Spam to plusnet-specific Email address.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: Spam to plusnet-specific Email address.
Re: Spam to plusnet-specific Email address.
15-11-2014 10:46 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
There are a lot of other email addresses including actual mailboxes on Plusnet that have received no spam whatsoever in spite of them being used.
So while I've seen a lot of these test messages, nothing I've seen points to a fresh leak on Plusnet.
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Re: Spam to plusnet-specific Email address.
15-11-2014 11:18 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: jelv So while I've seen a lot of these test messages, nothing I've seen points to a fresh leak on Plusnet.
THIS topic is regarding SPAM messages recently appearing in customer's mailboxes which were uniquely set up for only receiving communications from Plusnet, and DOES appear to be subject to a fresh leak.
The issue of widespead "Test mesage" emails is different from this topic, and is covered in the other forum topic "Strange test messages", and as you say looks to be the same old SPAM appearing in mailboxes which were harvested in the 2007 Plusnet hack, and from other hacks including the Adobe attack.
What seems apparent is that the compromised email addresses in THIS topic have come from the Plusnet accounts database, as the same users are NOT seeing the corresponding SPAM messages appearing in their other email mailboxes. This would suggest that the email database has NOT been harvested, but the customer account records where their contact information is stored has been harvested or leaked.
Re: Spam to plusnet-specific Email address.
15-11-2014 11:24 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Having seen reports to rogue applications which appear to function normally but actually harvest friends mobile numbers and email addresses it makes me wonder if this could be a cause.
Obviously if there has been a data leak then it needs identifying quickly.
Re: Spam to plusnet-specific Email address.
15-11-2014 11:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: DomS Do any of the customers affected access their emails on a mobile device ? I.e. iPhone / Android device / Windows Phone ?
Are you suggesting that Plusnet's lack of SSL encryption on their email platform could allow customers email addresses to be sent as plain text over wireless networks and potentially harvested when using a public WiFi hotspot when accessed via a mobile device?.
Perhaps someone should start a new topic about that (AGAIN !).
To answer your question, no I have NEVER accessed the affected mailbox using a mobile device, AND in my case the mailbox in question is hosted on a secure email platform WITH SSL encryption and is NOT controlled in any way by Plusnet - other than my Plusnet account has the mailbox listed as my primary Plusnet contact email address.
Re: Spam to plusnet-specific Email address.
15-11-2014 11:59 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: purleigh To answer your question, no I have NEVER accessed the affected mailbox using a mobile device,
I see your point on the previous rant
One more possibility to tick off on the compromised application theory then
Re: Spam to plusnet-specific Email address.
15-11-2014 12:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
In addition to the insecure mobile theory, can also categorically say that my mailbox has never been accessed using any device with an insecure or vulnerable Operating System such as Microsoft Windows !.
Re: Spam to plusnet-specific Email address.
15-11-2014 3:59 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I only ever recieve 1 mail a month from Plusnet advising billing unless there is a support issue when it is also used.
I can't see any other obvious way for the address to have been obtained other than by hacking Plusnet systems or a rouge employee.
If it was only my address I might be inclined to believe that it had been obtained by interception via the ISP that I host my domains with but none of the other addresses that I use on a daily basis for recieving and sending dozens of emails has been affected so I think that very unlikely.
My broadband has today coincidentally(?) stopped working and is apparently a disconnect in the exchange on the phone line according to the diagnostics run by Plusnet support, despite the fact that the phone both makes and recieves calls perfectly.
As I am on FTTC this seems a bizzare diagnosis.
Dear old Openreach have consented to drag their bones to the exchange to investigate next Wednesday.
Meantime my 3G router/modem is working quite well - just as well really.
Happy days!
Re: Spam to plusnet-specific Email address.
15-11-2014 4:31 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
16-11-2014 1:56 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: purleigh To answer your question, no I have NEVER accessed the affected mailbox using a mobile device, AND in my case the mailbox in question is hosted on a secure email platform WITH SSL encryption and is NOT controlled in any way by Plusnet - other than my Plusnet account has the mailbox listed as my primary Plusnet contact email address.
