Message boards :
Cafe SETI :
Suspicious email purporting to be from UC Berkeley professor about BOINC
Message board moderation
Author | Message |
---|---|
AdmiralJeff Send message Joined: 11 Dec 99 Posts: 32 Credit: 25,877,576 RAC: 0 |
Anyone else seen one of these emails? It came in on an email address I only use for my Seti@home account. I forwarded a copy to Professor Dragan in case her account may have been commandeered in some way. The grammar seems to be a giveaway. Original message and headers below, with email addresses redacted (xxx@xxx.xxx). The link to an EXE download file has also been removed from body of the message. I would hate to think that the database of Seti@home / BOINC user accounts has been hacked and user account info stolen. Jeff -----Begin Message Headers----- Return-Path: <apache@n2yo.net> Received: from n2yo.net (n2yo.com [64.71.74.100]) by mtaig-mcc02.mx.aol.com (Internet Inbound) with ESMTP id 2AA247000008A for <xxx@xxx.xxx>; Sun, 26 Feb 2017 14:44:46 -0500 (EST) Received: by n2yo.net (Postfix, from userid 48) id 3D703383874; Sun, 26 Feb 2017 19:44:45 +0000 (UTC) Date: Sun, 26 Feb 2017 19:44:45 +0000 To: xxx@xxx.xxx From: =?UTF-8?Q??= <xxx@xxx.xxx> Subject: =?UTF-8?Q?N=32YO=2enet_new_software_for_all_platforms?= Message-ID: <43c6a606567e44e294a356ce16d5d6a6@n2yo.net> X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="us-ascii" x-aol-global-disposition: S Authentication-Results: mx.aol.com; spf=none (aol.com: the domain n2yo.net appears to have no SPF Record.) smtp.mailfrom=n2yo.net; X-AOL-OVERRIDE-PIK-REASON: Y X-AOL-REROUTE: YES x-aol-sid: 3039ac1afd4258b3302e6462 X-AOL-IP: 64.71.74.100 X-AOL-SPF: domain : n2yo.net SPF : none -----End Message Headers----- -----Original Message----- Subject: N2YO.net new software for all platforms From: =?UTF-8?Q??= <xxx@xxx.xxx> To: xxx@xxx.xxx Hello Dear Lawrence Livermore National Laboratory are working in association with University of California, Berkeley's BOINC project and we want to get suggests from our partners and developers. Please download and review our new product to help us improving or contribution BOINC project : [Link Removed] Kind regards Professor Anca Dragan UC Berkeley, EECS 776 Sutardja Dai Hall #1758 Berkeley, CA 94720-1758 Personal Homepages: https://www2.eecs.berkeley.edu/Faculty/Homepages/anca.html https://people.eecs.berkeley.edu/~anca |
Gordon Lowe Send message Joined: 5 Nov 00 Posts: 12094 Credit: 6,317,865 RAC: 0 |
Anytime an email starts off, "Hello dear", I get suspicious. The mind is a weird and mysterious place |
Carlos Send message Joined: 9 Jun 99 Posts: 30448 Credit: 57,275,487 RAC: 157 |
"we want to get suggests" Need you look any farther? I have not gotten a copy or if I did my spam software blocked it before I ever saw it. |
betreger Send message Joined: 29 Jun 99 Posts: 11408 Credit: 29,581,041 RAC: 66 |
I return them to the sender, a little spam for them is a good thing. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30923 Credit: 53,134,872 RAC: 32 |
nothing here |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 66201 Credit: 55,293,173 RAC: 49 |
My spam filter would block it, since I don't get this stuff in My email box. Savoir-Faire is everywhere! The T1 Trust, T1 Class 4-4-4-4 #5550, America's First HST |
Dr Who Fan Send message Joined: 8 Jan 01 Posts: 3313 Credit: 715,342 RAC: 4 |
Just by looking at the email Headers tell me it is 1000% SPAM! Tip off(s): Received: from n2yo.net (n2yo.com [64.71.74.100]) According to DomainTools : IP Location United States - Florida - West Palm Beach - Cloud South / Website Title LIVE REAL TIME SATELLITE TRACKING AND PREDICTIONS x-aol-global-disposition: S AOL Automatically flagged it as possible SPAM / Suspicious Mail "S" spf=none (aol.com: the domain n2yo.net appears to have no SPF Record.) smtp.mailfrom=n2yo.net; What is an SPF Record? An SPF (Sender Policy Framework) record is a list of servers that are allowed to send e-mail from your domain. This reduces spam activity that may be perceived to originate from your domain, which is known as source address spoofing. https://www.liquidweb.com/kb/what-is-an-spf-record/ AOL says the email DID NOT come from where it claims to have. It was REROUTED / SENT FROM SOMEWHERE ELSE. -----End Message Headers----- |
Dr Who Fan Send message Joined: 8 Jan 01 Posts: 3313 Credit: 715,342 RAC: 4 |
I return them to the sender, a little spam for them is a good thing. BAD IDEA! Another great way to get EVEN MORE SPAM mail. It also tells them they have found a WORKING EMAIL ADDRESS. |
Grant (SSSF) Send message Joined: 19 Aug 99 Posts: 13835 Credit: 208,696,464 RAC: 304 |
I return them to the sender, a little spam for them is a good thing. The other problem is that often (pretty much always) the return address is valid, but it's not the sender's. Some poor sod ends up getting spammed by all the returned spam with no idea why they're suddenly getting all this rubbish being bounced back at them, even though they had nothing to do with it. Grant Darwin NT |
bluestar Send message Joined: 5 Sep 12 Posts: 7234 Credit: 2,084,789 RAC: 3 |
In my opinion if this happened to be a true "bitch" mail, I would rather post the complete header in full for such a thing. Unless so, you could perhaps pretend not to be any much better yourself. A given wording in such an e-mail stating "may be forged" when it comes to the possible IP-address for the sender, should be taken 50/50 in my opinion. Sorry about that, but I happen to know about it. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30923 Credit: 53,134,872 RAC: 32 |
@AdmiralJeff Since no one else seems to be getting one, I'd suspect spear phishing. It may be intended just for you. Do you work in a sensitive industry? |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.