Monday, January 19, 2009

Spammers in Gmail

I recently got an email from my brother. It reads as follows:

Dear sir/madam,
We are an international electronic company. sell high quality low price
products, like IPOD, laptop, LCD TV, camera, mobile and so on. Welcome to visit
them, please visit our Web site:{redacted}
Online MSN/Mail:redacted disturb your precious time understanding. Best
wishes


My brother may be in Germany at the moment, but his English is much better than that. It was pretty clear his account had been spoofed as the reply to address.

Or was it? I took a look at the headers, and I was surprised to see that Gmail reckoned it had been sent by gmail.com. This is the whole domain-keys thing which is meant to prevent spam; surely it couldn't have been spoofed?

As it turns out, it wasn't. My brother found out that somebody in China (or at least whose IP address, 115.49.89.238, resolved back to China) had logged into his account and had sent the email to his address book. Somehow they had gotten his password; we're not sure how yet.

I've gotten him to run an antivirus scan with AVG and Avast, and an anti-spyware scan. Nothing has turned up on his laptop, so I can only assume he was caught on somebody else's machine.

The moral of the story is be careful where you log into your email from. It's altogether too easy to be blasé about it and assume that nobody could possibly be interested in your email, but my brother's case shows that anybody can be targetted.

And, the most important thing: change your password regularly, and don't reuse it for different sites.

1 comment:

Anonymous said...

Why didn't they change his password first? At least they didn't claim he was being held hostage and needed money.