I've got an idea of a possible source of the 'leak', can you check the headers of the messages you receive FROM Plusnet to your PN specific address and see if they pass through their spam filters?
My idea is that cloudfront (or whoever is doing the spam-scanning for PN these days) has had the breach and is keeping lists of the addresses that it sees pass through their devices and they've not a) noticed or b) notified their clients or c) have notified their clients under a NDA.
Just a wild theory, that may or may not be eluded to on the presence of cloudfront's headers in PN's outgoing mails.
Re: Spam to plusnet-specific Email address.
16-11-2014 10:03 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
However one sent on 17/07/14 about changes to phone packages comes from "mx1.bt-plusnet.trclient.com"
Googling "trclient.com" doesn't fill me with a lot of confidence about them especially when following a link to them causes Firefox to throw a wobbly about the sites security certificate!
Re: Spam to plusnet-specific Email address.
16-11-2014 10:30 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Firstly on my Plusnet email settings I have SPAM filtering disabled, as I prefer to do it myself and I don't like the idea of -
[quote=Member Centre / My Account / Manage My Mail / Spam]With spam filtering turned on, emails sent from mailservers with a bad SenderBase reputation will be rejected and bounced back to the sender. Emails that pass this first check are scanned and given a spam rating. What happens then depends on the settings which follow.
Looking at the received headers (from Plusnet billing emails) for the affected email address (hosted elsewhere with an independently registered domain), I can see no trace of any filtering results being added before the message was received at my email hosting provider.
However this now gets a little more complicated !
Looking at the email headers, what actually happens to billing emails, is that two copies of the emails are sent -
- The email is actually sent "To:" the Plusnet account's default email address - i.e. <username@username.plus.net>
- and also by "Cc:" so a copy is sent to the specified email address held on the account
Unfortunately this means that both emails contain the other target emails address - so there is a potential vulnerability there !.
Looking at the other copy of the same Plusnet billing emails sent to the <username@username.plus.net> mailbox, there is nothing obvious that looks (to me) like Cloudfront, but there are these lines -
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=O8i3vXNW c=1 sm=1 tr=0
a=WPTklmkeA0lf4ztKFIiyww==:117 a=0Bzu9jTXAAAA:8 a=7HIFeAphMSMA:10
a=mrHjP8x4AAAA:8 a=lwZ3Ad6_j2Gb7XwZnmMA:9 a=PWqJf_0N3X8Ey6Cz:21
a=oZAOq0xajU3HTwh8:21 a=pn7XOFuvdOUA:10
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
The other thing that I have noticed, is that despite receiving two copies of billing emails to different mailboxes, that I am only receiving these SPAM emails to my independent email address named in my Plusnet account, but NOT to the default Plusnet email address !.
Since I last posted in this topic I have received another SPAM email to my named email address -
Quote Subject: 20/20 Vision Can Be Yours. Learn More - News
From: "ClinicCompare News" <news@liveuknews.co.uk>
So the fact remains, that those of us reporting this problem, we are receiving SPAM messages only to the email address specified in our Plusnet account settings, to unique email address mailboxes on differing email hosts, that have been specifically set up to only be used to receive Plusnet billing messages.
If someone has hacked or leaked our account settings to get these very specific email addresses, then what else has been stolen ?
Does someone now have our home addresses, phone numbers, credit card details, account passwords ?
Why has Plusnet not made a statement about this ?
There may be major security implications for all customers if our details have been stolen.
This was reported three days ago, and nothing seems to have been done other than Bob looking at some headers two days ago.
Is anyone working on this NOW ?
Re: Spam to plusnet-specific Email address.
16-11-2014 3:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
17-11-2014 7:47 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I just received the "EcoExperts news"
Re: Spam to plusnet-specific Email address.
17-11-2014 7:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
17-11-2014 8:24 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote From: "EcoExperts News" <news@liveuknews.co.uk>
Subject: 50% cut from your energy bills - news
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: Spam to plusnet-specific Email address.