Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Spoofed email

23 Nov 2014   #1
Frogpond51

Windows 7 Ultimate 64bit & Windows XP Pro (Dual Boot)
 
 
Spoofed email

Hi All,
I received an email from my cousin that she never sent to me. Looking at the body of the letter it was apparent that her name was altered and her email address in "<xxxxxxxxxx>" was incorrect. The hyperlink was also suspicious. Of course I did not click on it and called her to verify that she did not send it.
We have both updated & scanned our computers with anti-virus & anti-malware programs and come up clean.
Question: Is it possible to track down the original sender and what the threat would be that they are sending?
Is there any good sites or tutorials on how to track down this type of junk?
I have saved the code of the email, but am unsure what all the IP addresses in the code mean in back-tracking this. I know this isn't a high priority issue to most, but it's got me a little pissed and I just wanted to know how to track down this crap and maybe find out what the real threat might be.
Any help or input is greatly appreciated.
Thanks for reading & Cheers!

Froggy


My System SpecsSystem Spec
.
23 Nov 2014   #2
jamis

Windows 7 Home Premium 64 bit SP1
 
 

I used to get these all the time after my ISP changed email providers. I have even gotten email from myself that was spoofed. The only way we got rid of it was to send the ISP support folks the offending emails, which they sent to the email provider (tucows). Eventually, the spoofed emails stopped for the most part. We still get one every few months and I just forward them on to the the ISP support team.
My System SpecsSystem Spec
23 Nov 2014   #3
Frogpond51

Windows 7 Ultimate 64bit & Windows XP Pro (Dual Boot)
 
 

Hi jamis, thanks for the good advice reporting to the ISP folks.
I guess my main question is, can I play detective and track the rats down and find out what the real threat might be? I'm just curious on how to do this & a bit put off about it.

Cheers!
My System SpecsSystem Spec
.

23 Nov 2014   #4
jamis

Windows 7 Home Premium 64 bit SP1
 
 

I found it to be a pretty futile effort. After talking with my ISP's support folks, the problem was at the email service provider's end. It seemed that someone had a worm in their system and was stealing email addresses as they went through their system. All of the spoofed emails we got were scam pitches or phising attempts. It was frustrating while it was happening, but letting the email provider fix it was the best recourse. I just kept sending the offending emails to the ISP until it stopped. Oddly enough, I've not had this issue with Yahoo or gMail accounts, but these are specialty used only for certain organization memberships I have. Our primary email account is through our ISP, which is also our cable TV, and land line phone provider.
My System SpecsSystem Spec
23 Nov 2014   #5
LMiller7

Windows 7 Pro 64 bit
 
 

You probably would not be successful in tracking down the source of the email. Typically the sender has gone to great lengths to make this as difficult as possible. Assessing the nature of the threat would also be very difficult.
My System SpecsSystem Spec
23 Nov 2014   #6
jamis

Windows 7 Home Premium 64 bit SP1
 
 

One last thought. Your cousin's email or provider may be the source of the spoofed address. If you have only gotten spoofed email from her, then the issue may be at her end.
My System SpecsSystem Spec
23 Nov 2014   #7
Frogpond51

Windows 7 Ultimate 64bit & Windows XP Pro (Dual Boot)
 
 

@jamis: thanks for the input, yes I received a similar email from another person we both know the day before, but I had just deleted when I saw it, so we are presuming that it is another person we know that is infected. The list of recipients CC'd was selective, only a few of the same contacts.

@LMiller7: Thanks for your reply. Guess I can't play detective then? I was hoping that I could sleuth this without too much complication. It appears the opinions are that this is a futile attempt to find the culprit(s).

Thanks for your replies,
Cheers!
Froggy
My System SpecsSystem Spec
23 Nov 2014   #8
badcrc

Windows 7 Pro x64 sp1
 
 

Rogue email that appears to come from a friend is often due to the friend having a virus that has scanned their email contact list and sent back the data (and the friend's details). This could have happened a while ago and the virus could have been found and removed during a regular scan. It's a simple matter for the hacker to send out spoofed emails to all the people on his list (apparently from their friends). There's usually a link in the email 'here's a cute cat' etc that is in fact a link to more malware.

It's quite easy to change the info in an email header so it appears to come from elsewhere, although IIRC some providers check for a data mismatch and warn you.
My System SpecsSystem Spec
23 Nov 2014   #9
Frogpond51

Windows 7 Ultimate 64bit & Windows XP Pro (Dual Boot)
 
 

Hi badcrc, thanks for your reply,
Yes the body of the letter has the reference like " ...Oprah thinks it's awesome" blabla, then the suspect hyperlink. I could post a screenshot of the body of the letter with email recipients and hyperlink blacked out, but it probably wouldn't be much help.

Cheers!
Froggy
My System SpecsSystem Spec
23 Nov 2014   #10
badcrc

Windows 7 Pro x64 sp1
 
 

This site can give some info on email origin etc

Trace Email IP: Track Email Header, Email Tracker, Email Tracer - ID Mail Tracking

I use Thunderbird, and I just tried the site by view - message source - and copy/pasting the header info from the msg Seven Forums just sent. It showed origin as Houston, Texas and a ton of other stuff. I guess your rogue email would show Russia, China etc (no insults intended).

This all happened to me a few years ago - I started getting suspicious emails supposedly from a mate. Either by accident or design, the hacker had included his contact list as cc (and so were visible to me). The thing is - he'd been on dating sites, so had contacts like sexylady99, foxybabe77 etc (he never lived that one down LOL). I guess that's where he got the virus. I actually closed that gmail account, just to be on the safe side. Took a while to change all my eBay, Amazon etc.
My System SpecsSystem Spec
Reply

 Spoofed email




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Outlook Email - Deleting Wrong Email Entry when starting new email
I have a situation where someone has 2 email addresses. One of them is now redundant and I have deleted it from the People section. However, when I am set to make a new email to that person and type the first letter of their name, in the pop up window (that you can click on) their old email...
Browsers & Mail
Spoofed calls - Is it what I recived?
I received a call from a number that had nothing to do with the original source of the call so, I'm guessing this was a spoofed call...if that is the correct term? I made the mistake of challenging the caller and not simply hanging up...it got nasty. He finally hung up and then, to annoy me, he...
General Discussion
Where on hard drive does windows live email store email attachments?
I can open an email and open an attachment on that email. I can look on my harddrive and find the same email text file easily enough on my harddrive, and open that text file using notepad. But I cannot find where the attachment(s) is stored on the harddrive? I've looked everywhere. ...
Browsers & Mail
outlook 2007 changed email address so email was returned
I'll bet you have not heard this one before. I was attempting to send an email to a potential client. Everything seemed to work well except that it was returned. The problem was that the address was changed somewhere. His name is spelled with a j but somewhere along the line, it was changed to a...
Microsoft Office
Easily spoofed traffic can crash routers, Juniper warns
More - Easily spoofed traffic can crash routers, Juniper warns ? The Register
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:42.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App