<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"></head><body dir="auto"><div>While not spoofing specifically, we've been seeing abnormally high amounts of general nefarious network activity this year. It was especially bad during the height of the ntp ddos problem in January/February but still seems higher than it was last year. <br><br>Sent from my iPhone</div><div><br>On Apr 4, 2014, at 5:22 PM, "Eric Henson" <<a href="mailto:ehenson@pfsweb.com">ehenson@pfsweb.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ve seen this—sporadically—for a year now probably, although my users started reporting it in March (or maybe February 25<sup>th</sup>).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="line-height:150%"><span style="font-size:11.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#59595C">--
<b><br>
</b></span><span style="font-size:11.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#6F8CC0">ERIC HENSON</span><span style="font-family:"Arial","sans-serif";color:#78A22F"><br>
</span><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#59595C">Solutions Architect for Systems Organization<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:150%"><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#59595C">PFSweb |
</span><span style="font-size:11.0pt;line-height:150%;font-family:"Calibri","sans-serif";color:#1F497D"><a href="http://www.pfsweb.com/"><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#59595C">www.pfsweb.com</span></a></span><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#59595C"><br>
</span><b><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#6F8CC0">p:</span></b><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#6F8CC0">
</span><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#59595C">972.881.2900 x3104<br>
</span><b><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#6F8CC0">m:</span></b><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#6F8CC0">
</span><span style="font-size:8.0pt;line-height:150%;font-family:"Arial","sans-serif";color:#59595C">972.948.3424<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Outages [<a href="mailto:outages-bounces@outages.org">mailto:outages-bounces@outages.org</a>]
<b>On Behalf Of </b>Tony Patti<br>
<b>Sent:</b> Friday, April 04, 2014 4:02 PM<br>
<b>To:</b> 'Neil Ticktin'; 'outages'<br>
<b>Subject:</b> Re: [outages] Crazy amts of spoofing?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif";color:#1F497D">I’ve seen (work, family, friends) an increased amount of spoofing since February 25.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif";color:#1F497D">The first two emails I looked at that day were sent thru email servers in UK and France.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif";color:#1F497D">Tony Patti<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif";color:#1F497D">CIO<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif";color:#1F497D">S. Walter Packaging Corp.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Outages [<a href="mailto:outages-bounces@outages.org">mailto:outages-bounces@outages.org</a>]
<b>On Behalf Of </b>Neil Ticktin<br>
<b>Sent:</b> Friday, April 04, 2014 4:17 PM<br>
<b>To:</b> outages<br>
<b>Subject:</b> [outages] Crazy amts of spoofing?<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Anyone seeing crazy amounts of spoofing that are going out to what looks like address book entries?<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">In other words, not from your client, not from your server, but spoofing an email address that's yours, and going to recipients that look like your address book (e.g., grouped by last name and to people you know).<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I don't want to point fingers, and I have no evidence of this in any way, but it almost looks like a social network site, that may have access to address book entries, got hit -- and someone is spoofing big time.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The other option would be a Mac virus hitting address book entries.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Anyone seeing anything this?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Neil<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
------------------------<br>
This email was scanned by BitDefender.<o:p></o:p></p>
</div>
<br>------------------------<br>This email was scanned by BitDefender.</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Outages mailing list</span><br><span><a href="mailto:Outages@outages.org">Outages@outages.org</a></span><br><span><a href="https://puck.nether.net/mailman/listinfo/outages">https://puck.nether.net/mailman/listinfo/outages</a></span><br></div></blockquote></body></html>