How did the phishers get my email address?
March 21, 2007 2:37 PM Subscribe
My SO and I are receiving phishing emails on brand new email addresses. The addresses hadn't been given out to anyone when the first ones arrived. Are spammers just constructing likely email addresses and sending blindly? If not, how is this happening?
We recently switched to one of the major ISPs. We didn't receive much spam on our little local ISP, though their filtering might have been better. Could our new ISP be leaking our email addresses?
We recently switched to one of the major ISPs. We didn't receive much spam on our little local ISP, though their filtering might have been better. Could our new ISP be leaking our email addresses?
I'm guessing your email is through your ISP then?
If it's a major company, then it would be very easy for a spammer to just randomly guess emails...
say
dansmithatgmail.com is probably a valid email address
or
rockerrocksatyahoo.com
posted by drezdn at 2:58 PM on March 21, 2007
If it's a major company, then it would be very easy for a spammer to just randomly guess emails...
say
dansmithatgmail.com is probably a valid email address
or
rockerrocksatyahoo.com
posted by drezdn at 2:58 PM on March 21, 2007
Yes, some spammers do dictionary attacks on popular domains (and occasionally on less common ones). If the mailbox names are common strings, or combinations thereof, you might have that problem.
Security by Obscurity works as poorly for mailbox names as for other things... :-)
posted by baylink at 3:08 PM on March 21, 2007
Security by Obscurity works as poorly for mailbox names as for other things... :-)
posted by baylink at 3:08 PM on March 21, 2007
sidenote: some people do this deliberately to help catch spammers: if you create an address and don't tell anyone about it, any email that address receives is guaranteed to be spam.
posted by contraption at 3:20 PM on March 21, 2007
posted by contraption at 3:20 PM on March 21, 2007
Response by poster: Thanks all for your answers. We were just concerned that it was someone at the ISP leaking our addresses. I was also thinking that just randomly constructing email addresses might be too large and empty a search space to be useful for spammers.
I think I'll try setting up an email address with a random string of characters just to settle the matter in our minds.
I also thought about the possibility of keyloggers on my machine, but I use AVG/spybot/ad-aware on a fully patched XP machine, so hopefully that issue is covered.
I'm still open to other answers if you have any ideas...
posted by DarkForest at 3:25 PM on March 21, 2007
I think I'll try setting up an email address with a random string of characters just to settle the matter in our minds.
I also thought about the possibility of keyloggers on my machine, but I use AVG/spybot/ad-aware on a fully patched XP machine, so hopefully that issue is covered.
I'm still open to other answers if you have any ideas...
posted by DarkForest at 3:25 PM on March 21, 2007
Best answer: I was also thinking that just randomly constructing email addresses might be too large and empty a search space to be useful for spammers.
Nothing's too large a problem when you've got hundreds of thousands of virused computers at your disposal.
posted by SpecialK at 3:35 PM on March 21, 2007
Nothing's too large a problem when you've got hundreds of thousands of virused computers at your disposal.
posted by SpecialK at 3:35 PM on March 21, 2007
Oh, and chances are what they're doing is a dictionary attack based on online phone book sites that they've spidered. So they'll take all the last names they get and combine first initials with them,
So the random address might not work, but if yours and your wives email addresses are like 'dforest1@isp.com' and 'wforest@isp.com' or 'dark@forest.com'/'schmoopy@forest.com' or other variations on your real name, then it's likely a random address won't get hit with spam right away.
posted by SpecialK at 3:37 PM on March 21, 2007
So the random address might not work, but if yours and your wives email addresses are like 'dforest1@isp.com' and 'wforest@isp.com' or 'dark@forest.com'/'schmoopy@forest.com' or other variations on your real name, then it's likely a random address won't get hit with spam right away.
posted by SpecialK at 3:37 PM on March 21, 2007
It is amazing the data these guys can randomly generate; I recently got some stock spam that was "sent by" an old friend; the only thing is he never owned a compter or email account and has been dead for over six years. He did have a reasonably common name, however, so it is not entirely surprising that a large dictionary attack eventually generated it.
posted by TedW at 3:40 PM on March 21, 2007
posted by TedW at 3:40 PM on March 21, 2007
Best answer: Even easier than scraping common last names and whatnot, the spammer already has a list of millions of email addresses, so it's pretty easy to just take all unique "name@" (part before the @) strings and brute force them against the @newdomain.com. In other words, if you have ever used a "foobar@hotmail" then be sure to expect "foobar@somenewdomain" to be brute forced at some point.
posted by Rhomboid at 6:25 PM on March 21, 2007
posted by Rhomboid at 6:25 PM on March 21, 2007
Generally, most spam solutions work pretty poorly at least some of the time. Spam is an ongoing, ever escalating war where the incentives are pretty high to keep going.
I'd bet that it was a dictionary attack. Between cheap computing power, botnets, and cheap bandwidth, spamming is easier than ever.
Not to totally shill, but I work for a new company called Boxbe.com that has a slightly different take on the problem. Instead of an ever escalating technology war, we've made it so that if someone wants to email you, they must be in your address book (a whitelist), take a test or pay a fee. No one else gets through. You can use Boxbe as a forwarding email address and give it out to anyone you like.
We just launched integration with GMail, so you don't have to change email addresses.
http://blog.boxbe.com/help/how-to/integrating-boxbe-with-gmail
Cheers,
Randy Stewart
randy@boxbe.com
posted by randy_stewart at 6:28 PM on March 21, 2007
I'd bet that it was a dictionary attack. Between cheap computing power, botnets, and cheap bandwidth, spamming is easier than ever.
Not to totally shill, but I work for a new company called Boxbe.com that has a slightly different take on the problem. Instead of an ever escalating technology war, we've made it so that if someone wants to email you, they must be in your address book (a whitelist), take a test or pay a fee. No one else gets through. You can use Boxbe as a forwarding email address and give it out to anyone you like.
We just launched integration with GMail, so you don't have to change email addresses.
http://blog.boxbe.com/help/how-to/integrating-boxbe-with-gmail
Cheers,
Randy Stewart
randy@boxbe.com
posted by randy_stewart at 6:28 PM on March 21, 2007
Some googling might help you determine if your ISP has unusual spam problems. If they have web-based tools, like a tasklist for installers, and list your email address, a bot might find it. Gmail is doing a great job at detecting spam on 1 account with a more predictable name, and another account is nearly spamless, since theora55 is not as predictable.
posted by theora55 at 11:12 AM on March 22, 2007
posted by theora55 at 11:12 AM on March 22, 2007
This thread is closed to new comments.
posted by tmcw at 2:40 PM on March 21, 2007