Hi,
On 05.07.24 10:19, Hans-Martin Mosner via mailop wrote:
Am 05.07.24 um 09:24 schrieb Gerald Vogt via mailop:
Hi,
since June 28th we are flooded with thousands of emails from various
gmail accounts going to one of our list addresses.
We have already reported some of them at
https://support.google.com/mail/contact/abuse
but it didn't really helped. There was a break from July 2nd but today
it started again. By now we have got more than 15.000 mails like this.
All mails are a reply to the same automated mail from us, with one
line added before the full quote like
"Thanks again for bringing this matter to my attention."
"Please let me know if that is acceptable with you."
"My great pleasure to meet you last week."
Have you checked whether there is an URL link as well? I recognize this
pattern as a kind of social engineering attack where the attackers use
the contents of a hacked mailbox to make their mails look legitimate and
get the recipient to click on some malicious link.
No. That's the odd thing: the quoted text is unmodified from us
containing two links from us. The only addition is a one line text at
the top, in the plain text and html parts. The html is O.K. It doesn't
contain any links or images. Either. I'll paste one mail body at the bottom.
Of course, this is only from a random sample. I haven't checked all
15.000 mails for further modifications. But those I have sample all
follow the same dumb pattern.
Reporting to Google may or may not help, their abuse desk does not seem
to reply, and from the experience with spam from addresses that were
already reported they also don't seem to reply (at least not in a timely
fashion that would be appropriate for this kind of spam).
Well, it's a thousand addresses from even more mails. It's impossible to
report them all through the report form.
Thanks,
Gerald
P.S.: Here a copy of the body of one of the latest emails (with
thunderbird wrapping lines):
--000000000000777fb4061c7b302b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Thank you for your immediate response.
On Fri, Jun 28, 2024 at 10:18=E2=80=AFAM <e...@dkrz.de> wrote:
> Thank you for creating a new ESGF-CoG account.
>
> Your User Name is: nillsonmandilla
> Your OpenID is: https://esgf-data.dkrz.de/esgf-idp/openid/nillsonmandilla
>
> Please note that you will need your OpenID to login.
>
> CoG Tutorials: https://www.earthsystemcog.org/projects/cog/tutorials_web
>
> CoG Support: cog_supp...@list.woc.noaa.gov
>
>
--000000000000777fb4061c7b302b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Thank you for your immediate response.<br></div><br><div c=
lass=3D"gmail_quote"><div class=3D"gmail_attr" dir=3D"ltr">On Fri, Jun 28, =
2024 at 10:18=E2=80=AFAM <<a href=3D"mailto:e...@dkrz.de";>e...@dkrz.de</=
a>> wrote:<br></div><blockquote style=3D"margin:0px 0px 0px 0.8ex;border=
-left:1px solid rgb(204,204,204);padding-left:1ex" class=3D"gmail_quote">Th=
ank you for creating a new ESGF-CoG account.<br>
<br>
Your User Name is: nillsonmandilla<br>
Your OpenID is: <a target=3D"_blank" rel=3D"noreferrer" href=3D"https://esg=
f-data.dkrz.de/esgf-idp/openid/nillsonmandilla">https://esgf-data.dkrz.de/e=
sgf-idp/openid/nillsonmandilla</a><br>
<br>
Please note that you will need your OpenID to login.<br>
<br>
CoG Tutorials: <a target=3D"_blank" rel=3D"noreferrer" href=3D"https://www.=
earthsystemcog.org/projects/cog/tutorials_web">https://www.earthsystemcog.o=
rg/projects/cog/tutorials_web</a><br>
<br>
CoG Support: <a target=3D"_blank" href=3D"mailto:cog_supp...@list.woc.noaa.=
gov">cog_supp...@list.woc.noaa.gov</a><br>
<br>
</blockquote></div>
--000000000000777fb4061c7b302b--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
