Skip to content

Possibly iffy email; advice please before I risk opening it!

Featured Replies

Hello fellow members, had an email arrived in my private email's inbox at 05.20 this morning, from "codedete.cted" and subject FZT , plus there's a paperclip showing there's an attachment.

 

Any idea what it might be/ where from, is it malicious, before I risk opening it?  (I have Kaspersky 3.0 security enabled and active).

 

Many thanks

 

Richard

 

PS Never ventured into this section before....!

Can you right click on it and mark as spam?

just don't open it.

 

I get several legitimate looking emails each week (in addition to all the dodgy ones).  Often I check the originating email address / website and they are hijacked addresses.  I wouldn't trust my security pack to handle them.

 

I figure if somebody really want s my attention they can ring me or send an email without an attachment.

  • Author

Hi Jason and Brad, thanks for very prompt responses, right click tells me "[email protected]", and only option offered is to Delete.

 

No option to mark as Spam. So is it best just to Delete?

 

 

Richard

  • Author

Hi guys, did the right click, delete routine, it vanished, hopefully not to re-appear!

 

Really appreciate your prompt assistance and advice!

Cheers

Richard

NEVER open an attachment from an email you arent expecting, and if you get one from a company you recognise, detach it, scan it and open it in NotePad/WordPad, or in read only mode for pdf.

 

My mum has had a couple in the last 10 days, I just managed to stop her opening the first one; now she is getting pretty good at checking the origin before opening.

 

Once again I recommend Mailwasher, it gives you a chance to inspect suspicious emails as plain text before downloading them.

I think it would be OK in this scenario to open the email itself.  That shouldn't be able to do any harm.  But as for the attachment?  Oooh, no.... :D

NEVER open an attachment from an email you arent expecting, and if you get one from a company you recognise, detach it, scan it and open it in NotePad/WordPad, or in read only mode for pdf.

My mum has had a couple in the last 10 days, I just managed to stop her opening the first one; now she is getting pretty good at checking the origin before opening.

Once again I recommend Mailwasher, it gives you a chance to inspect suspicious emails as plain text before downloading them.

Opening a pdf as read only or a document in note pad won't protect you.

You can easily rename executables or scripts to recognise as any extension you like, and it's only when your computer tries to open it will the damage be done as your computer will recognise it's actually an executable/script and run it as that regardless of the extension.

Notepad is text only, it cant run scripts, and FoxReader wont run scripts in Safe Mode either. I have opened a number of suspicious attachments in NotePad, several of them were malicious code, yet not one managed to run anything and infect my PC.

This time of year must be the "Black Friday" for the internet scammers. Everybody on line doing their shopping.

 

 

I was sitting at home, watching TV, one evening this week, when my network connected, firewalled, camera started rotating and scanning the room (The PC was off, only the Home Network was live) - the camera has no web presence and I haven't granted any access permissions to those on the internet, other than those available the cameras manufacturer that were embedded at time of manufacture - Chinese camera.

 

So, the power cable and network cable has been removed and is staying out, 'til I need it.

 

Next day, the one and only incoming  telephone call I get turns out to be a Chinese number - for some reason the 3-5 unsolicited calls I have been getting per day have dried-up over the last 3 weeks.

 

So, question arises has somebody hacked the manufacturer's website or has somebody just been doing some systematic port scanning en masse and just stumbled on my kit ?

 

 

Nick

Edited by Clunkclick

This time of year must be the "Black Friday" for the internet scammers. Everybody on line doing their shopping.

 

 

I was sitting at home, watching TV, one evening this week, when my network connected, firewalled, camera started rotating and scanning the room (The PC was off, only the Home Network was live) - the camera has no web presence and I haven't granted any access permissions to those on the internet, other than those available the cameras manufacturer that were embedded at time of manufacture - Chinese camera.

 

So, the power cable and network cable has been removed and is staying out, 'til I need it.

 

Next day, the one and only incoming  telephone call I get turns out to be a Chinese number - for some reason the 3-5 unsolicited calls I have been getting per day have dried-up over the last 3 weeks.

 

So, question arises has somebody hacked the manufacturer's website or has somebody just been doing some systematic port scanning en masse and just stumbled on my kit ?

 

 

Nick

 

 

There are websites out there with live feeds from cameras found by port scanning and other techniques; I came across one about 2 years ago while trying to find a weather feed.

Notepad is text only, it cant run scripts, and FoxReader wont run scripts in Safe Mode either. I have opened a number of suspicious attachments in NotePad, several of them were malicious code, yet not one managed to run anything and infect my PC.

Advice years ago from a respected security expert says that's nonsense.

 

But hey it's your risk to take, not mine.

There's a lot of suspect stuff around, but I have fun by looking at my e mail client(Yahoo/Totalserve/ BT Internet) and checking the header .i had one supposedly from Cumbrian police, which origonated ,from the header in Australia, with an invoice attached. Lots more around, but  the header gives the game away.

