Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
What’s in your Junk Mail folder? (Mega Thread)
Message
<blockquote data-quote="always_forever" data-source="post: 1050377" data-attributes="member: 92363"><p>Like all of us, I get my share of SPAM and do my best to filter it directly to the junk folder.</p><p></p><p>However, I received one last night that concerns me and is different than any other to hit my inbox.</p><p></p><p>[ATTACH=full]277373[/ATTACH]</p><p></p><p>This message arrived in my Outlook client and was addressed to a gmail address that isn't mine (but is similar and is using my name). I've never seen SPAM like that before (assuming it is).</p><p></p><p>To start with, is it even possible to spoof the "To" field? I did some research and couldn't find a definitive answer.</p><p></p><p>Ultimately, I'm trying to determine if this is someone who established a gmail address (to set up potential identity theft) and then set up the address to forward automatically to my Outlook email address before using the gmail address to establish a Microsoft account...or if it is SPAM with a spoofed "To" field that is safe to ignore.</p><p></p><p>The thing is...it certainly looks like a legitimate email from Microsoft and the "From" field (which I know can be spoofed) is a legitimate Microsoft email address. I did use a header analysis tool at MxToolbox and used the new tool at Sopholabs Intelix to analyze the contained URLs. The URLs came back as low risk and did not appear to be malicious but the MxToolbox header analysis showed:</p><ul> <li data-xf-list-type="ul">[ATTACH=full]277368[/ATTACH] <a href="https://mxtoolbox.com/dmarc/problem/dmarc-compliance" target="_blank">DMARC Compliant</a></li> <li data-xf-list-type="ul">[ATTACH=full]277369[/ATTACH] <a href="https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=1b80b75d-20f5-4a40-87f5-24fafb02b698" target="_blank">SPF Alignment</a></li> <li data-xf-list-type="ul">[ATTACH=full]277370[/ATTACH] <a href="https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=1b80b75d-20f5-4a40-87f5-24fafb02b698" target="_blank">SPF Authenticated</a></li> <li data-xf-list-type="ul">[ATTACH=full]277371[/ATTACH] <a href="https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=1b80b75d-20f5-4a40-87f5-24fafb02b698" target="_blank">DKIM Alignment</a></li> <li data-xf-list-type="ul">[ATTACH=full]277372[/ATTACH] <a href="https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=1b80b75d-20f5-4a40-87f5-24fafb02b698" target="_blank">DKIM Authenticated</a></li> </ul><p>I do realize that the cut-and-paste of the header can negatively impact the ability to analyze it so I'm not sure if that's an issue here.</p><p></p><p>In any event, any insight from those with such knowledge would be sincerely appreciated.</p><p></p><p>Usually, I can determine if an email is spam or not but I don't know what's going on with this one. Did someone create a gmail address using my name and then use it to sign up for a Microsoft account? Then somehow the email was sent or forwarded to my Outlook address with the gmail address in the "To" field?</p><p></p><p>Or is this just SPAM? If it is SPAM, I don't see what could hope to be gained by the scammer as there are no clickable links in the email. So why would they send it?</p><p></p><p>How can I tell which it is? Willing to do some more legwork but I've hit a brick wall with this one. Maybe there is some other information in the header that I could look for?</p></blockquote><p></p>
[QUOTE="always_forever, post: 1050377, member: 92363"] Like all of us, I get my share of SPAM and do my best to filter it directly to the junk folder. However, I received one last night that concerns me and is different than any other to hit my inbox. [ATTACH type="full"]277373[/ATTACH] This message arrived in my Outlook client and was addressed to a gmail address that isn't mine (but is similar and is using my name). I've never seen SPAM like that before (assuming it is). To start with, is it even possible to spoof the "To" field? I did some research and couldn't find a definitive answer. Ultimately, I'm trying to determine if this is someone who established a gmail address (to set up potential identity theft) and then set up the address to forward automatically to my Outlook email address before using the gmail address to establish a Microsoft account...or if it is SPAM with a spoofed "To" field that is safe to ignore. The thing is...it certainly looks like a legitimate email from Microsoft and the "From" field (which I know can be spoofed) is a legitimate Microsoft email address. I did use a header analysis tool at MxToolbox and used the new tool at Sopholabs Intelix to analyze the contained URLs. The URLs came back as low risk and did not appear to be malicious but the MxToolbox header analysis showed: [LIST] [*][ATTACH type="full" alt="1689959166228.png"]277368[/ATTACH] [URL='https://mxtoolbox.com/dmarc/problem/dmarc-compliance']DMARC Compliant[/URL] [*][ATTACH type="full" alt="1689959166255.png"]277369[/ATTACH] [URL='https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=1b80b75d-20f5-4a40-87f5-24fafb02b698']SPF Alignment[/URL] [*][ATTACH type="full" alt="1689959166278.png"]277370[/ATTACH] [URL='https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=1b80b75d-20f5-4a40-87f5-24fafb02b698']SPF Authenticated[/URL] [*][ATTACH type="full" alt="1689959166304.png"]277371[/ATTACH] [URL='https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=1b80b75d-20f5-4a40-87f5-24fafb02b698']DKIM Alignment[/URL] [*][ATTACH type="full" alt="1689959166328.png"]277372[/ATTACH] [URL='https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=1b80b75d-20f5-4a40-87f5-24fafb02b698']DKIM Authenticated[/URL] [/LIST] I do realize that the cut-and-paste of the header can negatively impact the ability to analyze it so I'm not sure if that's an issue here. In any event, any insight from those with such knowledge would be sincerely appreciated. Usually, I can determine if an email is spam or not but I don't know what's going on with this one. Did someone create a gmail address using my name and then use it to sign up for a Microsoft account? Then somehow the email was sent or forwarded to my Outlook address with the gmail address in the "To" field? Or is this just SPAM? If it is SPAM, I don't see what could hope to be gained by the scammer as there are no clickable links in the email. So why would they send it? How can I tell which it is? Willing to do some more legwork but I've hit a brick wall with this one. Maybe there is some other information in the header that I could look for? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
