Author Topic: What's with the PAB IGKT spam  (Read 2457 times)

Wed

  • Sr. Member
  • *****
  • Posts: 316
What's with the PAB IGKT spam
« on: January 26, 2022, 08:06:04 PM »
Today, was the second time I got a slew of mails fr?n PAB IGKT. Am I the only one? Will it happen again? What is it about?

While the message contains the words closeout sale, it is rather a poor message.

PatDucey

  • Sr. Member
  • *****
  • Posts: 333
  • IGKT Pacific Americas Branch
Re: What's with the PAB IGKT spam
« Reply #1 on: January 26, 2022, 08:44:17 PM »
I have been getting similar e-mails, and I have been deleting them.  It's best to just delete that kind of unsolicited email.  I don't respond, I don't click on links.  When I need to purchase stuff, I go to my regular stores, or a vendor that is recommended by a trustworthy source.

I think the source of the spam e-mails got our email addresses from the IGKT-PAB website, and is trying to spoof unwary users.  I don't know why, since I am not clicking on their email.  If you do click on those emails, let us know how it turns out.  Good luck.

Pat

KnotMe

  • Sr. Member
  • *****
  • Posts: 712
    • The Chinese Knotting Homepage
Re: What's with the PAB IGKT spam
« Reply #2 on: January 26, 2022, 09:40:24 PM »
I think the source of the spam e-mails got our email addresses from the IGKT-PAB website, and is trying to spoof unwary users.

I don't think that's the case.  If you look at the content of the messages, some of these are messages that were previously sent.  Stuff about AGMs, stuff about Roy Chapman, for instance: 
Quote
I have been advised of the passing of one of our past Presidents of the Pacific Americas Branch ? a fine and innovative knot tyer.  The note came from Bob Solon and is therefore  likely true.  He apparently passed away on Tuesday of this week, although no cause of death is provided.  Any further information that you can provide will be greatly appreciated.  Our thoughts go out to his family.
 
Lindsey P
If they had merely harvested emails then they would not have message content like this.  Quick search does not show the forum to have this exact message.

The emails claim in text to be from Lindsey, John Staley, Southern Ontario Knotters, or IGKT PAB but if you look at the actual From emails, they are from a large variety of actual addresses from a very international group.  So, this is not phishing.  Each message includes what looks to be an Excel spreadsheet that is no doubt a virus vector.

What I find confusing is if, say, Lindsey's machine were infected then why would the emails not be actually coming from Lindsey?  Why the melange of targets and Froms?

If I were John or Lindsey, I'd be running a virus checker on my systems...

In any case, don't open those attached files!   >:( :)

PatDucey

  • Sr. Member
  • *****
  • Posts: 333
  • IGKT Pacific Americas Branch
Re: What's with the PAB IGKT spam
« Reply #3 on: January 27, 2022, 08:52:58 PM »
Thanks, Carol, I didn't get as far as actually reading the content, I just deleted them.  It definitely looks like malicious email, and best deleted.  I can understand a legitimate company wanting to advertise their stuff, but the number of emails, and the way to find out what is actually being advertised (click on this link) just says that this email is bad.

Pat

Dan_Lehman

  • Sr. Member
  • *****
  • Posts: 4277
Re: What's with the PAB IGKT spam
« Reply #4 on: January 29, 2022, 11:37:59 PM »
Today, was the second time I got a slew of mails from PAB IGKT. ...
Ditto here, both receiving and just deleting.
Something's hiccup'ing!

 :(

Dan_Lehman

  • Sr. Member
  • *****
  • Posts: 4277
Re: What's with the PAB IGKT spam
« Reply #5 on: February 03, 2022, 12:13:13 AM »
I think the source of the spam e-mails got our email addresses from the IGKT-PAB website, and is trying to spoof unwary users.

I don't think that's the case.  If you look at the content of the messages, some of these are messages that were previously sent.  Stuff about AGMs, stuff about Roy Chapman, for instance: 

...
Quote
In any case, don't open those attached files!   >:( :)

TODAY, in contrast, is one with THIS quite UN-PAB-like sender (.au):
treasurer@igktpab.org <elena@victoryeducationgroup.com.au>
Tue 2/1/2022 7:09 PM

... in contrast to PAB site's current advice:
(email: secretary@igktpab.org).


"Victory ..." for whom?!
S P A M / phishing.


