Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
That's what happened, Gordo. Look at the source of the original post and it's obviously originating from 189.223.76.180 (Tijuana), despite the spoofed "From:" field. You can't spoof the originating IP, because it's added by the first relay, not by the original poster. -- Rexx > On 22 August 2017 at 17:15 Gordon Joly wrote: > > > On 22/08/17 11:54, Rex X wrote: > > It's just as likely that his email address has been "harvested" by automated > > programs scanning publicly available email archives, and Ewan also displays > > his > > email address in clear text on his Wikipedia user page, which I would > > recommend > > against as well. > > It is possible to *munge* the sender's address in Mailman. > > The from field would then look like this: > > FROM: A. N. Other via WMUK (wikimediauk-l@lists.wikimedia.org). > > Gordo > > ___ > Wikimedia UK mailing list > wikimediau...@wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l > WMUK: https://wikimedia.org.uk ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
Received: from 189.223.76.180.dsl.dyn.telnor.net ([189.223.76.180]:54466 helo=10.0.0.4) by hv8svg015.neubox.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1djdDT-001QTr-KO for wikimediauk-l@lists.wikimedia.org; Sun, 20 Aug 2017 22:17:27 -0500 That's the partial headers from the original. Gordo On 23/08/17 14:50, MCANDREW Ewan wrote: > Dear all, > > Suffice to say I won’t ever be asking to pay invoices on this mailing > list but many apologies for the phishing email you received which > purported to come from my email address. I can see this has generated a > great deal of discussion on this thread. > > Just to make you aware that I’ve reported the issue to the IS helpline > here at the university who are looking into this as a matter of urgency. > I’ve also run Malware checks on both my computer and mobile (using > Malwarebytes and Norton) but nothing seems amiss/ turning up in these > scans so far. > > I’m wondering also if this is not a university email problem per se > given I have also received another phishing scam email to my gmail > purporting to be from Jason’s email address at the National Library of > Wales. So Jason and Wikimedia UK list admins may want to run scans too > (belt and braces after all!). > > Apologies all once again. > > Best wishes, > > Ewan > > Ewan McAndrew > Wikimedian in Residence > > Tel: 07719 330076 > Email: ewan.mcand...@ed.ac.uk > Subscribe to the mailing list: wikime...@mlist.is.ed.ac.uk > My working hours are 10.30am to 6.30pm Monday to Friday. > Wikipedia Project Page for the residency: > https://en.wikipedia.org/wiki/Wikipedia:University_of_Edinburgh > > The University of Edinburgh, Floor H (West), Argyle House, 3 Lady Lawson > Street, Edinburgh, EH3 9DR. > www.ed.ac.uk > > > > > > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336. > > > > ___ > Wikimedia UK mailing list > wikimediau...@wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l > WMUK: https://wikimedia.org.uk > ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
Dear all, Suffice to say I won’t ever be asking to pay invoices on this mailing list but many apologies for the phishing email you received which purported to come from my email address. I can see this has generated a great deal of discussion on this thread. Just to make you aware that I’ve reported the issue to the IS helpline here at the university who are looking into this as a matter of urgency. I’ve also run Malware checks on both my computer and mobile (using Malwarebytes and Norton) but nothing seems amiss/ turning up in these scans so far. I’m wondering also if this is not a university email problem per se given I have also received another phishing scam email to my gmail purporting to be from Jason’s email address at the National Library of Wales. So Jason and Wikimedia UK list admins may want to run scans too (belt and braces after all!). Apologies all once again. Best wishes, Ewan Ewan McAndrew Wikimedian in Residence Tel: 07719 330076 Email: ewan.mcand...@ed.ac.uk Subscribe to the mailing list: wikime...@mlist.is.ed.ac.uk My working hours are 10.30am to 6.30pm Monday to Friday. Wikipedia Project Page for the residency: https://en.wikipedia.org/wiki/Wikipedia:University_of_Edinburgh The University of Edinburgh, Floor H (West), Argyle House, 3 Lady Lawson Street, Edinburgh, EH3 9DR. www.ed.ac.uk The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
On 22/08/17 11:54, Rex X wrote: > It's just as likely that his email address has been "harvested" by automated > programs scanning publicly available email archives, and Ewan also displays > his > email address in clear text on his Wikipedia user page, which I would > recommend > against as well. It is possible to *munge* the sender's address in Mailman. The from field would then look like this: FROM: A. N. Other via WMUK (wikimediauk-l@lists.wikimedia.org). Gordo ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
