Hi Gary,

I think your email has been compromised.Â* Today I received in my spam
folder a message purported to be from you at aerospace-welding.com and
some other odd email address with an attached invoice.doc file.Â* I
deleted it without opening since we've not done business together.

Just getting the word out.
--
Dan, 5J

For everyone, thanks for the heads up.....I am always wary of stuff coming in (with attachments.....I may have $10,000,000US waiting for me.....LOL...) that I don't believe is valid.....

On Mon, 28 Jan 2019 09:28:24 -0800, Charlie M. (UH & 002 owner/pilot)
wrote:

> For everyone, thanks for the heads up.....I am always wary of stuff
> coming in (with attachments.....I may have $10,000,000US waiting for
> me.....LOL...) that I don't believe is valid.....

There's a lot of spam around at present, apparently sent by friends, but
the clue is that though the name in front of the '@' may match the
visible name, the domain name (after the '@') will be entirely different
from the friend's e-mail address.

There are two things you should do:

- if your mail reader only shows the sender's name, change its
preferences to also show the sender's e-mail address

- if your mail reader has 'Preview' turned on, TURN IT OFF.

Preview shows you the text and attached photos in an email before you
open it. This is dangerous because to display the email it has to open
attachments to show them to you. If any of these attachments are
javascript or malware they will be run without giving you the chance to
realise that this message is NOT from your friend and may be harmful.

According to 'Have I been Pwned?' https://haveibeenpwned.com/ the current
spam shower has happened because 773 million e-mail addresses, snarfed up
from a number of data breaches, were recently combined and published
earlier this month as "Collection 1" for the benefit of spammers and scam
artists. Many of the addresses were published along with the passwords
they used to log in to the compromised sites. More details are here:

https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

Lastly, you may want to configure your mail reader to show you the plain
text version of the e-mail rather than the HTML (web formatted) version.
Looking at the plain text is always safe unless you click on anything in
it, while the HTML version will be processed to show you the pretty
pictures etc and as well as showing you pictures, bad spam may be
silently fetching malware from the sender's site and installing it on
your computer.

I've had my mail reader set to 'plain text only' by default since 2000
and certain that's saved my systems from infection at few times.


--
Martin | martin at
Gregorie | gregorie dot org

On Monday, January 28, 2019 at 9:12:24 AM UTC-7, Dan Marotta wrote:
> Hi Gary,
>
> I think your email has been compromised.Â* Today I received in my spam
> folder a message purported to be from you at aerospace-welding.com and
> some other odd email address with an attached invoice.doc file.Â* I
> deleted it without opening since we've not done business together.
>
> Just getting the word out.
> --
> Dan, 5J

A couple time I received a strange email that said it was from Tom Knauff -
it said to buy a gift card, etc. - basically asking for money - I deleted it
and informed Tom that someone maybe has hacked his email -

Terrific Martin. A service to RAS. Thank you

On Monday, January 28, 2019 at 1:04:52 PM UTC-5, Martin Gregorie wrote:
> On Mon, 28 Jan 2019 09:28:24 -0800, Charlie M. (UH & 002 owner/pilot)
> wrote:
>
> > For everyone, thanks for the heads up.....I am always wary of stuff
> > coming in (with attachments.....I may have $10,000,000US waiting for
> > me.....LOL...) that I don't believe is valid.....
>
> There's a lot of spam around at present, apparently sent by friends, but
> the clue is that though the name in front of the '@' may match the
> visible name, the domain name (after the '@') will be entirely different
> from the friend's e-mail address.
>
> There are two things you should do:
>
> - if your mail reader only shows the sender's name, change its
> preferences to also show the sender's e-mail address
>
> - if your mail reader has 'Preview' turned on, TURN IT OFF.
>
> Preview shows you the text and attached photos in an email before you
> open it. This is dangerous because to display the email it has to open
> attachments to show them to you. If any of these attachments are
> javascript or malware they will be run without giving you the chance to
> realise that this message is NOT from your friend and may be harmful.
>
> According to 'Have I been Pwned?' https://haveibeenpwned.com/ the current
> spam shower has happened because 773 million e-mail addresses, snarfed up
> from a number of data breaches, were recently combined and published
> earlier this month as "Collection 1" for the benefit of spammers and scam
> artists. Many of the addresses were published along with the passwords
> they used to log in to the compromised sites. More details are here:
>
> https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/
>
> Lastly, you may want to configure your mail reader to show you the plain
> text version of the e-mail rather than the HTML (web formatted) version.
> Looking at the plain text is always safe unless you click on anything in
> it, while the HTML version will be processed to show you the pretty
> pictures etc and as well as showing you pictures, bad spam may be
> silently fetching malware from the sender's site and installing it on
> your computer.
>
> I've had my mail reader set to 'plain text only' by default since 2000
> and certain that's saved my systems from infection at few times.
>
>
> --
> Martin | martin at
> Gregorie | gregorie dot org

Thanks Martin. I would add that often spam DOES come LOOKING LIKE it came from an email address of a friend. (The apparent "from:" address is trivial to spoof.) That does not mean that that friend "has been hacked". It only means that your email address and the friend's email address are known to the spammer to be related (thus the expectation that you'd be more likely to fall for the ruse). That information can be harvested from the contents of the emailbox of a third party, whether from hacking a personal computer or a central server.

On Monday, January 28, 2019 at 9:12:24 AM UTC-7, Dan Marotta wrote:
> Hi Gary,
>
> I think your email has been compromised.Â* Today I received in my spam
> folder a message purported to be from you at aerospace-welding.com and
> some other odd email address with an attached invoice.doc file.Â* I
> deleted it without opening since we've not done business together.
>
> Just getting the word out.
> --
> Dan, 5J

I've been receiving emails from "Apple ID" stating that my account has been locked due to suspicious activity, and wanting me to log in to "verify" my account. This is obviously a phishing scam. Beware!

On Monday, January 28, 2019 at 12:15:48 PM UTC-7, John Foster wrote:
> On Monday, January 28, 2019 at 9:12:24 AM UTC-7, Dan Marotta wrote:
> > Hi Gary,
> >
> > I think your email has been compromised.Â* Today I received in my spam
> > folder a message purported to be from you at aerospace-welding.com and
> > some other odd email address with an attached invoice.doc file.Â* I
> > deleted it without opening since we've not done business together.
> >
> > Just getting the word out.
> > --
> > Dan, 5J
>
> I've been receiving emails from "Apple ID" stating that my account has been locked due to suspicious activity, and wanting me to log in to "verify" my account. This is obviously a phishing scam. Beware!

Another one I've been getting is from "Apple Payment" wanting me to "confirm my order" when no order has been placed.

I go by, "when in doubt, verify directly".
Do NOT click links.
Do NOT reply.

Contact the sender (if you think valid) and ask.
If you think wrong, most browsers allow you to click the sender link to see if it seems OK.
If so, then find a correct email support address (online) and send an email with a question on why you got an email.

Those emails are so common I am surprised anyone is still bothered by them. On the other hand, I hate seeing names as the subject line of posts and emails, as more often than not, it is bad news. Glad the only concern with Gary is his email account (which may or may not have been compromised).

Ramy