Can someone ring PAB's doorbell and advise...?!
 >:(

KnotMe

  • Sr. Member
  • *****
  • Posts: 712
    • The Chinese Knotting Homepage
Re: What's with the PAB IGKT spam
« Reply #6 on: February 03, 2022, 02:42:32 AM »
TODAY, in contrast, is one with THIS quite UN-PAB-like sender (.au):
treasurer@igktpab.org <elena@victoryeducationgroup.com.au>

None of the emails are actually from IGKT-PAB or IGKT members.  In the above example, the "treasurer@igktpab.org" is simply "full name", an optional text string that can be anything the sender choses it to be.  The "elena@vic..." above is the email address the message purportedly is sent from.  This too can be anything the sender chooses it to be.  I can very easily spoof the sending address with tools I use every day (emacs, it's not just a text editor, it's a lifestyle!).  There is nothing that IGKT-PAB can do about that.  I regularly get spam from "myself".  I am not sending it, and my computers are not infected, but my (various) email(s) is out there for the world to see and scrape and then toss into a 'bot to make my valid return address a part of their nefarious schemes.

Additionally, Elena is not the bad guy here.  To find out where this spam is really from, you need to dissect the entire header of the email (here's a tool from Google).

Of course, especially since this is clearly a viral attack, even if you trace the computer that sent the message, that might not be the true source.  That might just be a hapless infected computer.  Another victim.

The key problem that I think I see is that content that might actually be from IGKT/PAB member computers is in some of these emails.  Their computers might presently be infected (in which case they would want to attend to that).  But, it might also be the case that that information was from a previous infection (the info is quite old, after all) that got tossed into some black hat database somewhere.

Rule #1: never click on links in email, even if it looks like it comes from a valid company you normally deal with

The bigger the company (eg. banks, Facebook, etc), the more caution you need to apply to messages that appear to come from them. 
eg. I never click on links from Paypal emails.  If they send me something that I might want to look at, then I key in Paypal.com directly into my browser and check my messages.  Any email they send me directly (vs ads and such) is also in the messages and so I don't need to type in a long link for something I need to tend to.  This way you don't have to worry about spoofed emails sending you to fake sites trying to harvest your username/password and hijacking your financial instruments or means of identification, etc.

Dan_Lehman

  • Sr. Member
  • *****
  • Posts: 4277
Re: What's with the PAB IGKT spam
« Reply #7 on: February 04, 2022, 12:41:48 AM »
> spam myself

I've felt this pain, too.
But in such a case of making phony-ID'd SPAM, I'd think
that the spammer would have no trouble taking the target name
into the "From" to get this.  Whereas in these cases whoever
is sending the SPAM has to know that we recipients
--of course, we don't know that we are ALL of recipients--
are somehow connected/acquainted w/PAB; that can't be
such a simple thing.
And that goes to your remark about some of the contained
info.
(I've wondered in cases like this were it MY computer going
 bad and it having an address book for me which of course
 holds familiar names --but I think that my cases (fellow
 cyclists, e.g.) have had more-than-only-to-me sendings,
 and the known person given as sender was alerted to the
 problem from several others.)

Ah, the wonders of technology.  There are such GOOD things
that the Net has wrought (like finding obscure books; meeting
nice people & sharing ...), and then . . .  .  <sigh>

 :-\

ps : I once had a SPAM from apparent B-in-Law,
'til I saw a near undetectable e-address difference:
the numeral one of "123" had been changed to el ("l") !

Thanks, Carol.

Frayed Knot Arts

  • Sr. Member
  • *****
  • Posts: 270
  • Knot too smart at times....
    • Frayed Knot Arts
Re: What's with the PAB IGKT spam
« Reply #8 on: February 07, 2022, 08:24:16 PM »
yet another example of this stupidity,  got an email from
carnimeonixxxx@libero.it (xxxx=cola) with a reply-to of alex_3@jxxx.xom (xxx=uno)
Unfortunately for Alex_3, he, she or it also included a phone number from Japan
which turned up on a page of "loser" phone numbers.

This one sent a ZIP file concerning Interknot back issues, Sept 2008, 2009.

F. Y. I.   


Dan_Lehman

  • Sr. Member
  • *****
  • Posts: 4277
Re: What's with the PAB IGKT spam
« Reply #9 on: March 30, 2022, 06:44:40 PM »
Just to note the events,
I rec'd such SPAM (in my SPAM folder)
both today and yesterday or recently prior.

)-:

 

anything