We just had a phishing mail come through to wikimediauk-l a few days ago. The email wasn't sent by the poster - but by someone else using his email address. His university gave some advice, but I'm not sure what they mean nor how to effectively implement this using any settings we have in Mailman ... so in the general case, is there anything we can do about this type of phishing mail? - d. ---------- Forwarded message ---------- From: MCANDREW Ewan <Ewan.McAndrew(a)ed.ac.uk> Date: 24 August 2017 at 11:10 Subject: FW: I170821-0616 about "Phidhing scam problem Fwd: [Wikimediauk-l] #4947276 Invoice secondary Notice" has been resolved To: Lucy Crompton-Reid <lucy.crompton-reid(a)wikimedia.org.uk>uk>, "john.lubbock(a)wikimedia.org.uk" <john.lubbock(a)wikimedia.org.uk>uk>, Richard Nevell <richard.nevell(a)wikimedia.org.uk> Hi all, Please see below message regarding the phishing message on the Wiki mailing lists. Are we able to provide the ‘pure mail headers’? Best, Ewan Ewan McAndrew Wikimedian in Residence Tel: 07719 330076 Email: ewan.mcandrew(a)ed.ac.uk Subscribe to the mailing list: wikimedia(a)mlist.is.ed.ac.uk My working hours are 10.30am to 6.30pm Monday to Friday. Wikipedia Project Page for the residency: https://en.wikipedia.org/wiki/Wikipedia:University_of_Edinburgh The University of Edinburgh, Floor H (West), Argyle House, 3 Lady Lawson Street, Edinburgh, EH3 9DR. www.ed.ac.uk From: UoE UniDesk Number I170821-0616 Sent: 24 August 2017 10:04 To: MCANDREW Ewan Subject: I170821-0616 about "Phidhing scam problem Fwd: [Wikimediauk-l] #4947276 Invoice secondary Notice" has been resolved Hello Ewan The mail admins have taken a further look at this and have added the following information: 'The quoted message is a digest containing the scam message and not the original scam message. It contains no information to show where the original came from as it only shows an excerpt of its headers. However, it does *apparently* contain a from address like Ewan.McAndrew(a)ed.ac.uk< liane.eichenberger(a)buendes-bueroservice.de> and that *suggests* that the original *may* have come from liane.eichenberger(a)buendes-bueroservice.de - but it is impossible to be sure of anything without seeing the original. That would presumably require the cooperation of the list manager or any list member who receives individual messages rather than digests.' In summary then ideally the UoE postmaster would need to see 'pure' mail headers from an individual message, as opposed to those from a digest. Best wishes Jono .................... Hi, full message header below ? please can you help. NB: Wondering if this is actually a University of Edinburgh email account problem or if it is a gmail or Wikimedia mailing list being compromised problem however as I have received another phishing spam message from a different email address from this Wikimedia mailing list now (purporting to be from Jason Evans at the National Library of Wales). -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. -- Richard Nevell Project Coordinator Wikimedia UK - sign up to our newsletter +44 (0) 20 3372 0765 Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 5-11 Lavington Street, London SE1 0NZ. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects). Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents. _______________________________________________ Listadmins mailing list Listadmins(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins

We just had a phishing mail come through to wikimediauk-l a few days ago. The email wasn't sent by the poster - but by someone else using his email address. His university gave some advice, but I'm not sure what they mean nor how to effectively implement this using any settings we have in Mailman ... so in the general case, is there anything we can do about this type of phishing mail? - d. ---------- Forwarded message ---------- From: MCANDREW Ewan <Ewan.McAndrew(a)ed.ac.uk> Date: 24 August 2017 at 11:10 Subject: FW: I170821-0616 about "Phidhing scam problem Fwd: [Wikimediauk-l] #4947276 Invoice secondary Notice" has been resolved To: Lucy Crompton-Reid <lucy.crompton-reid(a)wikimedia.org.uk>uk>, "john.lubbock(a)wikimedia.org.uk" <john.lubbock(a)wikimedia.org.uk>uk>, Richard Nevell <richard.nevell(a)wikimedia.org.uk> Hi all, Please see below message regarding the phishing message on the Wiki mailing lists. Are we able to provide the ‘pure mail headers’? Best, Ewan Ewan McAndrew Wikimedian in Residence Tel: 07719 330076 Email: ewan.mcandrew(a)ed.ac.uk Subscribe to the mailing list: wikimedia(a)mlist.is.ed.ac.uk My working hours are 10.30am to 6.30pm Monday to Friday. Wikipedia Project Page for the residency: https://en.wikipedia.org/wiki/Wikipedia:University_of_Edinburgh The University of Edinburgh, Floor H (West), Argyle House, 3 Lady Lawson Street, Edinburgh, EH3 9DR. www.ed.ac.uk From: UoE UniDesk Number I170821-0616 Sent: 24 August 2017 10:04 To: MCANDREW Ewan Subject: I170821-0616 about "Phidhing scam problem Fwd: [Wikimediauk-l] #4947276 Invoice secondary Notice" has been resolved Hello Ewan The mail admins have taken a further look at this and have added the following information: 'The quoted message is a digest containing the scam message and not the original scam message. It contains no information to show where the original came from as it only shows an excerpt of its headers. However, it does *apparently* contain a from address like Ewan.McAndrew(a)ed.ac.uk< liane.eichenberger(a)buendes-bueroservice.de> and that *suggests* that the original *may* have come from liane.eichenberger(a)buendes-bueroservice.de - but it is impossible to be sure of anything without seeing the original. That would presumably require the cooperation of the list manager or any list member who receives individual messages rather than digests.' In summary then ideally the UoE postmaster would need to see 'pure' mail headers from an individual message, as opposed to those from a digest. Best wishes Jono .................... Hi, full message header below ? please can you help. NB: Wondering if this is actually a University of Edinburgh email account problem or if it is a gmail or Wikimedia mailing list being compromised problem however as I have received another phishing spam message from a different email address from this Wikimedia mailing list now (purporting to be from Jason Evans at the National Library of Wales). -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. -- Richard Nevell Project Coordinator Wikimedia UK - sign up to our newsletter +44 (0) 20 3372 0765 Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 5-11 Lavington Street, London SE1 0NZ. United Kingdom. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects). Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents. _______________________________________________ Listadmins mailing list Listadmins(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins