Trevor Cordes (and myself) use vendor specific email addresses when we sign up for services (it's easy when you control your own domain).
Manitoba Hydro sends me email to 'manitobahydro@yourowndomain.com' Shaw send me email to 'shaw@yourowndomain.com' ...etc...
For several months now, both Trevor and myself have noticed spammers using our Manitoba Hydro vendor specific email addresses.
So how (and when) did Manitoba Hydro get their email accounts list hacked?
If so, what else got hacked? Our per-authorized Debit information?!?
If not, then did they actually sell their email accounts lists to spam lists?
I can see spammers sending generic *names* to various domains (ie. trevor@yourowndomain.com or brad@yourowndomain.com) but I can not see spammers sending 'manitobahydro' to various domains without some per-initializing from somewhere.
Just my rant for the week/day/hour...
...P.S. If anyone wants to meet some desperate Russian chick feel free to believe in the spam...
=== Bradford C. Vokey
Treasurer Manitoba Unix User Group ===
-------- Forwarded Message -------- Subject: Allow me to introduce ... to you. Date: Sat, 25 Apr 2015 19:14:40 +0300 From: mstanton@packeteer.com To: manitobahydro@fsi.ca
Greetings! How's it going? I found out your email in the agency of acquaintances. They also told me you are not married and you wish to meet a sweetheart. I decided to try to email you and get to know you better. I will tell you some information about myself. I am 28 years old. No kids. I would like to meet a sane and responsible person. I do not need to play any online games, I would like to have serious relationship only. If you are interested to know more about my life, please tell me and I will be happy to tell you more info about myself and I will also send you photos!
My private email: lina-fo@rambler.ru
Elena
On 2015-04-25 Bradford C. Vokey wrote:
Trevor Cordes (and myself) use vendor specific email addresses when we sign up for services (it's easy when you control your own domain).
Yes, it's shocking the number of big companies that leak my email:
xerox primus hydro viewsonic seagate ...
there's dozens, at least.
Also, I've found those little paper-based "enter to win" boxes at local food joints / stores are all just big lying spam traps. I think they are just phishing scams but in the physical world. Sometimes when I have nothing better to do I'll enter those (with a unique email address) and within months I get hundreds of spams to that address, and AFAIK no one ever wins everything. I guess I fell for a "brick & mortar" scam; were it a cyber scam I'd never fall for it. Luckily I can just /dev/null that one-off address. "Woodlands" is the worst: they claim to give away a nice looking oil painting each month. All they give away is spam. Since this is in the "real world" and in Canada, why aren't the cops on their case? I mean, someone has to pick up the little boxes! Someone has to get consent from the retail establishment.
So how (and when) did Manitoba Hydro get their email accounts list hacked?
If so, what else got hacked? Our per-authorized Debit information?!?
Ha, ya. One would hope they'd be in separate DBs!
If not, then did they actually sell their email accounts lists to spam lists?
That I *seriously* doubt. They'd get in big doodoo for that. Now, did a single employee steal the list and sell it? Maybe... More likely they were compromised somehow.
...P.S. If anyone wants to meet some desperate Russian chick feel free to believe in the spam...
Doh! By including the spam in your posting you a) got your email put in my possible-spam-(low) folder, and b) present me with the dilemma of whether to mark the entire email as spam or not-spam :-) I know Bayes will most likely "do the right thing" but I can't see anything good about giving "Russian chick" a less-spammy Bayesian weighting. Hmm, I guess I will have to mark it as not-spam, as I don't yet have a maildir folder called: "keep these emails, they look spammy but are not, so don't train on them". That seems just one step too far down the road to insanity.
;-)
I gave up doing that after the Venetian hotel in Vegas accused me of hacking their systems when I *reported* email database leakage... "The best defense is a good offense" - as long as you've got the right target in your sights. -Adam
On April 26, 2015 12:13:25 AM CDT, Trevor Cordes trevor@tecnopolis.ca wrote:
On 2015-04-25 Bradford C. Vokey wrote:
Trevor Cordes (and myself) use vendor specific email addresses when we sign up for services (it's easy when you control your own domain).
Yes, it's shocking the number of big companies that leak my email:
xerox primus hydro viewsonic seagate ...
there's dozens, at least.