There's always a possibility that Ewan's mail client is compromised, of course, so that scanning with a good malware detector is sensible. I usually recommend "Malwarebytes free", but others also do the job. It's just as likely that his email address has been "harvested" by automated programs scanning publicly available email archives, and Ewan also displays his email address in clear text on his Wikipedia user page, which I would recommend against as well. -- Rexx > On 22 August 2017 at 08:08 Gordon Joly wrote: > > > On 22/08/17 01:00, Katie Chan wrote: > > > > Perhaps the dozens of messages that Ewan has posted to this email list > > FROM that email address on the many archive publicly available of > > wikimediauk-l? > > Or the inner workings of his own mail client? > > Gordo > > > ___ > Wikimedia UK mailing list > wikimediau...@wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l > WMUK: https://wikimedia.org.uk ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
On 22/08/17 01:00, Katie Chan wrote: > > Perhaps the dozens of messages that Ewan has posted to this email list > FROM that email address on the many archive publicly available of > wikimediauk-l? Or the inner workings of his own mail client? Gordo ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
On 21/08/2017 21:34, Gordon Joly wrote: On 21/08/17 17:16, Rex X wrote: For those that are interested, the spammer's IP seems to be 189.223.76.180, which geolocates to Rosarito, Estado de Baja California, Mexico and their ISP is Telefonos del Noroeste, S.A. de C.V. if anyone wants to complain. They are simply using Ewan's name in the From: field, but it's worth him running a malware check just in case. How did they link Ewan's email address to this email list? Perhaps the dozens of messages that Ewan has posted to this email list FROM that email address on the many archive publicly available of wikimediauk-l? Katie -- Katie Chan Any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent the view of any organisation the author is associated with or employed by. Experience is a good school but the fees are high. - Heinrich Heine --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
On 21/08/17 17:16, Rex X wrote: > For those that are interested, the spammer's IP seems to be 189.223.76.180, > which geolocates to Rosarito, Estado de Baja California, Mexico and their ISP > is > Telefonos del Noroeste, S.A. de C.V. if anyone wants to complain. They are > simply using Ewan's name in the From: field, but it's worth him running a > malware check just in case. How did they link Ewan's email address to this email list? Gordo ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
Thank you :) On 21 August 2017 at 17:16, Rex X wrote: > For those that are interested, the spammer's IP seems to be 189.223.76.180, > which geolocates to Rosarito, Estado de Baja California, Mexico and their > ISP is > Telefonos del Noroeste, S.A. de C.V. if anyone wants to complain. They are > simply using Ewan's name in the From: field, but it's worth him running a > malware check just in case. > > I've sent a report via SpamCop anyway. > > -- > Rexx > > > > On 21 August 2017 at 11:09 Lucy Crompton-Reid > > wrote: > > > > > > Sorry just saw that this actually came to the whole mailing list, not > > directly to Owen...but my point still stands! > > > > On 21 August 2017 at 10:10, Owen Blacker wrote: > > > > > I'm guessing this is phishing spam? > > > > > > On Mon, 21 Aug 2017, 04:17 ewan.mcand...@ed.ac.uk < > invoic...@kibamf.com> > > > wrote: > > > > > >> Dear , > > >> > > >> > > >> I’m sorry, but I was unable to reach you on your cell phone so I am > > >> contacting you through this email about the status of this invoice > below. > > >> > > >> http://totalvictorymma.com/Copy-Invoice-0384/ > > >> > > >> Respectfully Yours, > > >> > > >> ewan.mcand...@ed.ac.uk___ > > >> Wikimedia UK mailing list > > >> wikimediau...@wikimedia.org > > >> https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l > > ___ > Wikimedia UK mailing list > wikimediau...@wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l > WMUK: https://wikimedia.org.uk -- Lucy Crompton-Reid Chief Executive Wikimedia UK +44 (0) 207 065 0991 Wikimedia UK is a Company Limited by Guarantee registered in England and Wales, Registered No. 6741827. Registered Charity No.1144513. Registered Office 4th Floor, Development House, 56-64 Leonard Street, London EC2A 4LT. Wikimedia UK is the UK chapter of a global Wikimedia movement. The Wikimedia projects are run by the Wikimedia Foundation (who operate Wikipedia, amongst other projects). *Wikimedia UK is an independent non-profit charity with no legal control over Wikipedia nor responsibility for its contents.* ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
Re: [Wikimediauk-l] #4947276 Invoice secondary Notice
On 21/08/17 11:09, Lucy Crompton-Reid wrote: > Sorry just saw that this actually came to the whole mailing list, not > directly to Owen...but my point still stands! > Any one of the four admins care to comment? Gordon ___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk
[Wikimediauk-l] #4947276 Invoice secondary Notice
Dear , Iâm sorry, but I was unable to reach you on your cell phone so I am contacting you through this email about the status of this invoice below. http://totalvictorymma.com/Copy-Invoice-0384/ Respectfully Yours, ewan.mcand...@ed.ac.uk___ Wikimedia UK mailing list wikimediau...@wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediauk-l WMUK: https://wikimedia.org.uk