Very personal phishing attempt.
October 4, 2017 4:12 AM Subscribe
Someone used both my name and a close friend's name on a phishing attempt I received by email a few days ago. Can this be automated, and if it can't, how worried should I be about an apparently personal attack?
A few days ago, I saw I had received an email from one of my best friends who lives in the Netherlands. It turned up in gmail, and since it used her full name I did not scrutinise the actual email address. I just opened it.
*THIS IS THE ACTUAL SERVER IN THE LINK, DO NOT CLICK!!*
It was a short email-- just said "i hope you might appreciate it http://nmy.oiuanp.press/frumious-bandersnatch/"
Now, the grammar should have given it away, but since this friend is not one for long emails, and since the email had my full name in both the link, and since the email apparently came from a close friend-- I clicked the link. (Friend in question is a designer and artist, so it is entirely plausible that she would create something visual for me, and then send me a link to view. It's also very close to my birthday. So again, plausible.)
I got nothing. It hung a long time and then I got a message that the server could not be reached.
So I hit reply and told my friend-- "I'd like to take a look, but do you have the address right? I just get an error message that I can't reach the server." A few hours later I got back a response saying--"I don't know you." So then I looked more closely and realised the email address was attached to a German recording studio web site. The headers seem to point to a relay server, also in Germany. A Google search reveals this server is often used to send spam.
I tried to traceroute to the server in the email link, but get a Bad IP address error message.
I've asked my friend, and she (of course) did not send me the original message.
A couple of questions.
1.
Whoever sent this had both my full name and the full name of one of my best friends. My full name is not obvious from my email address. Is there a spam tool out there which could somehow mass strip this information?
2.
Could this (paranoia level: mild) be some kind of personal attempt to get into my computer? If so, is there any reaction I should have? Anything I should be doing? I mean, I'm just a middle manager and I can't think for the life of me why I would be a hacking target.
3.
Could clicking on the apparently dead link (paranoia level: high) have done something even if it reported it couldn't connect to the server?
4.
Is there a simple explanation I'm overlooking? I'd be happy to hear it if there is, because I find this kind of spooky. I mean, I get many many many phishing attempts in my junk box, but I've never gotten anything like this before. But I'd be happy to be proved clueless.
Thanks!
A few days ago, I saw I had received an email from one of my best friends who lives in the Netherlands. It turned up in gmail, and since it used her full name I did not scrutinise the actual email address. I just opened it.
*THIS IS THE ACTUAL SERVER IN THE LINK, DO NOT CLICK!!*
It was a short email-- just said "i hope you might appreciate it http://nmy.oiuanp.press/frumious-bandersnatch/"
Now, the grammar should have given it away, but since this friend is not one for long emails, and since the email had my full name in both the link, and since the email apparently came from a close friend-- I clicked the link. (Friend in question is a designer and artist, so it is entirely plausible that she would create something visual for me, and then send me a link to view. It's also very close to my birthday. So again, plausible.)
I got nothing. It hung a long time and then I got a message that the server could not be reached.
So I hit reply and told my friend-- "I'd like to take a look, but do you have the address right? I just get an error message that I can't reach the server." A few hours later I got back a response saying--"I don't know you." So then I looked more closely and realised the email address was attached to a German recording studio web site. The headers seem to point to a relay server, also in Germany. A Google search reveals this server is often used to send spam.
I tried to traceroute to the server in the email link, but get a Bad IP address error message.
I've asked my friend, and she (of course) did not send me the original message.
A couple of questions.
1.
Whoever sent this had both my full name and the full name of one of my best friends. My full name is not obvious from my email address. Is there a spam tool out there which could somehow mass strip this information?
2.
Could this (paranoia level: mild) be some kind of personal attempt to get into my computer? If so, is there any reaction I should have? Anything I should be doing? I mean, I'm just a middle manager and I can't think for the life of me why I would be a hacking target.
3.
Could clicking on the apparently dead link (paranoia level: high) have done something even if it reported it couldn't connect to the server?
4.
Is there a simple explanation I'm overlooking? I'd be happy to hear it if there is, because I find this kind of spooky. I mean, I get many many many phishing attempts in my junk box, but I've never gotten anything like this before. But I'd be happy to be proved clueless.
Thanks!
Best answer: The simple explanation that you’re overlooking is that someone got access to your friend’s contacts list, possibly through a phishing scam much like this one, and your friend had your email address associated with your real name. Or if not this friend, another friend who knows you both.
posted by mskyle at 4:26 AM on October 4, 2017 [11 favorites]
posted by mskyle at 4:26 AM on October 4, 2017 [11 favorites]
Yeah the easy/common way to do this is hack the email account of person A, who has person B and person C on their contact list, then email B posing as C because chances are they know each other.
posted by EndsOfInvention at 4:47 AM on October 4, 2017 [3 favorites]
posted by EndsOfInvention at 4:47 AM on October 4, 2017 [3 favorites]
It's likely that your friend's e-mail contact list became compromised at some point and your address was stripped, probably along with many others. This has happened to me several times, where it looked like an e-mail came from a friend, but it was just that their account was hacked. Chances that it was a personal attack are extremely low.
posted by merriment at 4:50 AM on October 4, 2017 [1 favorite]
posted by merriment at 4:50 AM on October 4, 2017 [1 favorite]
Best answer: I've been getting these. They're addressed to me, and APPEAR to come from my son, but if I check the address, it's not one I know. They're always short and ask me to click a link without really explaining why. But I will not click a link I don't know without a lot more explanation than a vague "look at this!" and neither should you. Always make sure the purported link matches the actual link (hover over it and check the status line), and if it's not something you know, double-check with the sender.
posted by ubiquity at 6:54 AM on October 4, 2017 [2 favorites]
posted by ubiquity at 6:54 AM on October 4, 2017 [2 favorites]
This happens a lot. I get them "from" older relatives a lot, but have also heard from people once or twice that a phishing email with my name in the "from" had been received.
Change your passwords, let the person named know about it, but I don't think there's anything particularly worrisome about it (I mean, compared to other phishing scams).
posted by rabbitrabbit at 11:28 AM on October 4, 2017 [1 favorite]
Change your passwords, let the person named know about it, but I don't think there's anything particularly worrisome about it (I mean, compared to other phishing scams).
posted by rabbitrabbit at 11:28 AM on October 4, 2017 [1 favorite]
Response by poster: Thanks a lot for the answers, and very relieved to be proven clueless. I haven't seen one of these before, so I stepped straight into it.
posted by frumiousb at 3:13 PM on October 4, 2017
posted by frumiousb at 3:13 PM on October 4, 2017
There are no small number of professional phishers now, and they're very good at doing personalization at scale. They put a lot of time into targeting emails, thousands if not millions at a time, the results are far better this way.
posted by Blake at 3:21 PM on October 4, 2017 [1 favorite]
posted by Blake at 3:21 PM on October 4, 2017 [1 favorite]
A good friend died a couple years back, and today I got yet another email from "him". These people deserve to burn in hell.
posted by carterk at 9:51 PM on October 4, 2017
posted by carterk at 9:51 PM on October 4, 2017
This thread is closed to new comments.
You should scan your system for viruses and malware and advise your friend to do the same.
posted by xyzzy at 4:25 AM on October 4, 2017 [5 favorites]