topic Re: Spam Mail. in Security

Spam Mail.

GerryMac — Sat, 13 Jan 2024 18:29:05 GMT

Hi,

Just be careful regarding spam emails. I must have shares in Mcafee now.

They are coming thick and fast.

Cheers

Re: Spa Mail

Gondola — Sat, 13 Jan 2024 16:36:41 GMT

Hi Gerry

Happy new year. Hope you're keeping well.

I'm pretty sure you're aware that TalkTalk Consumer do not have any association with McAfee. TalkTalk Consumer security products are provided by f-Secure.

So, just follow the normal guidance to report the McAfee email as a phishing attack purporting to be from TalkTalk.

Phishing emails & everything you need to know

Re: Spa Mail

GerryMac — Sat, 13 Jan 2024 18:28:11 GMT

A Happy New Year to your good self.

Mcafee is just one of them, Argos ,Boots to name a few others but lately TalkTalk has been added more times but I just add them to the spam box.

Sorry for the title of this topic..should have read Spam..that,s the disadvantage of typing on a smartphone 🤣.

Cheers.

Re: Spam Mail.

Canthespam — Mon, 29 Jan 2024 14:54:47 GMT

Please NOTE that these emails place cookies on YOUR computer, the aim of these cookies are to track your browsing on the web.

As this data is being Harvested, for example a number of Talktalk Users are browsing say "Boots" then this is the scammers target, lets say "Argos" is also has a high number of Talktalk browsers then this might be the next target.

Here is an example of the Argos one

Domains	IP Address
nosotroda.com	188.114.97.2
fonts.googleapis.com	216.58.201.106
ka-f.fontawesome.com	172.64.204.20
fonts.gstatic.com	142.250.200.35
publiciqe.win	45.87.222.98
businesstechevent.com	78.137.168.189
excelhey.bid	94.156.33.241
janiecera.com	146.19.173.232
clcr.me	34.86.13.18
kit.fontawesome.com	104.18.40.68
virtualpushplatform.com	172.67.177.88

The cookie found was CLCR, the domain link in the email businesstechevent.

If one was to use a redirect checker it identifies where these Domain names go, this is the picture that opens in your email, however, the other domain names (links) go elsewhere and plant their cookies.

You should either delete all the cookies in your browser before shutting down, WARNING, this may entail you entering passwords to sites you use a lot when you want to use them.

The alternative is to open up your browser and check the cookies on the list, one as an example that turns up is Doubleclick,

This cookie tells Doubleclick the time and date you saw an advert. It also shows:
userid: the unique ID number the cookie has given your browser
ad_id: the unique ID of the advert
ad_placement_id: the ID of where the advert was seen on the site
referral_url: what page you were on when you saw the advert

Because it records your IP address, Doubleclick can also make a good guess of your country and town/city, too.

I have deleted it and it returns so I block it on my computer, it has no access or data.

These cookies placed on your computer will tell the spammer your browsing history, what you have looked at, you should remove any cookies found that you are not sure of. The question being did you visit this site, NO, delete it, the spammer has gone away from using the first domain name as a cookie that is why there are other domain links.

The current torrent of spam email is of a format that the so called "spam filter" identifys as "Newsletters" and much to my annoyance there are free marketing sites e.g. mail-tester.com, that allow you to send your "newsletters" e.g. by email to them and they will test it to make sure it goes through the spam filters.

Having past the latest spam email through this test it passes 10/10, however there is a note as follows,

"The List-Unsubscribe header is required if you send mass emails, it enables the user to easily unsubscribe from your mailing list.

Your message does not contain a List-Unsubscribe header" and one would look to see if this could be incorporated in the "spam filter" to reject all "newsletters" that do not contain a "List-Unsubscribe header", obviously genuine newsletters do?

Regards

CanTheSpam

Re: Spam Mail.

GerryMac — Mon, 29 Jan 2024 16:22:50 GMT

Hi,

Thanks for that detailed account. I had a look on the PC and found, as you said alot..But have tried to find the same with the Samsung browser on mobile but I,m at a loss. Must do a bit of googling.

Cheers.

Re: Spam Mail.

Canthespam — Mon, 29 Jan 2024 16:36:06 GMT

Hi GM not sure about the Samsung, access to the internet is through a browser and that browser I use on my Sansung phone so if I clear the one on my PC its the same account so keep just one browser account.

I beleive that a lot of Talktalk users do not realise that these cookies are put there without their permission, usually they are set for say 60 days, however over each email the time restarts and a new cookie could be set.

CanTheSpam