cancel
Showing results for 
Search instead for 
Did you mean: 

Spam to plusnet-specific Email address.

aich
Dabbler
Posts: 15
Registered: ‎31-03-2011

Re: Spam to plusnet-specific Email address.

For the record I also got the  "EcoExperts News" one yesterday.
Community Veteran
Posts: 19,107
Thanks: 450
Fixes: 21
Registered: ‎31-08-2007

Re: Spam to plusnet-specific Email address.

My "Advance notice of your Direct Debit payment" email has this in the headers -
Received: from avasout05.plus.net ([212.159.9.108])
by avasin08.plus.net with Plusnet Cloudmark Gateway
id GVqo1p0022KrXh801Vqwya; Mon, 17 Nov 2014 05:50:56 +0000
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=Mpbc6gqe c=1 sm=1 tr=0
a=fS+5Zzvk6gANdtf7AAd0ug==:117 a=WPTklmkeA0lf4ztKFIiyww==:17 a=0Bzu9jTXAAAA:8
a=7HIFeAphMSMA:10 a=KHeHGimUAoAKc9PjO_IA:9 a=1HBN-GZUpTBaVCB_:21
a=nf6QWtfKtV0T3MW5:21 a=pn7XOFuvdOUA:10
The only difference between the above (sent to the primary default address for the account) and the one sent to the cc. address is that the id (3rd line above) ends in 'b' instead of 'a'.
Chris
Legend
Posts: 17,723
Thanks: 598
Fixes: 168
Registered: ‎05-04-2007

Re: Spam to plusnet-specific Email address.

We're continuing to investigate this issue following concerns raised from a few of our customers. We will get back to you with a further update once we have finished investigating what may have caused this. For anyone who is seeing more generic spam, further information about preventing spam can be found in our guide here.
If this post resolved your issue please click the 'This fixed my problem' button

Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
Community Veteran
Posts: 19,107
Thanks: 450
Fixes: 21
Registered: ‎31-08-2007

Re: Spam to plusnet-specific Email address.

burble
Dabbler
Posts: 15
Registered: ‎20-03-2014

Re: Spam to plusnet-specific Email address.

Fwiw, I have also been seeing spam to an address only plusnet knows (on an external domain), again from liveuknews co uk. My address was in use in 2007, but hasn't seen spam before a few days ago.
poshrat
Dabbler
Posts: 10
Registered: ‎24-12-2012

Re: Spam to plusnet-specific Email address.

Well as one of the first to raise this issue via online ticket and being prepared to be patient while PlusNet go over the data we sent them I decided to do what you are not supposed to do  Cheesy

The spam emails I received had an unsubscribe link.
On investigation opening cardnews.co.uk in a browser just SQL errors.
Opening livenews.co.uk ends up at E-Market Labs.
Now for the "your are not supposed to do" bit.
In both spam Emails I clicked unsubscribe.
cardnews.co.uk responded:
UNSUBSCRIBE
Please enter the verification code below to unsubscribe ********@*****.co.uk:
Verification code: 7b8d5980be42759120676aa00580277c
Enter the verification code here:
liveuknews.co.uk responded:
UNSUBSCRIBE
Please enter the verification code below to unsubscribe  ********@*****.co.uk
Verification code: a0f7eef880ad01cce96798836f221ebd
Enter the verification code here:

So from the two identical format responses I'm pretty sure we can assume that
E-Markets Labs are the source for cardnews and liveuknews.
Maybe PlusNet should could ask E-Market where they got the email addresses from?

Also to my surprise since I unsubscribed I've had NO FURTHER SPAM!!!!!!!!
If this continues to be true then one might be able to conclude that only E-Market have the targeted Email addresses.  This is minor good news as it will mean that we all don't have to change our registered email addresses with PlusNet.  Of course it could just be that E-Market are the early birds.  Only time will tell.