There's a lot of suspect stuff around, but I have fun by looking at my e mail client(Yahoo/Totalserve/ BT Internet) and checking the header .i had one supposedly from Cumbrian police, which origonated ,from the header in Australia, with an invoice attached. Lots more around, but  the header gives the game away.

 

The header can be spoofed, but generally the people running these scams arent clever enough to do that.

If it looks dodgy it probably is. Best thing to do is delete. If it's important they'll contact you again.

 

There is more spam sent every day than real emails.

 

The spam is very very sophisticated now and some of them can even tell if you are opening them in special sandboxes or inside a virtual machine.

 

I've a few email addresses once of which is especial for signing up to unimportant accounts (like facebook). That lets me keep a real address for real tasks and I don't get much spam on that at all.

The header can be spoofed, but generally the people running these scams arent clever enough to do that.

You can spoof it's origin, but every server it passes between is added to the header which is how services like spamcop and mailwasher know junk email from good emails.

I have received bad emails where the only server it apparently passed through was the gmail one, even though the origin wasnt shown as a gmail account, and it wasnt being sent to one of my gmail accounts.

 

Back when I was international dating, I discovered Hairy Yuri and his friends used to regularly send emails through compromised US company servers, so you could trace them back to a legitimate company, but not beyond. The first time was a woman supposedly in Moscow, yet her emails were apparently originating in New Jersey; now I KNOW she was in Moscow, because of various details in her video chats.

I notified the New Jersey firm that their email server was compromised, and suddenly the emails started coming in from ANOTHER New Jersey company!!!

Presumably these issues are pc only and dont effect mac in the same way ?

Presumably these issues are pc only and dont effect mac in the same way ?

Most. Malware is pc biased, but don't assume macs are immune.

There are a number of nasties spread easily by the old thought that you don't need security software on a Mac.

I have received bad emails where the only server it apparently passed through was the gmail one, even though the origin wasnt shown as a gmail account, and it wasnt being sent to one of my gmail accounts.

Back when I was international dating, I discovered Hairy Yuri and his friends used to regularly send emails through compromised US company servers, so you could trace them back to a legitimate company, but not beyond. The first time was a woman supposedly in Moscow, yet her emails were apparently originating in New Jersey; now I KNOW she was in Moscow, because of various details in her video chats.

I notified the New Jersey firm that their email server was compromised, and suddenly the emails started coming in from ANOTHER New Jersey company!!!

Having processed spam emails for spamcop for almost a decade the other servers would have definitely been there.

Depending on how you viewed them some info is hidden because it's incorrectly formatted so the app hides the info.

Run an email through spamcop or similar and suddenly you see a whole bread trail of where that email has been that a number of apps like outlook and webmail services hide because they appear invalid.

I would bet the New Jersey ip was completely fake, and the REAL details were buried in between malformed meta tags.

You cannot avoid each server pass being logged, but you CAN make the servers put them between malformed meta tags very easily.

I'm fairly certain the NJ ip was genuine, I had this issue 3 times (I was stringing her along by then), and each time I contacted the IP address owner and said they may have a breach, the "womans" emails stopped for a few days, then resumed from a new IP - along with an excuse that she couldnt reply due to a family emergency or something similar.

 

Using exposed company email servers to forward mail is a well known Hairy Yuri tactic; it hides where the emails are really coming from as the company servers "see" them as originating from the companies own infranet.

Wouldn't a woman being called Hairy Yuri have sounded alarm bells, or was it THAT sort of dating site...............  :peek:

Wouldn't a woman being called Hairy Yuri have sounded alarm bells, or was it THAT sort of dating site...............  :peek:

 

Hairy Yuri/Hairy Boris is the name we give the scammers pretending to be women/or running women, on dating sites to trick money out of the gullible.

 

Heads up, be very wary of emails pretending to be from the RAF benevolent fund, or any other UK armed forces group; the MOD recently sold its exclusive IP range, but hasnt updated the Whois register, so scammers have been buying them and conning people.

Hairy Yuri/Hairy Boris is the name we give the scammers pretending to be women/or running women, on dating sites to trick money out of the gullible.

This has been going on as long as online dating has to be fair.

Most Russian girls were fakes. These days the nationalities have changed but the scam remains the same. They're not looking for love....

This has been going on as long as online dating has to be fair.

Most Russian girls were fakes. These days the nationalities have changed but the scam remains the same. They're not looking for love....

 

Actually, as someone who dated FSU girls for many years, there are far more genuine ones than fakes, but the first FSU girl you encounter  is nearly ALWAYS a fake, because the real ones only use FSU dating sites, so if one turns up on your local dating site, he/she/Hairy Boris are 99% certain to be a scammer.

 

Go read "The Russian Meeting Place" if you dont believe me http://russianmeetingplace.com/forums/index.php?

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Account

Navigation

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.