Also, I've found those little paper-based "enter to win" boxes at local food joints / stores are all just big lying spam traps. I think they are just phishing scams but in the physical world. Sometimes when I have nothing better to do I'll enter those (with a unique email address) and within months I get hundreds of spams to that address, and AFAIK no one ever wins everything. I guess I fell for a "brick & mortar" scam; were it a cyber scam I'd never fall for it. Luckily I can just /dev/null that one-off address. "Woodlands" is the worst: they claim to give away a nice looking oil painting each month. All they give away is spam. Since this is in the "real world" and in Canada, why aren't the cops on their case? I mean, someone has to pick up the little boxes! Someone has to get consent from the retail establishment.
So how (and when) did Manitoba Hydro get their email accounts list hacked?
If so, what else got hacked? Our per-authorized Debit information?!?
Ha, ya. One would hope they'd be in separate DBs!
If not, then did they actually sell their email accounts lists to spam lists?
That I *seriously* doubt. They'd get in big doodoo for that. Now, did a single employee steal the list and sell it? Maybe... More likely they were compromised somehow.
...P.S. If anyone wants to meet some desperate Russian chick feel free to believe in the spam...
Doh! By including the spam in your posting you a) got your email put in my possible-spam-(low) folder, and b) present me with the dilemma of whether to mark the entire email as spam or not-spam :-) I know Bayes will most likely "do the right thing" but I can't see anything good about giving "Russian chick" a less-spammy Bayesian weighting. Hmm, I guess I will have to mark it as not-spam, as I don't yet have a maildir folder called: "keep these emails, they look spammy but are not, so don't train on them". That seems just one step too far down the road to insanity.
;-) _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
I too have been using vendor-specific "from" addresses on my on domains for a long time (e.g., hws-sobeys@marityme.net), albeit for a different reason - to easily get rid of "subscriptions" if a vendor doesn't want to honour an unsubscribe request (all I do then is delete the vendor-specific "from" address).
Hartmut W Sager - Tel +1-204-339-8331
On 25 April 2015 at 19:40, Bradford C. Vokey brad@fsi.ca wrote:
Trevor Cordes (and myself) use vendor specific email addresses when we sign up for services (it's easy when you control your own domain).
Manitoba Hydro sends me email to 'manitobahydro@yourowndomain.com' Shaw send me email to 'shaw@yourowndomain.com' ...etc...
For several months now, both Trevor and myself have noticed spammers using our Manitoba Hydro vendor specific email addresses.
So how (and when) did Manitoba Hydro get their email accounts list hacked?
If so, what else got hacked? Our per-authorized Debit information?!?
If not, then did they actually sell their email accounts lists to spam lists?
I can see spammers sending generic *names* to various domains (ie. trevor@yourowndomain.com or brad@yourowndomain.com) but I can not see spammers sending 'manitobahydro' to various domains without some per-initializing from somewhere.
Just my rant for the week/day/hour...
...P.S. If anyone wants to meet some desperate Russian chick feel free to believe in the spam...
=== Bradford C. Vokey
Treasurer Manitoba Unix User Group ===
-------- Forwarded Message -------- Subject: Allow me to introduce ... to you. Date: Sat, 25 Apr 2015 19:14:40 +0300 From: mstanton@packeteer.com To: manitobahydro@fsi.ca
Greetings! How's it going? I found out your email in the agency of acquaintances. They also told me you are not married and you wish to meet a sweetheart. I decided to try to email you and get to know you better. I will tell you some information about myself. I am 28 years old. No kids. I would like to meet a sane and responsible person. I do not need to play any online games, I would like to have serious relationship only. If you are interested to know more about my life, please tell me and I will be happy to tell you more info about myself and I will also send you photos!
My private email: lina-fo@rambler.ru
Elena
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
I also have vendor specific addresses setup on my domain including Manitoba Hydro, I have received 0 spam on that address since it was setup about 1 year ago.
On 15-04-26 12:44 PM, Hartmut W Sager wrote:
I too have been using vendor-specific "from" addresses on my on domains for a long time (e.g., hws-sobeys@marityme.net mailto:hws-sobeys@marityme.net), albeit for a different reason - to easily get rid of "subscriptions" if a vendor doesn't want to honour an unsubscribe request (all I do then is delete the vendor-specific "from" address).
Hartmut W Sager - Tel +1-204-339-8331
On 25 April 2015 at 19:40, Bradford C. Vokey <brad@fsi.ca mailto:brad@fsi.ca> wrote:
Trevor Cordes (and myself) use vendor specific email addresses when we sign up for services (it's easy when you control your own domain). Manitoba Hydro sends me email to 'manitobahydro@yourowndomain.com <mailto:manitobahydro@yourowndomain.com>' Shaw send me email to 'shaw@yourowndomain.com <mailto:shaw@yourowndomain.com>' ...etc... For several months now, both Trevor and myself have noticed spammers using our Manitoba Hydro vendor specific email addresses. So how (and when) did Manitoba Hydro get their email accounts list hacked? If so, what else got hacked? Our per-authorized Debit information?!? If not, then did they actually sell their email accounts lists to spam lists? I can see spammers sending generic *names* to various domains (ie. trevor@yourowndomain.com <mailto:trevor@yourowndomain.com> or brad@yourowndomain.com <mailto:brad@yourowndomain.com>) but I can not see spammers sending 'manitobahydro' to various domains without some per-initializing from somewhere. Just my rant for the week/day/hour... ...P.S. If anyone wants to meet some desperate Russian chick feel free to believe in the spam... === Bradford C. Vokey Treasurer Manitoba Unix User Group === -------- Forwarded Message -------- Subject: Allow me to introduce ... to you. Date: Sat, 25 Apr 2015 19:14:40 +0300 From: mstanton@packeteer.com <mailto:mstanton@packeteer.com> To: manitobahydro@fsi.ca <mailto:manitobahydro@fsi.ca> Greetings! How's it going? I found out your email in the agency of acquaintances. They also told me you are not married and you wish to meet a sweetheart. I decided to try to email you and get to know you better. I will tell you some information about myself. I am 28 years old. No kids. I would like to meet a sane and responsible person. I do not need to play any online games, I would like to have serious relationship only. If you are interested to know more about my life, please tell me and I will be happy to tell you more info about myself and I will also send you photos! My private email:lina-fo@rambler.ru <mailto:lina-fo@rambler.ru> Elena _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca <mailto:Roundtable@muug.mb.ca> http://www.muug.mb.ca/mailman/listinfo/roundtable
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
Say, who is *lists@friendface.ca lists@friendface.ca*? A proper identity would be nice, since we all know each other on this MUUG forum.
Hartmut W Sager - Tel +1-204-339-8331
On 27 April 2015 at 07:37, lists@friendface.ca lists@friendface.ca wrote:
I also have vendor specific addresses setup on my domain including Manitoba Hydro, I have received 0 spam on that address since it was setup about 1 year ago.
On 15-04-26 12:44 PM, Hartmut W Sager wrote:
I too have been using vendor-specific "from" addresses on my on domains for a long time (e.g., hws-sobeys@marityme.net), albeit for a different reason - to easily get rid of "subscriptions" if a vendor doesn't want to honour an unsubscribe request (all I do then is delete the vendor-specific "from" address).
Hartmut W Sager - Tel +1-204-339-8331On 25 April 2015 at 19:40, Bradford C. Vokey brad@fsi.ca wrote:
Trevor Cordes (and myself) use vendor specific email addresses when we sign up for services (it's easy when you control your own domain).
Manitoba Hydro sends me email to 'manitobahydro@yourowndomain.com' Shaw send me email to 'shaw@yourowndomain.com' ...etc...
For several months now, both Trevor and myself have noticed spammers using our Manitoba Hydro vendor specific email addresses.
So how (and when) did Manitoba Hydro get their email accounts list hacked?
If so, what else got hacked? Our per-authorized Debit information?!?
If not, then did they actually sell their email accounts lists to spam lists?
I can see spammers sending generic *names* to various domains (ie. trevor@yourowndomain.com or brad@yourowndomain.com) but I can not see spammers sending 'manitobahydro' to various domains without some per-initializing from somewhere.
