Not had one yet on any of my e-mail addresses.

It is definitely a German telephone area code Stuttgart ( I was there last week).

It was probably you who set this up to activate when you were back in the UK so you got an alibi

It was probably you who set this up to activate when you were back in the UK so you got an alibi

Moi??? I need dx to sort out the simplest computer problem!!

Not had one yet on any of my e-mail addresses.

It is definitely a German telephone area code Stuttgart ( I was there last week).

No it is a UK phone number. If you look at the original email it has the international dial code (+44) for the UK.

Don't answer it and don't try to contact them. They have no idea who you are or even if there is an email address with your name on it.

 

 

These work by knowing the second part of the email address like the one for this site. What they do is to send out emails by the tens of thousands with a random generator adding a name in from of the @.

 

 

The majority they send out will bounce back as no such address exists, but once in a while they hit on the correct name to add to the front and that email then goes through. They still have no idea who you are or your email address unless you respond to it and then you alert them to the fact it is live. This is why there is always a question of some sort, in this case "or would you like a further extension?".

Giving no details is also calculated to make you query the invoice.

Don't be tempted to click on the 'If you don't wish to receive these emails any further, click here', that is another of there tricks.

Be especially certain not to click on any attachments that say your invoice (or pics of the pretty girl) are attached. They will contain a virus.

They are sending this to my email address that was hacked from Consumer Action Group last year.

They are sending this to my email address that was hacked from Consumer Action Group last year.

it cld be re that (i had some soon after the hack). as connif says though also, once a [problem]mer has an email domain, then they just use software generators for the bit before the @, auto sending hoping for a hit.

maybe though it was Brig when he was site team, pinched all the addy's and has been flogging them off in stuttgart

as connif says though also, once a [problem]mer has an email domain, then they just use software generators for the bit before the @, auto sending hoping for a hit.

I have my own domain name from Google and any localpart (that is the bit before '@') will result in a valid email address on that domain. The only spam I am getting is to the exact email address registered on CAG. I see no evidence of 'random generation' of the localpart. If that were the case, my inbox would be littered with every randomly generated localpart on that domain and this has simply never happened to me ever.

maybe though it was Brig when he was site team, pinched all the addy's and has been flogging them off in stuttgart

I am not a frequent user of CAG, so I don't know anything of this. I also think it may be tempting fate, given what happened when CAG accused a former CAG employee of wrongdoing in the past.

There has never been a denial that the email server was hacked in fact I believe a warning was published to that fact.

But in the main, email addresses are random and even if you have your own domain, that doesn't mean it was gleaned by looked through cag servers. There is no such thing as a same email address or server, even the banks have been hacked into.

You would not get all the random generated attempts, just the one that hit on your particular address.

There has never been a denial that the email server was hacked in fact I believe a warning was published to that fact.

That is correct - the announcement was made on the very first post in this thread. Three Caggers then posted (including myself) that their CAG email address had received spam; email addresses they had only ever used on CAG. I reiterate that this random generation of email addresses is NOT being used to spam (at least not to my domain name)

You would not get all the random generated attempts, just the one that hit on your particular address.

You have missed my point entirely! I have virtually an infinite number of email addresses on my domain name. I don't have to set up each email address, they simply exists automatically. For example if my domain name was mydomain.com then I would have all the possible email addresses on that domain, for example...

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

Currently, I use about 100 such localparts (the bit before the '@'). I just give out the email addresses as I wish WITHOUT having to create them. They can only be used for incoming mail. I trust that has cleared up any confusion.

 

I am not a frequent user of CAG, so I don't know anything of this. I also think it may be tempting fate, given what happened when CAG accused a former CAG employee of wrongdoing in the past.

i was only jesting, re the previous banter on thread eg #26/7.

am not accusing anyone.

Just received another email with an 'attached invoice' at my unique CAG email address. I rang the company who the invoice is purported to be from and they have been inundated with calls about the problem.

It appears their email system has been hijacked to send out emails to those caggers who had their email addresses hacked from CAG.

I know there is little that you can do.

I still get them, I expect others do to. As you say, not a lot can be done but the less responses they receive the quicker they will disappear and cross CAG off their list.

Sorry to bump an old thread but I got a word doc attached to an email to my cag email address today entitled "Debit Note [21650] information attached to this email".

The attachment contained a download trojan virus (with only Nod32 being positive for it on VirusTotal).

Hopefully I am alone. If not - please delete the email.

As you will know, we did get hacked some time ago and there are some remnants of spam hanging around in the 'get a life' peoples cupboards after an easy ride to money.

You will know if you have ordered something so are expecting a bill or invoice, so don't open anything you don't recognise. That goes for all email, if it has an attachment and you don't know the sender, (check both the name and senders email address), then never open it.

Just to add for info that the 'p**n blackmail' spams are now heading through on my, unique, CAG email address (cag@*mydomain*.co.uk). I know (hope!) nothing new has happened and there is nothing to be done other than ignore it, but it IS the first time this address has been used, so hope this might help put some other forum users minds at rest.

However, this is the blackmail variant without any password attatched which suggests the initial harvesting dates from way back when the email-only was hacked off of the board.

As above, yes I accept this could be random guessing but I too own a whole domain and get to see eveything coming in - and 99.9% of the recent 'blackmail', listing site and tablet spams are valid 'to' addressess I have used as unique logins on other sites or shops - mostly but not exclusively quite some time ago. Many of the shop ones are logins for sites long out of business which shows how these things are easily stored in huge databases and can perpetuate almost forever. They are almost always for small outfits that I assume didn't properly update their e-commerce software etc... Funny how I never, ever, get spam to my amazon@*mydomain*.co.uk address I've had since 1999!

I think the most worrying one was using an email address related to a security supplier (an actual designer and manufacturer, not a shop) who are in total denial and even tried to tell me 'it must be a worm in your own computer - for a start the from address is your own'. They then shoved a reddit link my way patronising me with 'see, there are a lot of blackmail emails like this - it isn't real'. Yeah, exactly, I know that, but some the data contained within it is... Bangs head against wall.

Just to add for info that the 'p**n blackmail' spams are now heading through on my, unique, CAG email address (cag@*mydomain*.co.uk). I know (hope!) nothing new has happened and there is nothing to be done other than ignore it, but it IS the first time this address has been used, so hope this might help put some other forum users minds at rest.

 

However, this is the blackmail variant without any password attatched which suggests the initial harvesting dates from way back when the email-only was hacked off of the board.

 

As above, yes I accept this could be random guessing but I too own a whole domain and get to see eveything coming in - and 99.9% of the recent 'blackmail', listing site and tablet spams are valid 'to' addressess I have used as unique logins on other sites or shops - mostly but not exclusively quite some time ago. Many of the shop ones are logins for sites long out of business which shows how these things are easily stored in huge databases and can perpetuate almost forever. They are almost always for small outfits that I assume didn't properly update their e-commerce software etc... Funny how I never, ever, get spam to my amazon@*mydomain*.co.uk address I've had since 1999!

 

I think the most worrying one was using an email address related to a security supplier (an actual designer and manufacturer, not a shop) who are in total denial and even tried to tell me 'it must be a worm in your own computer - for a start the from address is your own'. They then shoved a reddit link my way patronising me with 'see, there are a lot of blackmail emails like this - it isn't real'. Yeah, exactly, I know that, but some the data contained within it is... Bangs head against wall.

I work in IT, it can be common for spam emails to be sent to randomly guessed names and initials. I've watched several brute force spam attempts where they would literally try every name possible @domain... and also name.commonsurname@domain... as well as simple 2 and 3 letter initials.

Type your email addresses into http://www.haveibeenpwned.com and see if they've appeared in any known (public) databases.

Also possible for a malicious attachment to grab contact lists from your PC. One of our clients opened a bad attachment, now they get spoofed emails from their contacts, so it can't be proven where the spammers got the contact details from. In fact I get a couple weekly from a client after they opened a malicious attachment.

I've also long has suspicions that there are dodgy email blacklist checkers which are harvesting email addresses in this way.

I work in IT, it can be common for spam emails to be sent to randomly guessed names and initials. I've watched several brute force spam attempts where they would literally try every name possible @domain... and also name.commonsurname@domain... as well as simple 2 and 3 letter initials.

 

Type your email addresses into http://www.haveibeenpwned.com and see if they've appeared in any known (public) databases.

 

Also possible for a malicious attachment to grab contact lists from your PC. One of our clients opened a bad attachment, now they get spoofed emails from their contacts, so it can't be proven where the spammers got the contact details from. In fact I get a couple weekly from a client after they opened a malicious attachment.

 

I've also long has suspicions that there are dodgy email blacklist checkers which are harvesting email addresses in this way.

Yes I know that they DO randomly generate names @ domain; I'm sure this is prolific, but all I can say is my server will accept absolutely anything and the prefixes are only rarely 'random'; then they are of the random name 'sarah.jones@*mydomain*.co.uk type or 'accounts' / 'sales.ledger' / 'goods_in' / 'payroll' @*mydomain*.co.uk' when associated with the much lower volume spam regarding fake invoices, fake CV's for non existant jobs and the like.

I would know if I had been flooded with other junk prefixes, but instead, they are otherwise actual known addresses I have used in the past.

I'm aware of that website but it's far from comprehensive and shouldn't be used as absolute proof of anything - as I say I've had a few 'blackmail' types recently based around ancient logins for

ecommerce stores, mostly no longer trading but some were - and the specific password quoted to try and scare me was spot on - thankfully most of the stores still around are

so small time they don't store CC info (and if they did it would be long out of date). None of the five recent specific email, specific password types were on that database.

I didn't even bother telling the owners of the two still going as no doubt they would either not understand or be in total denial just like the access company.

Most of them were cottage industry types selling one or two self manufactured products connected with the marine or fire supression industry, hence most still having ancient

shops relying on either paypal or even 'call us to pay on CC after ordering' type setups.

