Ewan,
A full copy of the original email including full headers can be accessed
here:
https://pastebin.com/BaTMUArr
All,
You're over thinking this. Either someone subscribed the email address
invoicing(a)kibamf.com to wikimediauk-l, or they knew it was already a
subscriber. And then they sent a message specifying that email address
in the From field. Hey pesto, message delivered.
Additionally, in the From Name where people specify their real name
(e.g. I would specify "Katie Chan" or for example in David's case
"David
Gerard"", they specified "Ewan.McAndrew(a)ed.ac.uk"c.uk".
That is an entirely sender specified property, even fixing T160529
wouldn't stop that (though I would obviously want that fixed!).
Regards,
Katie
On 24/08/2017 21:10, David Gerard wrote:
We just had a phishing mail come through to
wikimediauk-l a few days
ago. The email wasn't sent by the poster - but by someone else using
his email address. His university gave some advice, but I'm not sure
what they mean nor how to effectively implement this using any
settings we have in Mailman ... so in the general case, is there
anything we can do about this type of phishing mail?
- d.
---------- Forwarded message ----------
From: MCANDREW Ewan <Ewan.McAndrew(a)ed.ac.uk>
Date: 24 August 2017 at 11:10
Subject: FW: I170821-0616 about "Phidhing scam problem Fwd:
[Wikimediauk-l] #4947276 Invoice secondary Notice" has been resolved
To: Lucy Crompton-Reid <lucy.crompton-reid(a)wikimedia.org.uk>uk>,
"john.lubbock(a)wikimedia.org.uk" <john.lubbock(a)wikimedia.org.uk>uk>,
Richard Nevell <richard.nevell(a)wikimedia.org.uk>
Hi all,
Please see below message regarding the phishing message on the Wiki
mailing lists.
Are we able to provide the ‘pure mail headers’?
Best,
Ewan
Ewan McAndrew
Wikimedian in Residence
Tel: 07719 330076
Email: ewan.mcandrew(a)ed.ac.uk
Subscribe to the mailing list: wikimedia(a)mlist.is.ed.ac.uk
My working hours are 10.30am to 6.30pm Monday to Friday.
Wikipedia Project Page for the residency:
https://en.wikipedia.org/wiki/Wikipedia:University_of_Edinburgh
The University of Edinburgh, Floor H (West), Argyle House, 3 Lady
Lawson Street, Edinburgh, EH3 9DR.
www.ed.ac.uk
From: UoE UniDesk Number I170821-0616
Sent: 24 August 2017 10:04
To: MCANDREW Ewan
Subject: I170821-0616 about "Phidhing scam problem Fwd:
[Wikimediauk-l] #4947276 Invoice secondary Notice" has been resolved
Hello Ewan
The mail admins have taken a further look at this and have added the
following information:
'The quoted message is a digest containing the scam message and not
the original scam message. It contains no information to show where
the original came from as it only shows an excerpt of its headers.
However, it does *apparently* contain a from address like
Ewan.McAndrew(a)ed.ac.uk< liane.eichenberger(a)buendes-bueroservice.de>
and that *suggests* that the original *may* have come from
liane.eichenberger(a)buendes-bueroservice.de - but it is impossible to
be sure of anything without seeing the original. That would presumably
require the cooperation of the list manager or any list member who
receives individual messages rather than digests.'
In summary then ideally the UoE postmaster would need to see 'pure'
mail headers from an individual message, as opposed to those from a
digest.
Best wishes
Jono
....................
Hi,
full message header below ? please can you help.
NB: Wondering if this is actually a University of Edinburgh email
account problem or if it is a gmail or Wikimedia mailing list being
compromised problem however as I have received another phishing spam
message from a different email address from this Wikimedia mailing
list now (purporting to be from Jason Evans at the National Library of
Wales).
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
--
Richard Nevell
Project Coordinator
Wikimedia UK - sign up to our newsletter
+44 (0) 20 3372 0765
Wikimedia UK is a Company Limited by Guarantee registered in England
and Wales, Registered No. 6741827. Registered Charity No.1144513.
Registered Office 5-11 Lavington Street, London SE1 0NZ. United
Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia
movement. The Wikimedia projects are run by the Wikimedia Foundation
(who operate Wikipedia, amongst other projects).
Wikimedia UK is an independent non-profit charity with no legal
control over Wikipedia nor responsibility for its contents.
_______________________________________________
Listadmins mailing list
Listadmins(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/listadmins
--
Katie Chan
Any views or opinions presented in this e-mail are solely those of the
author and do not necessarily represent the view of any organisation the
author is associated with or employed by.
Experience is a good school but the fees are high.
- Heinrich Heine
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus