Major issues in my group, spoofed or something internal in IO??? Help please.
|
Hi, as of yesterday afternoon around 3.13 when I wasn't even online my Gmail address that I'm group owner and member here with has apparently been sending malicious e-mails that have been upsetting my RA group members, understandably so. Most of it is childish filth but it's not on and the weird thing is I can't see any of the said mails in my Gmail sent folder or on the group messages page. Also today at some point one of my other members appears to have been targeted and their email is being used to fend filth.?
I've so far changed my Gmail password of course and added another layer of security there, changed my IO password and suggested strongly that all group members do the same asap. I've also put myself and other said member plus one other new girl on moderation to see if I can filter it out that way.? Anyone else had issues like this and is there anything else I can do to protect my group. This has really upset me, I was a Yahoo group owner for many years and have never had to deal with anything like this and I do not want my members dealing with this. Any advice please?? |
|
Gilly,
Most of it is childish filth but it's not on and the weird thing is ISounds like a spammer or malcontent collected addresses from your group and is sending this stuff directly to members (not via the group). But you should check the Message Activity tab of your group's Activity page just to be sure. That the messages do not appear in your Gmail sent folder implies one of two things: 1) they were smart enough to delete them after sending; 2) they were not using your Gmail account to send the messages. For case (2) there are two types of spoofing out there. The more prevalent these days is spoofing of the "display name" portion of the From field only. This is very easy to do, and most recipients don't think to check the actual address, which chances are isn't yours. Spoofing the actual email address in the From is only slightly more difficult, but it makes the message far more likely to be caught and either discarded or diverted to junk by the receiving email service. Anyone else had issues like this and is there anything else I can doA list I'm on (mailman, not Groups.io or Y!Groups) has been plagued by something similar sounding. A scammer apparently joined the list and collected the email address of anyone who posted. Then the scammer would send to that person messages of the "want a hot date tonight" variety. Some of them very NSFW (nude pictures), which upset the members who were in fact (like me) receiving the list messages at work. This has really upset me, I was a Yahoo group owner for many years andUnfortunately things like this tend to be intractable - once the email addresses are known anyone can send to them. You may have been lucky in your Yahoo Group, I've been a member of a few that have had this type of thing crop up from time to time. Shal -- Help: /static/help More Help: /g/GroupManagersForum/wiki Even More Help: Search button at the top of Messages list |
|
Hi Shal thank you so much for your help.?
I have kept the mail that came through and on checking with my co owner they were going to the group but she's removed them already.? This is the from field from one of the ones using my address;[email protected]; on behalf of; Gilly Gmail [gilly.pidler@...]? which fully appears to be my address, and the To field is;?[email protected] They are definitely not in my sent folder on the Gmail webpage though, I use Outlook standalone full software for mail.? The messages are definitely going to the group as I had some very shocked members this morning that know I would never say things like that.? As I said I've changed my IO password and asked all members to do the same, so I'm hoping the group itself will be safe (as in no one can do anything to the actual group), and put myself and 2 members on moderation to see if that stops them coming to group.? Is there anything else that I can do or need to do please and does this kind of childish/rude/nasty thing tend to fizzle out when they get bored?? |
|
Gilly,
I have kept the mail that came through ...I'd very much like to see the header of that message, off-list. In the Gmail web interface click on the More menu, to the right of the date/time in the preview or the open message. Select "Show original". From there you can either click Download Original, then attach that file in a message to me, or copy the entire text box below that (the one that starts with "Deliverd-To: ...") and paste that into a message to me. You may be able to do the same thing in the Outlook interface, but I don't use Outlook so I don't know. ... and on checking with my co owner they were going to the group butOk, that rules out spoofing of just the display name. So it is either a full-on spoof or they were using your Gmail account. I'll likely be able to tell from the message's header. ... and put myself and 2 members on moderation to see if that stopsThat's a very good idea. I keep myself on moderation in every group I moderate or own, in part for this reason. Back in 2004 or thereabouts Y!Groups suffered from a massive amount of spoofing by spambots and crooks, and I decided that it was most important that none of that stuff be posted to the group in my name. Is there anything else that I can do or need to do please ...You've done the most effective things, particularly changing your passwords and putting yourself on moderation. and does this kind of childish/rude/nasty thing tend to fizzle outThat depends. If it is a malcontent member, or former member, acting out of spite then yes. In my experience they'll tire of it once they see that they're not getting any reaction. You may want to put the entire group on moderation temporarily (if that is practical) so as to remove all on-list reference to the spam, and to head-off a switch in spoofed address. If it is a crook, sending phishing or scamming messages ("open this file", "click this link", "reply now", whatever the pitch) then maybe not. Those people tend to use tireless robots to mail their junk. Shal -- Help: /static/help More Help: /g/GroupManagersForum/wiki Even More Help: Search button at the top of Messages list |
|
Thanks Chris all great advice and I'll do all that. I have some copies that were sent to me by the member that alerted me in the first place, unfortunately I'm Uk and most of my members are US so they saw it all while I was sleeping. I'll mention that to my co owner too so we have copies if anything else comes in.?
|
|
Hi Shal thank you again. I can't see? your e-mail anywhere. The issue is the original doesn't appear to be in my Gmail but I did save it in Outlook and in there I can view the source, except I'm good on pcs but don't have that much know how about e-mail and spoofs etc. I can copy paste the source to you and also attatch the first message that came through, if you need any more I do have about 4 I think that I kept. The others? though aren't originals but copies that my members sent me to look at. I don't know why I don't have them all. I'm about to pull in today's mail and will see if there's anything new today, but again I don't see anything on my Gmail page.
If you can let me have that address I can send you the first one that arrived supposedly from my address.? Thanks for your help everyone.? |
|
Haha nothing! Just that if anything kicks off I'm normally sleeping! I highly doubt that it's a malcontent as we are a very close knit group and all seems quiet this morning but I've only had 4 e-mails so we'll see and I will keep anything that lands in the moderation q and come right here to let you guys know. I don't understand how they're going to my group because Annette and I would have binned these and banned said member if they had been in the q. These scammers are so clever it makes me sick. I'm just waiting on Shal for his e mail so I can send what he's asked for, do you know if he's UK or Us Chris?
|
|
Hi Gilly,
I can't see your e-mail anywhere.Both Outlook and the Gmail web interface should be able to show it to you as part of the From address. If you only see the "Shal Farley" part you may need to "expand" the details or something like that to see the whole address. Or you can use GMF's +owner address, as Chris suggested. if you need any more I do have about 4 I think that I kept.One should do it. The others though aren't originals but copies that my members sent meThose probably don't include the full header, and if not wouldn't be of any use. but again I don't see anything on my Gmail page.If you are in the habit of moving group messages to a local folder in Outlook (or deleting them) that would likely explain why they're no longer in your Gmail inbox. Shal <shals2nd@...> -- Help: /static/help More Help: /g/GroupManagersForum/wiki Even More Help: Search button at the top of Messages list |
|
Gilly,
I don't understand how they're going to my group because Annette and IYou said the messages were coming in under your name - implying that your email address was used. If you yourself were not moderated at the time that's how they got through. Groups.io's software didn't know it wasn't actually you. (I think it could have, but that's a longer story and not relevant at the moment). Shal -- Help: /static/help More Help: /g/GroupManagersForum/wiki Even More Help: Search button at the top of Messages list |
|
Thank you Chris & Shal, I? will keep anything nasties and their moderation notices if I should get any more, nothing since the ones I mentioned. I have? sent 2 to the owners address for you Shal, one is probably no good anyway.?
Also please ignore my stupidity about the messages from 'me' going through without being moderated, I'm not stupid but I am not very well at the moment & am making daft mistakes like overpaying my husband by ?94 for some college books yesterday. My focus is off and I'm trying to juggle fixing my nieces laptop, trouble a shower issue and sort this mess out aswell on top my usual group stuff and personal e-mail!? All my group stuff does appear to be archived in Gmail as I can see all my messages there under 'everything' else once my inbox is clear. But definitely none of the nasties are there or in my sent folder at all.? Thank you for taking a look at the first one for me, the one entitled simply 'hi'? ? ?The spammer clearly doesn't have grammatical skills.? |
|
On Thu, Aug 9, 2018 at 11:12 AM, Shal Farley wrote:
Hello Shal, Is the option to ban a Domain useful in certain cases like this? I see that banning a domain is possible with Premium IO accounts. But perhaps a more effective method would be to have some way to block the actual spammer's IP address. Is that possible with Groups.io? Another group I belong to (non-Groups.io) has that capabiltiy and we have that way been able to effectively stop various spammers who had started posting nasty stuff. There was also an IP look-up tool with that group which showed us if any other of our legitimate members had that same IP number (which was very unlikely) so that we wouldn't accidentally block them in the process of trying to ban the spammers. Blocking an IP number has always seemed to me to be a very effective way of stopping this sort of abuse and I do not understand why it is not more in use as a tool for that. Incidentally, with that particular group only our Moderators can see the members' IP numbers. Regards, Paul M. Owner, CostaRicaLiving == |
|
Gilly,
Also please ignore my stupidity about the messages from 'me' goingThere's nothing "stupid" about that, I think most group owners / mods keep themselves unmoderated for convenience. It is just that I got a similarly nasty lesson all those years ago, except in my case it was a zombie computer spreading a virus rather than a malcontent or scammer. Thank you for taking a look at the first one for me, the one entitledThat's typical of the phishing messages I've seen. Either they are super informal and short (as if a friend), or they're trying to mimic a notice from a legit company. Some of the latter are annoyingly accurate - often a copy of an actual notice from that company, but with the links changed to point to the scammer's site. Shal -- Help: /static/help More Help: /g/GroupManagersForum/wiki Even More Help: Search button at the top of Messages list |
|
Paul,
Is the option to ban a Domain useful in certain cases like this?Generally no. In this case the domain of the From: is a major email service. That would be banning the owner herself, and probably many of her members. But perhaps a more effective method would be to have some way to blockI don't believe that is possible with Groups.io. In the case at hand I had an opportunity to examine the full header of two samples from the spammer - the two were sent via different domains and different IP addresses. That leads me to suspect that the person bought a list of compromised email credentials and uses each only once, to hide his/her identity. Blocking an IP number has always seemed to me to be a very effectiveIt is too easily circumvented by the spammer, and too likely to catch innocent users who share the same address. There was also an IP look-up tool with that group which showed us ifExactly. This problem may go away as IPv6 gains traction, but for now it is usually the case that entire households, corporate departments, hotels, dormitories, libraries, and in some places /cities/ sit behind a single IP address assigned to their shared router. Shal -- Help: /static/help More Help: /g/GroupManagersForum/wiki Even More Help: Search button at the top of Messages list |
|
Hi Shal. I just wish these hackers/spammers would put their 'skills' to good use and go get a proper job! They are incredibly clever some of them and to save myself time and aggro I have used Mailwasher pro for many years. That is probably the reason I didn't get the 'spam' messages from 'me' in my inbox as I normally just hit delete on mine as it's just copies of what I've myself sent to group.?
I am extremely careful with e-mail and if in the slightest doubt take proper precautions because as you say they can look incredibly convincing.? I am going to watch carefully and continue monitoring but again today things are nice and quiet. Your help with this and your explanation of the headers has been most helpful to me & is much appreciated and I've shared your replies with my co-owner and Paula.? |
|
On Sun, Aug 12, 2018 at 08:32 AM, Gilly Gmail wrote:
I just wish these hackers/spammers would put their 'skills' to good use and go get a proper job!I have no sympathy for criminal hackers and spammers, but part of the problem is that many of these twerps are from countries where "proper jobs" are rare and criminal use of computers and networks is ignored or rarely prosecuted. Until international cooperation on prosecuting cybercrime becomes more prevalent, preventing this stuff will be a struggle. I wish it were different. There are other reasons for the spate of cybercrime. As one of the engineers that built many of the systems preyed upon today, I can tell you that thirty or forty years ago when the foundations were laid, we were so naive (dumb?) about networks, security was seldom thought about, and when it was, often neglected for features that would sell product. Some product managers used to say that security was a nuisance that inhibited sales. I don't blame them: they were right. We got many customer complaints that security was inconvenient.?The correct response would have been to design more convenient security instead of pushing it aside. But I have not heard that kind of talk lately. The industry has wised up but there is now so much to be fixed. If email, for example, were built today, a lot of the problems we experience now would be impossible. Accurate hindsight is a wonderful thing, but largely useless. Foresight is precious and uncommon. Wish I had more of the latter. Thank you for the opportunity to get this off my chest. Best, Marv |
|
That is a very interesting post Marv, I also wish I had your skills!! I'm pretty good with computer software and have in the past taught myself a little HTML, just for fun, but it is very much a fascination of mine when someone can build an entire site and or system with just code and some of the games these days are astounding, the coding must be incredible.?
I know enough to fix most issues with my families pcs software wise mainly & am constantly learning but Shal's replies to my issues offlist have been most interesting and another learning curve.? |
Gilly Gmail
Shal Farley
Frances
Epicatt2
Marvin Waschke