rstra
Grand Master

Is anyone else getting multiple spam mail, probably 2 dozen today, from senders spoofing Shoppers Drug Mart, Walmart and Amazon? I have the the Shaw spam filters on, but they aren’t catching these emails. I go into webmail and mark them as spam, I hope that helps.

Labels (1)
1 Solution

Accepted Solutions
Jump to solution

We have another thread open regarding this issue. I'm cur...

shaw-tony
Moderator
Moderator

@cbmetzner @Oceansidegal @esham @BrutusB @dblinney @bkushner 

We have another thread open regarding this issue. I'm currently engaged with our email team regarding this matter and will report updates on our main thread here.

View solution in original post

0 Kudos
Reply
Loading...
26 Replies
Jump to solution

Yep, both of my accounts are getting hit hard by it as we...

cbmetzner
Grasshopper

Yep, both of my accounts are getting hit hard by it as well.  I reported it and marked it all as spam so we will see if it helps.  My Shaw email is one of the ones I DON'T give out because I don't want it to get inundated with Spam and it has been really clean up until the last 48 hours... 

Reply
Loading...
Jump to solution

-- so far, I have received 14 of such messages, originati...

mdk
Grand Master

@rstra -- so far, I have received 14 of such messages, originating from several IP-addresses.

I sent a copy of one message, with full E-mail headers, to abuse@microsoft.com because the sending IP-address is allocated to Microsoft.

The repliy stated that the sending IP-address belongs to their Microsoft Azure cloud service, and they recommended that I send similar messages directly to: cert@microsoft.com

The hyperlink in the body of the E-mail points to a web-site that "redirects" to another web-site.

That second web-site (in Russia) redirects to the spammer's content.

Note that the body of the E-mail contains some invalid HTML markup, and that the spammer incorrectly spells "height" as "hight".

The text at the bottom of the body is in Swedish. It states that a person at the National Theater of Sweden is a well-known Shakespearean actor. 

Uff da!

 

 

0 Kudos
Reply
Loading...
Jump to solution

I'm on sasktel.net as I'm using Sasktel internet,  yes la...

cpmrich36
Grasshopper

I'm on sasktel.net as I'm using Sasktel internet,  yes last few days.  I'm getting these emails as well.  It really ticks me off that they trying to find a loophole.   me too i marked them as spam and sent them to complaint.abuse@sasktel.net as well.  

0 Kudos
Reply
Loading...
Jump to solution

I have contacted: Klaus Wolf IT-Service Thomas Wolf Eckhe...

mdk
Grand Master

I have contacted:

Klaus Wolf IT-Service
Thomas Wolf
Eckherrstraße 10a
85737 Ismaning

Telefon : 08996208621
E-Mail : Info@twcmail.de
Website : http://twcmail.de

to inform them that a page on their web-site is being leveraged by the spammer(s).

If the web-page is removed, then clicking on the hyperlink in the spammer's message (a naïve thing to do!) will give an error-message.

Or, if the web-page is modified, a web-page stating "you should not have clicked on the spammer's hyperlink" could appear. Or, the page could redirect to: https://apwg.org -- the Anti-Phishing Working Group

 

 

0 Kudos
Reply
Loading...
Jump to solution

Still getting them from CBD gummies, amazon, shoppers, ke...

Oceansidegal
Grasshopper

Still getting them from CBD gummies, amazon, shoppers, keto and walmart.  I set up filters to prevent those with ' and __ in the subject line as that's how they change it up to get in to your inbox.  Why is this happening at an alarming rate - so many lately?

Reply
Loading...
Jump to solution

--  Why is this happening at an alarming rate - so many l...

mdk
Grand Master

@Oceansidegal --  Why is this happening at an alarming rate - so many lately?

That is a question that you need to pose to the spammer(s), if you can locate them, and ask them why they came out of "hibernation". Their probable answer "we are being paid to spam you".

Deliberately, their unique IP-address never appears in the E-mail "headers". This makes it much more difficult to track them.

Much of the current "wave" of spam E-mail comes from servers operated by "AMAZON AWS" -- a pay-as-you-go service. Obviously, spammers do not care about Amazon's "Appropriate Usage Policy" within the contract that they signed, to "rent" services from Amazon.

The spammers are putting their images, and their web-pages, on other "legitimate" web-servers that are being exploited.

Most of the "spam" messages that I have recently received have:  Reply-to: support@puredigitalprods.com

within the E-mail headers. I recommend that you add a spam-filter for this domain-name -- puredigitalprods.com

when present in the "headers" of the E-mail.

This domain-name was only recently registered:

   Registrar WHOIS Server: whois.porkbun.com

   Registrar URL: http://porkbun.com

   Registrar: Porkbun LLC

   Registrar Abuse Contact Email: abuse@porkbun.com

   Registrar Abuse Contact Phone: 503-850-8351 [this area-code is in the area of Portland, Oregon]

   Creation Date: 2020-12-04T00:44:27Z  

   Updated Date: 2020-12-04T00:44:27Z

   Expiry Date: 2021-12-04T00:44:27Z

Note that this Registrar _only_ assisted in the registration of the domain-name. Probably, they are not "hosting" any services (such as web-site or mail-server) for the domain-name.  In other words, this company also is a victim of the spammer(s).

 

0 Kudos
Reply
Loading...
Jump to solution

So is that it? I need to find out why spammers spam ins...

esham
Grasshopper

So is that it?

 

I need to find out why spammers spam instead of shaw doing anything about it?

Surely an email provider can add those rules server side no?

Reply
Loading...
Jump to solution

ever since I got am email saying my email was locked by...

BrutusB
Grasshopper

ever since I got am email saying my email was locked by  Canada revenue I have been getting spammed non stop. I believe they were hacked and this is the result. Shaw should be able to put much better filters on emails!  How many  CBD Gummies should i have to block before it stops

0 Kudos
Reply
Loading...
Jump to solution

--  So is that it? I need to find out why spammers spam i...

mdk
Grand Master

@esham --  So is that it? I need to find out why spammers spam instead of shaw doing anything about it?

Yes, "profit" is the motivation for the spammer(s).

> Surely an email provider can add those rules server side no?

Certainly, they could, but do you think that it would be too "harsh" for Shaw to tag any message that contains an apostrophe (') or an underscore (_) anywhere (SUBJECT and/or "body") ? Probably, too many "false positives" would be generated, and Shaw customers would complain. Note that some Shaw customers have set their preferences to "immediately delete those tagged messages". I hope that they don't complain to Shaw alleging "non-delivery" of messages from their colleagues.

 

0 Kudos
Reply
Loading...
TALK TO US
Need more help?