That does also leave any potential hack on my own PC having to be ancient too of course, since not only am I super careful but as I last used some of these email aliases about ten years ago

and don't keep many old emails at all unless very important or relatively recent...

I work in IT, it can be common for spam emails to be sent to randomly guessed names and initials. I've watched several brute force spam attempts where they would literally try every name possible @domain... and also name.commonsurname@domain... as well as simple 2 and 3 letter initials.

 

Type your email addresses into ... and see if they've appeared in any known (public) databases.

 

Also possible for a malicious attachment to grab contact lists from your PC. One of our clients opened a bad attachment, now they get spoofed emails from their contacts, so it can't be proven where the spammers got the contact details from. In fact I get a couple weekly from a client after they opened a malicious attachment.

 

I've also long has suspicions that there are dodgy email blacklist checkers which are harvesting email addresses in this way.

I think a number of posters work in IT, and, as commented, we operate our own domains and use the catch-all email function to route messages so we can make up addresses on the fly. As you say, this gives us a unique insight into the techniques spammers use, from random brute-force guesses, which in my experience are relatively rare (I've only seen a couple in 20 years), to compromised databases, which are far more common.

It's obvious when a site is compromised, it starts with a trickle of spam and increases as the list is sold on or shared. When this happens, I tend to change my registered email address at the main site and add the compromised address to my blacklist, however most users with a single email address don't have this luxury. As time goes on, it gets harder and harder to work out how your email address came to be shared.

In my experience, spoofed email tends to come from the web-based services - Yahoo was particularly bad - and happens when an account is compromised to the extent that the user's contact list is accessed too. That's how emails are sent from a known contact, to trick the user into opening the message. I agree, it is possible for a PC to be infected but with antivirus programs being so common, I think it's rare these days.

CAG demonstrated they are one of the more responsible organisations, reporting the breach immediately and responding to the comments we have posted.

Others have gone to great lengths to deny any intrusion or refuse to reply/comment... I hope GDPR will put an end to that as they are encouraged to report breaches immediately.

Yes I know that they DO randomly generate names @ domain; I'm sure this is prolific, but all I can say is my server will accept absolutely anything and the prefixes are only rarely 'random'; then they are of the random name 'sarah.jones@*mydomain*.co.uk type or 'accounts' / 'sales.ledger' / 'goods_in' / 'payroll' @*mydomain*.co.uk' when associated with the much lower volume spam regarding fake invoices, fake CV's for non existant jobs and the like.

 

I would know if I had been flooded with other junk prefixes, but instead, they are otherwise actual known addresses I have used in the past.

 

I'm aware of that website but it's far from comprehensive and shouldn't be used as absolute proof of anything - as I say I've had a few 'blackmail' types recently based around ancient logins for

ecommerce stores, mostly no longer trading but some were - and the specific password quoted to try and scare me was spot on - thankfully most of the stores still around are

so small time they don't store CC info (and if they did it would be long out of date). None of the five recent specific email, specific password types were on that database.

I didn't even bother telling the owners of the two still going as no doubt they would either not understand or be in total denial just like the access company.

Most of them were cottage industry types selling one or two self manufactured products connected with the marine or fire supression industry, hence most still having ancient

shops relying on either paypal or even 'call us to pay on CC after ordering' type setups.

 

That does also leave any potential hack on my own PC having to be ancient too of course, since not only am I super careful but as I last used some of these email aliases about ten years ago

and don't keep many old emails at all unless very important or relatively recent...

Yes, I agree. I do see generic addressing - accounts, payroll etc but these can easily be derived from a domain list.

The compromised addresses I've seen are specific to the site concerned and recently I have seen a massive increase in demands for bitcoin payments to prevent exposure of webcam (I don't have one plugged in) or browsing history / screenshots etc.

As I posted 5 years ago, one clear link is vBulletin software, as used by CAG. In these cases I'm getting email to registered addresses plus passwords so it's clear sites using this forum software have been compromised...

FWIW, I checked the unique address I gave to CAG at haveibeenpwned.com to receive the report that I have been pwned:

Oh no — pwned!

Pwned on 1 breached site and found no pastes

Since CAG is the only site that I've given this address, I strongly suspect that CAG is the breached site.

Also FWIW, I give unique addresses to each organisation that wants my email address. Unique addresses that have attracted the current run of p**n spam are associated with LastFM (3 breached sites, no pastes but some of the spam quotes the password I used when I last visited lastfm several years ago) and AVAST anti-virus (2 breached sites, no pastes). I'm really shocked at the last of those.

Edited to add: BTW, the addresses that I give organisations comprise of a prefix, a delimiter, and a suffix -- the prefix denotes the type of organisation, the delimiter is a non alphanumeric character and the suffix uniquely identifies the organisation when looked up in a table of addresses that I keep. So 'dictionary' attacks (such as every name possible @domain) will not work, which implies beyond reasonable doubt that these addresses have been harvested during one or more breaches.