.

If you open up the email payload and view the IP address of the source, open a DOS window and type in the nslookup xxx.xxx.xxx.xxx command, substitution the x's with the IP address. You'll find that around 70% of them are sourced from free or $1/mo Amazon AWS accounts.

Amazon is the #1 proliferator of spam emails.

The AWS apps that run, are started on virtual servers and will link to non-AWS URLs in the emails. If you do a whois on the domain names, most won't have their mandatory ICANN registry information filled out. You can report them to ICANN and if they don't add it in a month, that hostname will get taken down. AWS will also take them down, if reported. That requires you to sign up for an AWS account to report fraud. But if campaigns are taken down, they will pop up a few days later as another campaign.

Most of those addresses will be at one of those strip mall P.O. Box places. Get a bunch of them and report them to the PO Box company and they will pull their P.O. Box.

Hosting provider 1and1 is also the primary host for these domains too. While domain hosts say they can't control what their domain holders do, send a few of those emails to them and they will yank that client. Funny thing is... no one wants to be associated with scammers.


Save off all your scam emails, log the source IP, the hostname of it, the target URL and see if there is a commonality. Once you compile a bunch, go to AWS, go to the domain host, report them to ICANN and contact their post office provider. I've taken quite a few offline for long periods by hitting them on all fronts.

.

I am usually totally averse to clicking on any link UNLESS I know or am aware of the email author AND the link or the request being made by author makes sense. Otherwise, I send the questionable email to our IT department for a final ruling.

I had also heard that even PREVIEWING an email, depending on your email client, can be dangerous without even clicking on links. Is that true? If that's the case, that's completely debilitating, since I get 100s of emails a day at the office, and easily in the high double digits personally each day. There is no way I could process things unless I used the preview function to make a threshold determination of whether the email was relevant or not.

Any advice on this would be great!

.

Just like telemarketers.

I now answer telemarketing calls and waste their time. Certain ones from India have similar messages or hold scripts and I'll press 0 or 1 to get a live operator and then play Hindi music. Even if I waste 15 seconds of their time, that cuts into their human call resources and by doing that, after a few months the rate of spam calls dropped by about 80%.

Instead of being pissed, I make it into a sport to see if I can piss them off.

I'll sometimes bait the Hilton or cruise line spam calls and keep them talking for 10 minutes asking about their program, just to say that I loved wasting their time, ans will continue to do so each time they call -- poof, no more calls from them..

.

However, I still have a question: can merely previewing an email without clicking any links result in a phish?

Last edited Sat Apr 17, 2021, 09:05 PM - Edit history (1)

.

That is strictly a text viewer. It will have a pile of stuff in it, but once you figure out the pattern, you'll be able to grab them in a few seconds.


Embedded in there will be something like this:
Authentication-Results: spf=softfail (sender IP is 212.64.220.150)
smtp.mailfrom=inbox.foxnews.com; hotmail.com; dkim=none (message not signed)
header.d=none;hotmail.com; dmarc=none action=none
header.from=ballaratfitness.com;compauth=fail reason=001
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
inbox.foxnews.com discourages use of 212.64.220.150 as permitted sender)


DOS Window:
PS C:WINDOWSsystem32> nslookup 212.64.220.150
Server: 83a680f2afb6
Address: 10.0.0.243

Name: roles.reposefully.com
Address: 212.64.220.150





PS C:WINDOWSsystem32> nslookup reposefully.com
Server: 83a680f2afb6
Address: 10.0.0.243

Non-authoritative answer:
Name: reposefully.com
Address: 212.64.220.146



WHOIS Lookup: https://www.whois.com/whois
https://www.whois.com/whois/reposefully.com

Now this one has the typical GMAIL email account and is using NameCheap as a Registrar. There is a reporting ability at all Registrars. But it is best to wait and compile a bunch of them that are from the same person and then they will nuke the guy's account.

The address looks to be a web developer's address: 5660 Strand Court,,# A8,Naples,FL,34110


If they are missing Registration contact information: https://www.icann.org/compliance/complaint
Rat out each domain name that isn't properly filled out.

.

implying that I am too lazy to look it up for myself. My problem with the "Google is your friend" is the basic problem with the internet: there is so much useful information readily available, but there is equally a lot of shite available too.

Anyways, Google was my friend right now, and this seems to be a pretty good answer to my question: https://www.howtogeek.com/413435/is-it-safe-to-preview-your-email/

I seldom order anything on my own as my sister has prime.

I did not click the link and instead I looked up USPS. Then entered the "supposed" tracking number. Usps said it didn't exist.

Yep, some sort of scam.

They've been around for years and they're trying to obtain personal information, logins, and so on.

Here's a good summary with links to examples, etc.

https://www.fcc.gov/how-identify-and-avoid-package-delivery-scams

one of these emails. I'm always going to be aware of what I've ordered.

I do keep on getting the stupid phone call about some kind of high amount something I've ordered with Amazon. As soon as I realize that's what it is, I just hang up.

Amazon account was hacked and I was locked out. They had a link to reset my account. Instead I signed in to my Amazon account with no problem. I keep getting emails saying my Norton anti virus has expired, don't have Norton.

You should do a thourogh cleaning.

Never click an unknown link.

I wasn't clear about that. Neither of us clicked on anything. I looked up on a laptop to try and trace either the phone # or the URL. It just seems odd with all of the different operating systems in cell phones.

The first one read "Dear (first name; last name). Yada, yada yada. I deleted it without opening it.

The second one said it was from USPS. Is there a place to report this within the postal service? Is it a crime to say you are the USPS when you are not?