Just got this apparently fake NANOG invoice - Looks phishy
Apparent MS-Word doc attached. Be careful out there. Return-Path: <cb2004097@bristol.lu> Received: from cross6.lu-visp.net (cross6.lu-visp.net [62.182.179.184]) by lenny.gizmopartners.com (8.14.7/8.14.7) with ESMTP id 08LJIMld018071 for <cboyd@gizmopartners.com>; Mon, 21 Sep 2020 19:18:25 GMT Message-Id: <202009211918.08LJIMld018071@lenny.gizmopartners.com> Received: from [161.132.101.74] (unknown [161.132.101.74]) by cross4.lu-visp.net (Postfix) with ESMTPSA id 54FDC8808 for <cboyd@gizmopartners.com>; Mon, 21 Sep 2020 21:13:53 +0200 (CEST) Date: Mon, 21 Sep 2020 14:15:49 -0500 From: "NANOG" <cb2004097@bristol.lu> To: "Chris Boyd" <cboyd@gizmopartners.com> Subject: Chris Boyd MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--308522813199332622918802174927344" X-unconfigured-debian-site-MailScanner-ID: 54FDC8808.AF049 X-unconfigured-debian-site-MailScanner: Found to be clean X-unconfigured-debian-site-MailScanner-From: cb2004097@bristol.lu X-Spam-Status: No ----308522813199332622918802174927344 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =0DPlease let me know WHAT ADDRESS TO SEND TO. NANOG =0D----Original Message-----=0DOn Mon, Sep 21, 2020 at 15:17 Chris Boyd <cb= oyd@gizmopartners.com> wrote:=20 --=20 This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ----308522813199332622918802174927344 Content-Type: application/msword; name="INV #7565831.doc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="INV #7565831.doc" 0M8R4KGxGuEAAAAAAAAA
Can we please send this stuff to the admins and not the whole list? ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Chris Boyd" <cboyd@gizmopartners.com> To: "NANOG" <nanog@nanog.org> Sent: Monday, September 21, 2020 6:20:31 PM Subject: Just got this apparently fake NANOG invoice - Looks phishy Apparent MS-Word doc attached. Be careful out there. Return-Path: <cb2004097@bristol.lu> Received: from cross6.lu-visp.net (cross6.lu-visp.net [62.182.179.184]) by lenny.gizmopartners.com (8.14.7/8.14.7) with ESMTP id 08LJIMld018071 for <cboyd@gizmopartners.com>; Mon, 21 Sep 2020 19:18:25 GMT Message-Id: <202009211918.08LJIMld018071@lenny.gizmopartners.com> Received: from [161.132.101.74] (unknown [161.132.101.74]) by cross4.lu-visp.net (Postfix) with ESMTPSA id 54FDC8808 for <cboyd@gizmopartners.com>; Mon, 21 Sep 2020 21:13:53 +0200 (CEST) Date: Mon, 21 Sep 2020 14:15:49 -0500 From: "NANOG" <cb2004097@bristol.lu> To: "Chris Boyd" <cboyd@gizmopartners.com> Subject: Chris Boyd MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--308522813199332622918802174927344" X-unconfigured-debian-site-MailScanner-ID: 54FDC8808.AF049 X-unconfigured-debian-site-MailScanner: Found to be clean X-unconfigured-debian-site-MailScanner-From: cb2004097@bristol.lu X-Spam-Status: No ----308522813199332622918802174927344 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =0DPlease let me know WHAT ADDRESS TO SEND TO. NANOG =0D----Original Message-----=0DOn Mon, Sep 21, 2020 at 15:17 Chris Boyd <cb= oyd@gizmopartners.com> wrote:=20 --=20 This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ----308522813199332622918802174927344 Content-Type: application/msword; name="INV #7565831.doc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="INV #7565831.doc" 0M8R4KGxGuEAAAAAAAAA
On 9/21/20 7:28 PM, Mike Hammett wrote:
Can we please send this stuff to the admins and not the whole list?
Both the list admin account in the headers and the geeks@nanog.org is monitored and responded to. If you don't get a reply, you all have my email too. What's happening here is a subscription comes in from a valid email bot using gmail or $BIGHOST (google doesn't give af) and that doesn't send email. The list posters are then spammed from third party address(es). It's frankly hard to track down as only posters get the spams, not the whole list. That said, the geeks team knows what to look for to kill this when it happens. Forward the entire email including _FULL_HEADERS_ to geeks@nanog.org. We will kill it and ban them from the list. Thanks, -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
----- On Sep 21, 2020, at 6:03 PM, Bryan Fields Bryan@bryanfields.net wrote: Hi,
What's happening here is a subscription comes in from a valid email bot using gmail or $BIGHOST (google doesn't give af)
I'm old enough to remember the Usenet Death Penalty. That used to be pretty effective in dealing with sources of net-abuse. Thanks, Sabri
participants (4)
-
Bryan Fields
-
Chris Boyd
-
Mike Hammett
-
Sabri Berisha