66
submitted 2 months ago* (last edited 2 months ago) by thebestaquaman@lemmy.world to c/nostupidquestions@lemmy.world

Suddenly I started receiving a bunch of scam mails (phishing). I suspect some bot or bot-net is involved, because I've received maybe a couple hundred e-mails at the time of writing, all from different (likely auto-generated) senders. With anything from 2-10 emails per day.

The scam is essentially just some phishing, all related to the same topic. I've mostly been able to mitigate it by filtering out mails containing certain keywords or phrases that show up in the scam mails. However, the mails change relatively often (about once a day) so every now and then something gets through, and I'll update my filter.

My question is really if there's any way I can figure out

  1. Where this is coming from,
  2. How they got hold of my email

So that I can try to go after the root cause / prevent other scammers from getting hold of it.

top 35 comments
sorted by: hot top controversial new old
[-] subtext@lemmy.world 29 points 2 months ago

There’s really nothing to be done about the compromised email address, but I would really recommend using a service that creates unique email addresses per service that you sign up for to mitigate the blast radius when one service gets pwned. It takes a long while, but thankfully privacy laws are stronger now and it’s easier to force a company to either delete your information or change the email they have for you.

Some potential services to consider include:

https://addy.io/

https://proton.me/pass/aliases

https://www.fastmail.com/features/masked-email/

https://support.apple.com/guide/icloud/what-you-can-do-with-icloud-and-hide-my-email-mme38e1602db/icloud

[-] thebestaquaman@lemmy.world 6 points 2 months ago

Thanks! I'll definitely look into that, though the only issue I can imagine is keeping track of which email that goes to which service (I'm one of those kinds of people that uses "Forgot my password" effectively as a password manager, don't hate me for it, I have reasons).

[-] jqubed@lemmy.world 12 points 2 months ago

This is also a good reason to use an actual password manager

[-] thebestaquaman@lemmy.world 1 points 2 months ago

Since you chose to point it out: My reason is that I regularly need to be able to log into things on a non-personal machine, sometimes without access to my phone. So no, a password manager for all my accounts is out of the picture. I either write stuff down, remember it, or - sometimes - forget it and need to reset my password.

[-] whitecold@lemmy.world 9 points 2 months ago

Not having access to your phone and having to log in on other computers doesn't rule out using password managers at all. You can use bitwarden's web vault (or self-host vaultwarden). As long as you can log in to bitwarden web vault, you can access your passwords anytime, anywhere.

[-] nokturne213@sopuli.xyz 2 points 2 months ago* (last edited 2 months ago)

the only issue I can imagine is keeping track of which email that goes to which service

Using a password locker will take care of that.

[-] subtext@lemmy.world 1 points 2 months ago

They all have a system for keeping track of that, I know iCloud automatically assigns a URL to each based on where you created it, or Fastmail (which I use) has a comment field and automatically tags each email as it comes to your inbox.

It takes more than zero effort to create it, so it’s too much effort for my wife, but I absolutely love it.

[-] lurch@sh.itjust.works 2 points 2 months ago

yahoo mail also offers disposable email addresses

[-] StrawberryPigtails@lemmy.sdf.org 12 points 2 months ago

Spam email has always been a problem, and there is really no way to find out how they got your email address and no way to prevent it either. Email lists are bought, sold and traded all the time.

What I do is keep the email client Thunderbird running on my desktop. It has a really good smart spam filter that learns from the email you receive and what you mark as spam/not spam. With IMAP, even your mobile devices benefit from the filtering.

Every few days I’ll check the junk folder and mark “not spam” anything that it incorrectly flagged as spam and go through my inbox and mark spam on anything it missed. I think it miss-flags maybe 3 or 4 emails per week right now. Doesn’t happen often.

[-] P34C0CK@lemmy.world 12 points 2 months ago

https://haveibeenpwned.com/

You can check this site for specific/recent breaches. That said, your email may have been exposed in an older breach that's just now getting spammed as well.

[-] thebestaquaman@lemmy.world 1 points 2 months ago

Thanks! There was nothing there, so it may be from an older breach like you suggested :/

[-] JustZ@lemmy.world 6 points 2 months ago

This site only shows if your email address is floating around on some illicit data set.

There are plenty of ways to scrape email addresses without stealing them.

You probably signed up for something using your email address, clicked agree to share it with the company's trusted partners, all 3,000 of them, and one of them proved not to be so trustworthy.

[-] undefined@links.hackliberty.org 1 points 2 months ago

And that’s why creating aliases can be so beneficial. When one company sells off your data you can identify exactly which it was based on where the email was sent. Later you can reject all emails to that specific address and call it a day.

[-] fine_sandy_bottom@lemmy.federate.cc 11 points 2 months ago

I gave up on this years ago.

Figuring out how they got hold of your email won't be very satisfying. It's not possible, but if it were you would find it's some obscure forum you signed up for 10 years ago to make the search function work, which hasn't updated their forum software during that 10 years, and is now leaking email addresses.

Point is, the horse has already bolted and now your email address is on the lists that get sold on the dark net. There's no going back.

My understanding with spam / phishing is that most email providers will identify and remove 95% of it. gmail will catch 99.9% just because of the volume of emails going through their servers. I personally would pry my eyes out with a fork before using gmail so I'm stuck receiving 5% of spam. It's nothing really. Every day (or several days) I look at my inbox, action and archive as appropriate, and delete the rest. It literally takes less than 1 second because I would have to "delete the rest" anyway.

