Dear ,
I’m sorry, but I was unable to reach you on your cell phone so I am contacting you through this email about the status of this invoice below.
http://totalvictorymma.com/Copy-Invoice-0384/
Respectfully Yours,
Ewan.McAndrew@ed.ac.uk
I'm guessing this is phishing spam?
On Mon, 21 Aug 2017, 04:17 Ewan.McAndrew@ed.ac.uk invoicing@kibamf.com wrote:
Dear ,
I’m sorry, but I was unable to reach you on your cell phone so I am contacting you through this email about the status of this invoice below.
http://totalvictorymma.com/Copy-Invoice-0384/
Respectfully Yours,
Ewan.McAndrew@ed.ac.uk_______________________________________________ Wikimedia UK mailing list wikimediauk-l@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Oh definitely, please avoid! Same goes for anyone else receiving something like this. Unless you are expecting an invoice from Wikimedia UK, which a) seems unlikely and b) would almost certainly not come from Ewan. Thanks for sharing Owen so people can be on their guard...Best, Lucy
On 21 August 2017 at 10:10, Owen Blacker owen@blacker.me.uk wrote:
I'm guessing this is phishing spam?
On Mon, 21 Aug 2017, 04:17 Ewan.McAndrew@ed.ac.uk invoicing@kibamf.com wrote:
Dear ,
I’m sorry, but I was unable to reach you on your cell phone so I am contacting you through this email about the status of this invoice below.
http://totalvictorymma.com/Copy-Invoice-0384/
Respectfully Yours,
Ewan.McAndrew@ed.ac.uk_______________________________________________ Wikimedia UK mailing list wikimediauk-l@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Wikimedia UK mailing list wikimediauk-l@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Sorry just saw that this actually came to the whole mailing list, not directly to Owen...but my point still stands!
On 21 August 2017 at 10:10, Owen Blacker owen@blacker.me.uk wrote:
I'm guessing this is phishing spam?
On Mon, 21 Aug 2017, 04:17 Ewan.McAndrew@ed.ac.uk invoicing@kibamf.com wrote:
Dear ,
I’m sorry, but I was unable to reach you on your cell phone so I am contacting you through this email about the status of this invoice below.
http://totalvictorymma.com/Copy-Invoice-0384/
Respectfully Yours,
Ewan.McAndrew@ed.ac.uk_______________________________________________ Wikimedia UK mailing list wikimediauk-l@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Wikimedia UK mailing list wikimediauk-l@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
For those that are interested, the spammer's IP seems to be 189.223.76.180, which geolocates to Rosarito, Estado de Baja California, Mexico and their ISP is Telefonos del Noroeste, S.A. de C.V. if anyone wants to complain. They are simply using Ewan's name in the From: field, but it's worth him running a malware check just in case.
I've sent a report via SpamCop anyway.
Thank you :)
On 21 August 2017 at 17:16, Rex X rexx@blueyonder.co.uk wrote:
For those that are interested, the spammer's IP seems to be 189.223.76.180, which geolocates to Rosarito, Estado de Baja California, Mexico and their ISP is Telefonos del Noroeste, S.A. de C.V. if anyone wants to complain. They are simply using Ewan's name in the From: field, but it's worth him running a malware check just in case.
I've sent a report via SpamCop anyway.
-- Rexx
On 21 August 2017 at 11:09 Lucy Crompton-Reid lucy.crompton-reid@wikimedia.org.uk wrote:
Sorry just saw that this actually came to the whole mailing list, not directly to Owen...but my point still stands!
On 21 August 2017 at 10:10, Owen Blacker owen@blacker.me.uk wrote:
I'm guessing this is phishing spam?
On Mon, 21 Aug 2017, 04:17 Ewan.McAndrew@ed.ac.uk <
invoicing@kibamf.com>
wrote:
Dear ,
I’m sorry, but I was unable to reach you on your cell phone so I am contacting you through this email about the status of this invoice
below.
http://totalvictorymma.com/Copy-Invoice-0384/
Respectfully Yours,
Ewan.McAndrew@ed.ac.uk_______________________________________________ Wikimedia UK mailing list wikimediauk-l@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l
Wikimedia UK mailing list wikimediauk-l@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
On 21/08/17 17:16, Rex X wrote:
For those that are interested, the spammer's IP seems to be 189.223.76.180, which geolocates to Rosarito, Estado de Baja California, Mexico and their ISP is Telefonos del Noroeste, S.A. de C.V. if anyone wants to complain. They are simply using Ewan's name in the From: field, but it's worth him running a malware check just in case.
How did they link Ewan's email address to this email list?
Gordo
On 21/08/2017 21:34, Gordon Joly wrote:
On 21/08/17 17:16, Rex X wrote:
For those that are interested, the spammer's IP seems to be 189.223.76.180, which geolocates to Rosarito, Estado de Baja California, Mexico and their ISP is Telefonos del Noroeste, S.A. de C.V. if anyone wants to complain. They are simply using Ewan's name in the From: field, but it's worth him running a malware check just in case.
How did they link Ewan's email address to this email list?
Perhaps the dozens of messages that Ewan has posted to this email list FROM that email address on the many archive publicly available of wikimediauk-l?
Katie
On 22/08/17 01:00, Katie Chan wrote:
Perhaps the dozens of messages that Ewan has posted to this email list FROM that email address on the many archive publicly available of wikimediauk-l?
Or the inner workings of his own mail client?
Gordo
There's always a possibility that Ewan's mail client is compromised, of course, so that scanning with a good malware detector is sensible. I usually recommend "Malwarebytes free", but others also do the job.
It's just as likely that his email address has been "harvested" by automated programs scanning publicly available email archives, and Ewan also displays his email address in clear text on his Wikipedia user page, which I would recommend against as well.
On 22/08/17 11:54, Rex X wrote:
It's just as likely that his email address has been "harvested" by automated programs scanning publicly available email archives, and Ewan also displays his email address in clear text on his Wikipedia user page, which I would recommend against as well.
It is possible to *munge* the sender's address in Mailman.
The from field would then look like this:
FROM: A. N. Other via WMUK (wikimediauk-l@lists.wikimedia.org).
Gordo
That's what happened, Gordo.
Look at the source of the original post and it's obviously originating from 189.223.76.180 (Tijuana), despite the spoofed "From:" field. You can't spoof the originating IP, because it's added by the first relay, not by the original poster.
wikimediauk-l@lists.wikimedia.org