Community Veteran
Posts: 5,569
Thanks: 349
Fixes: 5
Registered: ‎11-08-2007

Re: Spam to plusnet-specific Email address.

Just received three more !  Angry
Quote
From: "Fantastic discounts" <news@liveuknews.co.uk>
Subject: Wowcher

Quote
From: "Eco News" <news@newsnationals.net>
Subject: 50% drop in your energy bills - newsletter

Quote
From: "Clinic News" <news@newsnationals.net>
Subject: 20/20 Vision Should Be Yours - Newsletter

Angry    Angry    Angry
Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.4.4-p3 router, 5 WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT
poshrat
Dabbler
Posts: 10
Registered: ‎24-12-2012

Re: Spam to plusnet-specific Email address.

And going to newsnational.net I get the same SQL error page as going to cardnews.co.uk.

I bet (hope) that if you hit the unsubscribe (this is your choice and not a recommendation) you will get the same unsubscribe responses I posted earlier.

PN will/should be monitoring this thread so they can and this latest info and follow-up accordingly.
burble
Dabbler
Posts: 15
Registered: ‎20-03-2014

Re: Spam to plusnet-specific Email address.

If the address is compromised and you can shut it down, arguably not much harm trying to unsubscribe.
Have spoken with a friend who signed up after 2007; he hasn't seen any spam to his gmail address, so perhaps it is from that old hack?
Just seems bizarre that our addresses would be floating around out there for 7 years before they got added to a list.
Community Veteran
Posts: 5,569
Thanks: 349
Fixes: 5
Registered: ‎11-08-2007

Re: Spam to plusnet-specific Email address.

That isn't the case for me.
This week is my 15th year anniversary with Plusnet.   Shocked
My Plusnet email-mailboxes and email-redirects WERE harvested in the 2007 hack, and I continue to receive a considerable volume of SPAM messages daily to ALL those stolen email addresses.
Regarding the email address that is the subject of interest in this topic, that domain name was created approximately a year AFTER the 2007 hack, and the domain and email servers have been independently hosted from the start.  Unfortunately I can't remember when I created the unique email-address that is only used for Plusnet account information, but I would guess between late 2008 and 2010.
The SPAM messages that I am now getting to this specific Plusnet account only email-address,  ARE NOT also appearing in any of the 2007 hacked email addresses, or being picked up in the catch-all mailboxes of my other independently hosted domains and email addresses.
HOWEVER I have now received a couple of these new SPAM messages to the email address that I would have been using on my Plusnet account BEFORE I changed it to the current unique account address.  Because this older email address was used for general email (and wasn't specific to my Plusnet account - but was previously listed as my Plusnet account email address) and receives daily SPAM, I wouldn't and hadn't noticed anything unusual about receiving this latest SPAM to that mailbox.
The fact remains that these new SPAM messages are appearing in a unique mailbox that has ONLY ever been given to Plusnet, and some of the same SPAM messages are also appearing in a mailbox which was my previous Plusnet account contact, and these SPAM messages have NOT appeared ANYWHERE else.
Conclusion, either our our Plusnet billing accounts (but not the email platform) have been hacked, or Plusnet (or an employee) has given/sold our Plusnet account email addresses to someone who is now using that information to send out SPAM messages.  In either case, what other personal information has been leaked ?
Sad
Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.4.4-p3 router, 5 WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT
Razorback
Grafter
Posts: 208
Registered: ‎08-08-2014

Re: Spam to plusnet-specific Email address.

I have just received a "test message" to my work email which has no link to PN. Looking at other posts on the matter elsewhere it would appear that this is a much wider issue of which PN addresses may be just a small part.
Just checked the email again I received it because I was part of an internal mailing list at my company.
aich
Dabbler
Posts: 15
Registered: ‎31-03-2011

Re: Spam to plusnet-specific Email address.

