Are you or they on Yahoo or have any of you ever been ? Its not much to do with Iphones as far as I can tell. They are probably one of the most secure portable devices there are. Look at the actual email addresses used though, as often you will find them different. Not a new problem. Brian
First have at the full message headers of spoofed email. That will tell you if it actually came from her mail system or an unrelated one. Look for a SPF record in the header as well, and see what status is attached to it (e.g. "Pass" or "Soft fail").
At some point, possibly a decade ago or more, somebody got their mail hacked. Might have been you, them, or anyone you corresponded with. They hoovered up the addressbook and any correspondances (eg if you sent a mail to Fred CC daughter, then Fred's account knows you both and knows that you know each other).
They then send out messages purporting to be from someone you might know. The illusion will likely fall apart if they try to write text (because it's quite likely they won't sound like Fred), so they just send a URL and hope someone is gullible to click on it.
(I'd guess the URL would forward to a fake Gmail/Yahoo/Outlook/etc login page, in the hope of snaffling your email credentials)
Not a lot you can do about it, except change email addresses and maybe blackhole mail claiming to come from the old one.
Very unlikely to be their end infected. The iphone is very very difficult to infect because of the walled garden approach to apps only being able to see what you allow them to see.
Of course its possible they have allowed an app to have access to their contacts and that's how its happening.
Ask them if others get a similar result after contacting them.
I just mark these as spam and move on. A couple of times a year I get one from someone who died five years ago. Usually, the part before the @ is correct but the part after could be anything.
I have yet to find my way around T bird headers. This might be the incentive. They display marked as probable junk but I would check anyway because of the lack of content.
Yes this is a historic problem. Nearly everyone who used Yahoo mail in the online way, rather than using a client and has done it for some years seems to have been hacked partially, ie they know who certain email addresses were associated with from the address books hacked. I regularly see their names but filter them via incorrect email addresses in the line with the right name. Normally they are of the type. I'm sorry to contact you but I've had my card stolen and am in (insert place name here) and wondered if you could give me some money, Or it might be, Hey found this great site, then they put a graphic of the innocent looking site obscuring the address of the one with the malware on it. The latter never works for me as the graphic is not 'read' for obvious reasons. Brian
Well most devices these days can be set up so that you are informed when email is being sent. Even way back in the Outlook Express days as I still am, you can set a flag to let you know when something tries to send email behind the scenes. Many pcs particularly get themselves boted, but greylisting has actually stopped a lot of that. The server always rejects the first attempt to send the email, hoping that the botted machine just sends the lot fast to avoid detection, hence they all get rejected, but a proper email from your own client will retry. Brian
You need to selectively read the things, even the from line can be very interesting if you compare it to the one you see on a good valid message. Normally the email client is also listed which can be a give away straight away. Brian
Yes well, I think a sensible approach to what you let have access to your address book is in order. I know for example that in order to use the amazon echo devices to make calls you need to allow it to have access to the mobiles address book. I have yet to see any problems from this. The main things I do see with mobiles are the location services being used to try to get you to go to shops etc. The Tile App does this on its free to use app, but of course you can ignore them or turn off location services sharing so it only works when you want to find something. There is no such thing as a free lunch, and to be fair they do tell you in their voluminous terms and conditions which nobody reads of course!
There are a lot of things to be wary of out there, never post pictures unedited to facebook while on holiday, as unless you are careful they reveal where you are and what time you were there in the metadata, allowing the canny crook to go and do over your home address while you are away. Brian
Past em here or email them to me, and I can probably get you a bit more info - like where it came from, whether its using a compromise account or just spoofing etc.
(we only need the headers - you can snip the actual body, and react any real mail addresses etc)
In message <JbmbviXdcKAeFwj+@marfordfarm.demon.co.uk>, Tim Lamb snipped-for-privacy@marfordfarm.demon.co.uk> writes
Try this:-
From - Mon Dec 9 08:05:17 2019 X-Account-Key: account4 X-UIDL: 21366 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Received: from LO2P265MB1421.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:5a::14) by CWLP265MB0962.GBRP265.PROD.OUTLOOK.COM with HTTPS via CWLP265CA0338.GBRP265.PROD.OUTLOOK.COM; Mon, 9 Dec 2019 03:24:06 +0000 Received: from LO2P265CA0401.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::29) by LO2P265MB1421.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:94::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.14; Mon, 9 Dec 2019 03:24:06 +0000 Received: from AM5EUR02FT010.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e1e::202) by LO2P265CA0401.outlook.office365.com (2603:10a6:600:f::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2516.14 via Frontend Transport; Mon, 9 Dec 2019 03:24:06 +0000 Authentication-Results: spf=none (sender IP is 118.97.118.130) smtp.mailfrom=onigiri.co.id; marfordfarm.demon.co.uk; dkim=none (message not signed) header.d=none;marfordfarm.demon.co.uk; dmarc=none action=none header.from=onigiri.co.id;compauth=fail reason=001 Received-SPF: None (protection.outlook.com: onigiri.co.id does not designate permitted sender hosts) Received: from mx5-siagan-mbaru-g12-itu.indomaguro.co.id (118.97.118.130) by AM5EUR02FT010.mail.protection.outlook.com (10.152.8.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2495.18 via Frontend Transport; Mon, 9 Dec 2019 03:24:05 +0000 Received: from localhost (localhost [127.0.0.1]) by mx5-siagan-mbaru-g12-itu.indomaguro.co.id (Postfix) with ESMTP id 7BC5A12256D for snipped-for-privacy@marfordfarm.demon.co.uk>; Mon, 9 Dec 2019 10:19:11
+0700 (WIB) Received: from mx5-siagan-mbaru-g12-itu.indomaguro.co.id ([127.0.0.1]) by localhost (mx5-siagan-mbaru-g12-itu.indomaguro.co.id [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id Wns20PcwSrH6 for snipped-for-privacy@marfordfarm.demon.co.uk>; Mon, 9 Dec 2019 10:19:11 +0700 (WIB) Received: from localhost (localhost [127.0.0.1]) by mx5-siagan-mbaru-g12-itu.indomaguro.co.id (Postfix) with ESMTP id 1C03012256B for snipped-for-privacy@marfordfarm.demon.co.uk>; Mon, 9 Dec 2019 10:19:11
+0700 (WIB) X-Virus-Scanned: amavisd-new at mx5-siagan-mbaru-g12-itu.indomaguro.co.id Received: from mx5-siagan-mbaru-g12-itu.indomaguro.co.id ([127.0.0.1]) by localhost (mx5-siagan-mbaru-g12-itu.indomaguro.co.id [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id EwNacX-0Qg_V for snipped-for-privacy@marfordfarm.demon.co.uk>; Mon, 9 Dec 2019 10:19:11 +0700 (WIB) Received: from sp.onigiri.co.id (unknown [191.55.76.13]) by mx5-siagan-mbaru-g12-itu.indomaguro.co.id (Postfix) with ESMTPA id ED7FB122570 for snipped-for-privacy@marfordfarm.demon.co.uk>; Mon, 9 Dec 2019 10:19:09
+0700 (WIB) From: "Hannah Lamb" snipped-for-privacy@onigiri.co.id>
To: "Pa" snipped-for-privacy@marfordfarm.demon.co.uk>
Reply-To: "Hannah Lamb" snipped-for-privacy@yahoo.com Subject: Hello Pa Thread-Index: Ky1lejU1cXY1d20uOWU3Ki51eTZmMQ== Date: Mon, 9 Dec 2019 06:23:31 +0300 Message-Id: snipped-for-privacy@HU0US2NY2HF3HH7.namprd.prod.o utlook.com>
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.