Just my rant for the week/day/hour...
...P.S. If anyone wants to meet some desperate Russian chick feel free to believe in the spam...
=== Bradford C. Vokey
Treasurer Manitoba Unix User Group ===
-------- Forwarded Message -------- Subject: Allow me to introduce ... to you. Date: Sat, 25 Apr 2015 19:14:40 +0300 From: mstanton@packeteer.com To: manitobahydro@fsi.ca
Greetings! How's it going? I found out your email in the agency of acquaintances. They also told me you are not married and you wish to meet a sweetheart. I decided to try to email you and get to know you better. I will tell you some information about myself. I am 28 years old. No kids. I would like to meet a sane and responsible person. I do not need to play any online games, I would like to have serious relationship only. If you are interested to know more about my life, please tell me and I will be happy to tell you more info about myself and I will also send you photos!
My private email: lina-fo@rambler.ru
Elena
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
Roundtable mailing listRoundtable@muug.mb.cahttp://www.muug.mb.ca/mailman/listinfo/roundtable
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
On 2015-04-27 lists@friendface.ca wrote:
I also have vendor specific addresses setup on my domain including Manitoba Hydro, I have received 0 spam on that address since it was setup about 1 year ago.
Ya, who can tell when/why it happened with these things. Brad & I have been using that address probably for 7+ years. Often spammers take quite a while to latch onto an address, and even longer to really ramp it up. My most spammy addresses are all ones from 10+ years ago. Who knows when the hydro breach happened and/or how extensive a list their captured.
The worst/stupidest mistake I ever made was in around '99 I signed up for a neat-sounding AIX-specific free e-magazine that was mentioned on comp.sys.aix (or whatever it was). I was using AIX exclusively back then (even at home). There never was a magazine, it was just phishing. Doh. Never made that mistake again. I get around 200 spams a day to that email alone just from that one seed 16 years ago. It's interesting to watch how the spammers make your address go viral with all their buddies over time.
As for anonymity, Hartmut, we have to keep in mind some list members may be from out of town and/or not members of or interested in MUUG. We certainly want to encourage list participation regardless. If someone wants to remain anonymous, while it's not necessarily encouraged, we'll be ok with it.
Cheers guys.
this email was just found in my spam folder
On Sat, Apr 25, 2015 at 7:40 PM, Bradford C. Vokey brad@fsi.ca wrote:
Trevor Cordes (and myself) use vendor specific email addresses when we sign up for services (it's easy when you control your own domain).
Manitoba Hydro sends me email to 'manitobahydro@yourowndomain.com' Shaw send me email to 'shaw@yourowndomain.com' ...etc...
For several months now, both Trevor and myself have noticed spammers using our Manitoba Hydro vendor specific email addresses.
So how (and when) did Manitoba Hydro get their email accounts list hacked?
If so, what else got hacked? Our per-authorized Debit information?!?
If not, then did they actually sell their email accounts lists to spam lists?
I can see spammers sending generic *names* to various domains (ie. trevor@yourowndomain.com or brad@yourowndomain.com) but I can not see spammers sending 'manitobahydro' to various domains without some per-initializing from somewhere.
Just my rant for the week/day/hour...
...P.S. If anyone wants to meet some desperate Russian chick feel free to believe in the spam...
=== Bradford C. Vokey
Treasurer Manitoba Unix User Group ===
-------- Forwarded Message -------- Subject: Allow me to introduce ... to you. Date: Sat, 25 Apr 2015 19:14:40 +0300 From: mstanton@packeteer.com To: manitobahydro@fsi.ca
Greetings! How's it going? I found out your email in the agency of acquaintances. They also told me you are not married and you wish to meet a sweetheart. I decided to try to email you and get to know you better. I will tell you some information about myself. I am 28 years old. No kids. I would like to meet a sane and responsible person. I do not need to play any online games, I would like to have serious relationship only. If you are interested to know more about my life, please tell me and I will be happy to tell you more info about myself and I will also send you photos!
My private email: lina-fo@rambler.ru
Elena
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-
Adam Thompson -
Adrian Stoness -
Bradford C. Vokey -
Hartmut W Sager -
lists@friendface.ca -
Trevor Cordes