How do scammers insert the change into a return address for a scammed email?
Asked by
anartist (
14813)
September 19th, 2012
Just recently I received an email purported to be from a friend who actually had recently gone on a trip, asking or money to help her get home. The email return address differed from hers only by the insertion of a “1” atter the part before the ”@” symbol.
How do scammers do this [not planning to try it myself]—insert the change in the return address? See code below:
Message-ID: <1345570696.52799.YahooMailClassic@web126001.mail.ne1.yahoo.com>
Date: Wed, 19 Sep 2012 03:31:36 -0700 (PDT)
From: Ann Nonymus <heraddress@yahoo.com>
Reply-To: heraddress1@yahoo.com [how do they insert this?]
Subject: Horrible Trip…....Ann Nonymus
To: undisclosed recipients: ;
It is an old scam. I wrote about it in my blog 2 years ago .
Any ideas?
Observing members:
0
Composing members:
0
10 Answers
It’s a piece of cake to write a program to run on your machine and munge email addresses.
The To: undisclosed recipients: is a big red flag too.
@ETpro why? isn’t that the same as BCC?
Yes, but would your friend write to you and a list of BCCs? The scam artist is gimmicking the email address to lots of recipients in hoped of hitting one who will fall for it.
All on her mailing list?
I sent her a copy before having it reported as spam at gmail and she told all her friends she was safe and sound back at home.
Then she changed her password. Did that matter or were passwords no obstacle anyway?
I hope nobody fell for it before the news got out. Good job reporting it.
One way to seem to come from your friend is to send a trojan into their account to steal all their contacts and make it seem they were the sender.
@ETpro thanks they went to Bermuda, not Spain, as the email claimed, and most of her friends knew that. so shouldn’ have been too bad.
But tthe password was no deterrent whatsoever, correct?
@YARNLADY only if one was unfortunate enough to reply to the address without examining it. Which I may have done two years earlier in a similar case.
@anartist I don’t know how they compromised the email. Could be they cracked your friend’s account. If it was Yahoo mail it’s unlikely they were able to place a Trojan on the mail server.
Response moderated (Spam)
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.