As I have mentioned above the unique address I use for Plusnet was only created in 2010 when I joined Plusnet, so it's almost certainly not anything to do with the 2007 hack.
My domains are hosted elsewhere and the address receiving the spam is the only one recieving this particular spam.
I have an address that was registered with Adobe when they were (in)famously hacked, which I still receive some spam on and another which was registered with an Australian company Rode Microphones which likewise recieves some.
Neither have recieved any of the same spam as this Plusnet registered address.
With regard to unsubscribing as mentioned further up - I would strongly suggest not responding in ANY way to the spam emails as "liveuknews.co.uk" was only registered on the 11th November and has un-validated contact details for the domain registrant.
I have raised my concerns about this with Nominet - the UK Domain registry, but unless there is clear eveidence of criminal activity they cannot do anything about canceling the domain.
Here is the whois results for "liveuknews.co.uk" from Nominet :
Domain name:
    liveuknews.co.uk

Registrant:
    Gamer SEO

Registrant type:
    Other Non-UK Entity (e.g. clubs, associations, many universities)

Registrant's address:
    237 South Delsea Drive
    Suite 302
    Vineland
    NJ
    08360
    United States

Data validation:
    Registrant contact details awaiting validation

Registrar:
    eNom, Inc. [Tag = ENOM]
    URL: http://www.enom.com

Relevant dates:
    Registered on: 11-Nov-2014
    Expiry date:  11-Nov-2015
    Last updated:  11-Nov-2014

Registration status:
    Registered until expiry date.

Name servers:
    ns1.liveuknews.co.uk      192.241.79.2
    ns2.liveuknews.co.uk      192.241.79.2

WHOIS lookup made at 09:11:01 19-Nov-2014

--
This WHOIS information is provided for free by Nominet UK the central registry
for .uk domain names. This information and the .uk WHOIS are:

Copyright Nominet UK 1996 - 2014.


I imagine (hope) that Plusnet are already looking into this "company" as they appear to be the source of the spam so far.
burble
Dabbler
Posts: 15
Registered: ‎20-03-2014

Re: Spam to plusnet-specific Email address.

Ah, sorry - seemed unlikely it was the 2007 hack, should have read more carefully and would have known that wasn't the problem.
That domain's essentially anonymous - registered when the spam started, and Suite 302, 237 South Delsea Drive looks like a UPS store post box.
Certainly seems that plusnet's database has been compromised in some way.
aich
Dabbler
Posts: 15
Registered: ‎31-03-2011

Re: Spam to plusnet-specific Email address.

So for the latest SPAM they have switched to another domain "ukbrandnews.co.uk". Checking on Nominet it was registered at the same time as "liveuknews.co.uk" on 11th November with the same un-validated details in the US.
The US based registrar  "enom.com" who registered these names are listed as the number 1 registrar of spam originating domains by URIBL see: http://rss.uribl.com/nic/
Nominet are completely uninterested and claim they cannot cancel a domain as they have no control of the purpose of its use. I pointed out that Registrant details are supposed to be accurate but they said it's down to "enom.com" (the registrar) to sort it out!
Basically although the sending of SPAM is illegal both in the EU and the US apparently the UK Domain Register have no control of the use of .co.uk domain names even if being used for illegal purposes!
I give up.
However there is still the issue of how our email addresses were obtained.
I would still like to know why Plusnet saw fit (as apparently did BT) to use a third party marketing service such as "trclient.com" (apparently owned by Traction Digital an Australian marketing company) to send out details about phone service changes in July this year.
This would seem to me to be a possible source of email harvesting?
Community Veteran
Posts: 5,569
Thanks: 349
Fixes: 5
Registered: ‎11-08-2007

Re: Spam to plusnet-specific Email address.

Today I received this message to my Plusnet account mailbox -
Quote
From: "Fantastic discounts" <news@ukbrandnews.co.uk>
Subject: Winter news - Up to 80% off your items

Angry
Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.4.4-p3 router, 5 WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT