[outages] Crazy amts of spoofing?

Blake Pfankuch - Mailing List blake.mailinglist at pfankuch.me
Fri Apr 4 23:23:47 EDT 2014


I keep an old email address out there just so I can trend the spam in the world.  I usually get 250-300 messages a day of junk in that mailbox, with peak counts being M-F 6am to 6pm Mountain Time.

Since Thursday last week, I have been averaging almost 450 a day, with a peak of 630 messages yesterday.  I have had reports from a few family members saying they have seen Email with my name on it, but smash keyboard email addresses over the past few weeks as well.

From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Bill Wichers
Sent: Friday, April 4, 2014 3:24 PM
To: Eric Henson
Cc: outages
Subject: Re: [outages] Crazy amts of spoofing?

While not spoofing specifically, we've been seeing abnormally high amounts of general nefarious network activity this year. It was especially bad during the height of the ntp ddos problem in January/February but still seems higher than it was last year.

Sent from my iPhone

On Apr 4, 2014, at 5:22 PM, "Eric Henson" <ehenson at pfsweb.com<mailto:ehenson at pfsweb.com>> wrote:
I've seen this-sporadically-for a year now probably, although my users started reporting it in March (or maybe February 25th).

--
ERIC HENSON
Solutions Architect for Systems Organization
PFSweb  |  www.pfsweb.com<http://www.pfsweb.com/>
p:  972.881.2900  x3104
m: 972.948.3424

From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Tony Patti
Sent: Friday, April 04, 2014 4:02 PM
To: 'Neil Ticktin'; 'outages'
Subject: Re: [outages] Crazy amts of spoofing?

I've seen (work, family, friends) an increased amount of spoofing since February 25.

The first two emails I looked at that day were sent thru email servers in UK and France.

Tony Patti
CIO
S. Walter Packaging Corp.

From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Neil Ticktin
Sent: Friday, April 04, 2014 4:17 PM
To: outages
Subject: [outages] Crazy amts of spoofing?

Anyone seeing crazy amounts of spoofing that are going out to what looks like address book entries?

In other words, not from your client, not from your server, but spoofing an email address that's yours, and going to recipients that look like your address book (e.g., grouped by last name and to people you know).

I don't want to point fingers, and I have no evidence of this in any way, but it almost looks like a social network site, that may have access to address book entries, got hit -- and someone is spoofing big time.

The other option would be a Mac virus hitting address book entries.

Anyone seeing anything this?

Neil

------------------------
This email was scanned by BitDefender.

------------------------
This email was scanned by BitDefender.
_______________________________________________
Outages mailing list
Outages at outages.org<mailto:Outages at outages.org>
https://puck.nether.net/mailman/listinfo/outages
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20140405/b81a291d/attachment.htm>


More information about the Outages mailing list