Cute New(?) Email Scam

[Darrius Gothly]

We're all on guard these days for phishing scams and other email abuses that could expose us to theft or some type of account compromise. But spammers are still trying to find every email address in existence too. I know because I just got a new type of email that had only one purpose .. determine if my email address has a human attached.

Spammers try and weed out abandoned or automated email addresses from their lists. They often will send "beacon" type emails that contain image links they can use to determine the email was opened by a human. Most of us use a technique of viewing the message source or the email headers to determine .. yeah, this one is just hunting for humans. Any that are obvious beacons .. instant deletion without ever opening it or triggering the beacon back-link.

But the one I just got is more devious. It arrived looking like a generic text email and had all the proper info to make it seem as though an automated email server had returned undeliverable email. Except .. I never sent email to that address.

Okay, that's not really an indicator of something sneaky going on. After all, spammers will often use real email addresses as the "From" address, and I've had mine used as the source many times before. I get a flood of "undeliverable email" reports .. and then it stops .. because the spammers know not to overuse an address they don't own.

This new one though? VERY much sneakier. The message was in fact NOT an automated failure message from an email server. It was a regular message made to LOOK like one. The giveaway?

It requested a "Return Read Receipt" from me. That means it wanted me to send a (normally automated) reply message saying "got your email, reading it now". That's a standard email feature and often used to verify that the email you sent successfully arrived. But automated systems don't want a reply. They don't even care you got the email. They just send out the notice and forget about it.

So why did THIS "automated failure message" want a reply? Because the reply receipt would show the destination address (my email address) was live. Presto! They've not only detected a manned address, they've done so in such a sneaky way, most folks wouldn't even realize they'd been scammed or scraped. ("Scraped" is the act of devouring web pages and other internet resources to pull as much data off them as possible.)

Yeah, spammers and scammers spend their intelligence and creativity .. stealing from others. They are the lowest of the low IMO. I get riled up by folks that use talents like that to take what is not theirs. But the world is full of people like that, so I just shrug and warn others. Like this warning now.

Guard yourselves folks. If you get a "delivery failed" message and you didn't send email to that address .. DO NOT OPEN IT! Just delete it and move along.

[Freya Mokusei]

Good notes, you're on the money.

DSNs (Delivery Status Notifications) and sending Read Receipts can be disabled usually at the account level, but also at the server level.

Note also that there is scope for a Delivery Receipt which also tests whether your server is willing to accept mail at all, and Delivery Status (typically a code 9.9.9 where 9 can be in the range 1-5) can also provide 'beacon' awareness (in some cases, they will release information about where an Email was forwarded to). Some mailservers have the option to disable/rewrite most of this functionality too.

Always remember that every element of an Email can be faked, especially header/sender info. Is just a text file, and can be edited as easily. To, From, Envelope-To, there's no reason to implicitly trust any of it.

Worth searching for details on how to do this for the Email provider of preference and at least checking that you're not configured to Always Approve read receipts. 'Cause that just makes it too easy.

Couple of links:-

Disabling Read Receipts - Outlook

Handling Read Receipts - Gmail

 Deliver and Read Receipts - Thunderbird

[Darrius Gothly]

LOL @ your signature line .. I can only imagine you copied that from a chat at some time. :smileylol:

Among all the web properties I manage there are a lot of addresses I have to keep as well. Back in the days of old I was the author of a moderately successful anti-spam email filter. It was doing okay .. until people with real money behind them entered the market. *grins* Another hobby .. shot full of holes!

Most folks do use either the GMail web interface or one of the "standard" email clients (such as Outlook). I find a lot of folks with Read Receipts turned on by default .. or turned off. I prefer to set the option to "Ask me" .. because they ARE a valuable tool. When a business associate or someone close that I know checks the option to request a read receipt, I understand they are asking me to verify receipt .. so I send it. They asked nice, so I answer politely.

But once again, the tools of good communication are being co-opted into something inherently deceptive .. and wrong. If there is one totally miraculous thing about humanity, it is our ability to turn poppies into death. (Figuratively speaking .. sorta.)

BTW: I use Dunderbird ... errrr .. I mean Thunderbird from Mozilla. Me and Outlook? We just never made friends after it killed off my previous best friend .. Outlook Express. *wink*

[Freya Mokusei]

I did copy signature from real life, yes. Have been on fire a couple of times and prefer to go AFK since my sofa is flammable. >.> I like the dual phrasing, not prone to slowing down.

Thunderbird is awesome, will add that to the links above. Outlook is okay, I've gotten grumpy with it myself since 2010.

Agree entirely that DSNs have a useful place. Have been co-opted for a long time in business (primary use-case I see for them nowadays is data-collection for 'list' sales) but I frequently use SMTP status of received mail to guarantee good-standing (is ham) with recipients.

[Dresden]

---

Freya Mokusei wrote:

 

Deliver and Read Receipts - Thunderbird

---

Just wanted to point out that the directions given on this page are outdated and therefore incorrect.  For the current version of Thunderbird, getting to the return receipts option requires the following:

Tools/Options/Advanced/General...Then, click on the Return Receipts button.

...Dres

[Freya Mokusei]

Urgh, corrected! Thanks!

Shows what happens when you trust non-authoritive sources. Even those called Thunderbird.edu

Maybe I can pretend this was planned all along.

[Dresden]

It is as it should be.  Had you not directed me to that site, I wouldn't have even know where to begin, much less found the correct directory.

Thanks ...Dres

[DejaHo]

Dres, dude, I enjoy your new forum pic.  Is that your Santa outfit? 

Ho Ho Ho

 

[Dresden]

How'd ya guess?

...Dres