windows involved. If the partition restore to clone fails I could do a clean reinstall of W10 22H2, try to reinstall my apps and user data, or do I just cut my losses, get a new laptop, and reinstall the apps I use and my user data? Current laptop is ten years old!

wishi
Superfast

Hi

I've just posted about this; sorry, I didn't see your post.

I'm getting them, too, and have done what you did, also reporting it to phishing@talktalk.net

 

Robertos42
Dialled in

I got one of these this morning. On opening the PDF file it was obvious that it was scammy.  I just hope just looking at the PDF was not a bad thing to do.

Hi @Robertos42 👋.

Thanks for reaching out to us, apologies that you are unsure of the validity of the email that was sent to you by us, please could you provide more details of the content of this email, and did you also click the email address to see if under the presentation email the real email address. 

Please let us know. 

Sabrina
 

Hi Sabrina

The title of the email was

Virgin_Media02 total change to your bill.

On opening it there was a PDF file which pointed to a link, which I didn't click on as the text in the pdf was so badly written and was obviously an attempt at phishing.  To be on the safe side I restored my PC using the previous days disk images, and deleted my outlook directory and restored from the previous days backup. The only slight doubt I have is if the PDF file may have been compromised. The email address it came from was a talktalk one. I forwarded the email to phishing@virginmedia.com and to reportphishing@gov.uk which was returned by the system administrator as being invalid.