We just had a phishing mail come through to wikimediauk-l a few days
ago. The email wasn't sent by the poster - but by someone else using
his email address. His university gave some advice, but I'm not sure
what they mean nor how to effectively implement this using any
settings we have in Mailman ... so in the general case, is there
anything we can do about this type of phishing mail?
- d.
---------- Forwarded message ----------
From: MCANDREW Ewan <Ewan.McAndrew(a)ed.ac.uk>
Date: 24 August 2017 at 11:10
Subject: FW: I170821-0616 about "Phidhing scam problem Fwd:
[Wikimediauk-l] #4947276 Invoice secondary Notice" has been resolved
To: Lucy Crompton-Reid <lucy.crompton-reid(a)wikimedia.org.uk>,
"john.lubbock(a)wikimedia.org.uk" <john.lubbock(a)wikimedia.org.uk>,
Richard Nevell <richard.nevell(a)wikimedia.org.uk>
Hi all,
Please see below message regarding the phishing message on the Wiki
mailing lists.
Are we able to provide the ‘pure mail headers’?
Best,
Ewan
Ewan McAndrew
Wikimedian in Residence
Tel: 07719 330076
Email: ewan.mcandrew(a)ed.ac.uk
Subscribe to the mailing list: wikimedia(a)mlist.is.ed.ac.uk
My working hours are 10.30am to 6.30pm Monday to Friday.
Wikipedia Project Page for the residency:
https://en.wikipedia.org/wiki/Wikipedia:University_of_Edinburgh
The University of Edinburgh, Floor H (West), Argyle House, 3 Lady
Lawson Street, Edinburgh, EH3 9DR.
www.ed.ac.uk
From: UoE UniDesk Number I170821-0616
Sent: 24 August 2017 10:04
To: MCANDREW Ewan
Subject: I170821-0616 about "Phidhing scam problem Fwd:
[Wikimediauk-l] #4947276 Invoice secondary Notice" has been resolved
Hello Ewan
The mail admins have taken a further look at this and have added the
following information:
'The quoted message is a digest containing the scam message and not
the original scam message. It contains no information to show where
the original came from as it only shows an excerpt of its headers.
However, it does *apparently* contain a from address like
Ewan.McAndrew(a)ed.ac.uk< liane.eichenberger(a)buendes-bueroservice.de>
and that *suggests* that the original *may* have come from
liane.eichenberger(a)buendes-bueroservice.de - but it is impossible to
be sure of anything without seeing the original. That would presumably
require the cooperation of the list manager or any list member who
receives individual messages rather than digests.'
In summary then ideally the UoE postmaster would need to see 'pure'
mail headers from an individual message, as opposed to those from a
digest.
Best wishes
Jono
....................
Hi,
full message header below ? please can you help.
NB: Wondering if this is actually a University of Edinburgh email
account problem or if it is a gmail or Wikimedia mailing list being
compromised problem however as I have received another phishing spam
message from a different email address from this Wikimedia mailing
list now (purporting to be from Jason Evans at the National Library of
Wales).
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
--
Richard Nevell
Project Coordinator
Wikimedia UK - sign up to our newsletter
+44 (0) 20 3372 0765
Wikimedia UK is a Company Limited by Guarantee registered in England
and Wales, Registered No. 6741827. Registered Charity No.1144513.
Registered Office 5-11 Lavington Street, London SE1 0NZ. United
Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
movement. The Wikimedia projects are run by the Wikimedia Foundation
(who operate Wikipedia, amongst other projects).
Wikimedia UK is an independent non-profit charity with no legal
control over Wikipedia nor responsibility for its contents.
Hello listadmins and sysadmins,
I've continued to receive bounce emails for wikimania-l through
wikimania-l-owner(a)lists.wikimedia.org , even though I have not known the
password of the list since the late 2015 Wikimedia-wide password reset and
https://lists.wikimedia.org/mailman/listinfo/wikimania-l isn't showing me
as an admin.
The fact that I'm getting bounce emails without being able to respond to
them is driving me nuts... Can a sysadmin figure out what happened, please?
Deryck
Hello,
Since a couple of hours I am receiving continuous subscription requests
from addresses such as sqoon+random_characters@domain and
sqoonart+random_characters@domain
I have added to the ban list the following regex to stop them from even
subscribing: ^sqoon.*
But I continue to receive them.
Any idea on how to amend the regex or outright block them from even send
subscription requests?
The list is metawiki-admins, a closed list.
Regards, M.
--
M. A.