weird spam



  • I'm sure this is spam, but I wanted to run it by you guys anyhow.

    A single user at a client received more than 50 emails with the subject

     SMTP Cracker User-ID Num: [1862B4C]
    

    I won't post the header publicly, but will with a few offline.

    Anyone seen a subject like this before?

    The emails that have bodies are talking about using a compromised site and they provide the username and password for doing relaying. many of the emails though have no body, only a subject.



  • @Dashrender said in weird spam:

    I'm sure this is spam, but I wanted to run it by you guys anyhow.

    A single user at a client received more than 50 emails with the subject

     SMTP Cracker User-ID Num: [1862B4C]
    

    I won't post the header publicly, but will with a few offline.

    Anyone seen a subject like this before?

    The emails that have bodies are talking about using a compromised site and they provide the username and password for doing relaying. many of the emails though have no body, only a subject.

    I would agree with your assessment. I can see the header offline if you want.



  • We got a whole slew of those about 2-3 months ago, similar subject and the body contained Our companies older style username and password. Headers pointed to a relay server/service in Montreal. Freeked a couple managers out but I assured them the username/passwords that were in the bodies were very very old and no longer in use in most cases. We initiated password resets across the domain just to be safe.



  • @jt1001001 said in weird spam:

    We got a whole slew of those about 2-3 months ago, similar subject and the body contained Our companies older style username and password. Headers pointed to a relay server/service in Montreal. Freeked a couple managers out but I assured them the username/passwords that were in the bodies were very very old and no longer in use in most cases. We initiated password resets across the domain just to be safe.

    you got spammed about your own domain? LOL that was not the case here.



  • @Dashrender Yes, well of our domains ,we have several variants. It was more of a phishing attempt/scare tactic from a Russian script kiddie from what we were able to gather.


Log in to reply