As others have mentioned, "catch-all" email addresses are one method to kind of mitigate or manage the problem, but ultimately I've found it to be a cool trick but ultimately inconvenient and maybe pointless.

[-] thebestaquaman@lemmy.world 1 points 2 months ago* (last edited 2 months ago)

I've never had an issue with this before, and as of now, my filter is catching most of these mails, so in that sense it's not too bad. Unless the topic of the phishing attempts suddenly changes completely, in which case I'll have to start building the filter again..

Anyway: The scam they're running is relatively specific (a specific banking-thing that pretty much everyone in my country uses, written in not-English, probably LLM generated). Do you know if there's any way I could alert my email-provider about this? I can imagine it's being sent to quite a few people, and should be relatively easy for someone higher up the chain, with more sophisticated tools, to filter out.

No one cares about catching specific phishing campaigns.

[-] MilitantAtheist@lemmy.world 8 points 2 months ago

This is what I did years ago. It works great for me.

Got my own domain.

When I'm forced to register somewhere I use <their site+how much I hate them>@mydomain.com

So, when EA forced me to register an account on origin, it was fuckea2011@mydomain.com.

If I see an email address start to get phishing and spam, I disable it.

[-] Kekzkrieger@feddit.org 8 points 2 months ago

You don't even need a custom domain to do this. Google, Ms and many others support aliases with a plus (+) sign in the recipient adress.

so if you got john@gmail.com you can freely create new aliases like john+ea@gmail.com, john+amazon@gmail.com and they will all land at john@gmail.com

If your address gets leaked, you can just block emails to that recipient.

I've done this for most of my accounts and it works great.

[-] stom@lemmy.dbzer0.com 5 points 2 months ago

Gmail labels are great but they're not universal, and are easy to strip out.

A lot of sites:

  • Don't allow +'s in email addresses
  • May let your register but then not login
  • Are aware of labels and simply strip them out

I have an email address I have only ever used with labels but still get spam to the non-labeled address. Spammers and email harvesters are very much aware of this trick, so it only works on legitimate sites.

[-] Kekzkrieger@feddit.org 3 points 2 months ago

I havent had a single site not working with a plus

[-] thermal_shock@lemmy.world 3 points 2 months ago

ever had a lobotomy? doesn't mean they don't exist.

[-] Kekzkrieger@feddit.org 2 points 2 months ago

Fair, just saying i havent had issues with sites, might be europe specific.

If you are bored or a nagging ass like me, you could remind those websites that the rfc (which is the standard for email) expicitly allows plus in emails and they need to allow that.

[-] ChairmanMeow@programming.dev 1 points 2 months ago

RFCs aren't really law you know. They can deviate, it just means less compatibility.

[-] stom@lemmy.dbzer0.com 2 points 2 months ago

There are plenty of them, just wait!

[-] thermal_shock@lemmy.world 5 points 2 months ago

lots of places catching on, won't let you use + sign when you sign up

[-] MilitantAtheist@lemmy.world 2 points 2 months ago

Did not exist when I started in 95 😑

[-] iamanurd@midwest.social 7 points 2 months ago

Happened to me a while back. In my case, they had also gotten access to my google password manager and were trying to cover their tracks in funneling money from my bank account and purchasing phones on several platforms (google store, eBay, etc).

Absolutely change your banking passwords, let them know that there could be potential fraud, and start looking for purchases on every platform you might have saved financial information on.

Best of luck.

[-] Anticorp@lemmy.world 5 points 2 months ago

There’s nothing you can do, because they’ve already sold it a billion other scammers. Burn it down and start over.

[-] MrGabr@ttrpg.network 4 points 2 months ago

I've found that 99.99% of my spam comes from emails with weird extensions - .xyz, .world, .shop, .best, etc. - so I've gotten a significant amount of relief in getting a mail client that lets me block entire domain extensions (BlueMail mobile).

[-] bluGill@fedia.io 4 points 2 months ago

A good email provider is your best bet. I've been on fastmail for years and they rarely let spam through despite me not protecing my address

[-] Boozilla@lemmy.world 2 points 2 months ago

Fastmail is pretty great, and it lets you create masked email addresses for throwaway purposes if you need one.

[-] UnrepentantAlgebra@lemmy.world 4 points 2 months ago

Did you get a huge flood of emails at the start? That happened to me one time and it was because one of my old passwords got leaked. Buried within the flood of emails was a legit "your password has been changed" email for an account.

[-] NeoNachtwaechter@lemmy.world 3 points 2 months ago

Root cause is they want to make money. It happens without your cooperation.

I don't think you can stop that.

[-] JohnWorks@sh.itjust.works 1 points 2 months ago

I've been dealing with my e-mail having been involved in multiple beaches and have been spending a couple years trying to migrate my accounts to aliases that go to a new e-mail address. It's a long process to say the least. 🫠

[-] amanneedsamaid@sopuli.xyz 1 points 2 months ago

Make a new email, and use email aliasing (AnonAddy, Simplelogin) from now on. They can't get a hold of an email that no one has.

this post was submitted on 07 Oct 2024
66 points (98.5% liked)

No Stupid Questions

36055 readers
1005 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago
MODERATORS