[ale] New style of email attack?

Bryan L. Gay ale at bryangay.com
Wed May 4 03:37:26 EDT 2022


We got a seemingly legit email from a company in town whom we'd had an
email correspondence with. It gave us a link to a document on their
website. That doc was a bad baddy. I examined it in Linux, and it
would have likely compromised a Windows machine. I can only guess
their email and/or website had been compromised, and the previous
emails in the account were used as an attack list, and their own email
server was sending these out.

Lucky my wife is as paranoid as I am. She had asked me to take a look
before she clicked on anything. Good wifey.

I guess I should call them....

On Tue, May 3, 2022 at 11:18 PM Jim Kinney via Ale <ale at ale.org> wrote:
>
> Sounds like databroker purchase turned phishing
>
> On May 3, 2022 10:50:28 PM EDT, Bob Toxen via Ale <ale at ale.org> wrote:
>>
>> Methinks that somebody's email or computer was hackd.  This sounds
>> different from "This is Bank of America, click here to login and change
>> your password."  The latter, of course, for frequently used companies
>> assumes that a certain percentage will hit current customers.
>>
>> For a Canadian campground clearly somebody was hacked to connect it
>> to you.
>>
>> Bob
>>
>> On Tue, May 03, 2022 at 08:52:27PM -0400, Neal Rhodes via Ale wrote:
>>>
>>> We've seen two instances of what might look like a new flavor of phishing
>>> attack.
>>>
>>> My wife got an email ostensibly from a local HVAC contractor we have used in
>>> the past, asking her to click on a link to view an RFP and see if she wants
>>> to work with them on it.  She knew enough to smell a rat and delete it.
>>>
>>> And today, I got an email from a campground in Canada where I made a
>>> reservation, asking for me to buy an Amazon Gift card for their family
>>> 'cause they had a heart attack, and they will pay me back.   In that case,
>>> the reply address was XXXXXXX at outlook.com, when in fact the real emails from
>>> the park were sent from XXXXXXX at somethingsomething.ca.
>>>
>>> It's like some attack is floating around which just harvests combinations of
>>> To/From email addresses, and they blast out various attempts to fool people.
>>>
>>> I've only seen a couple like that.  Do I just not get out much?
>>>
>>> Is this ringing a bell?
>>>
>>> Neal
>>> ________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> https://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>
>> ________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
> --
> Computers amplify human error
> Super computers are really cool
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


More information about the Ale mailing list