Hi all, While not really an "outage" -- is anyone seeing a mass of emails this morning from users with accounts from AT&T, SBC Global, PacBell and other related providers? These emails often have a format that looks like the below (redacted info so that it doesn't look like spam to filters). [redacted link to google which is a redirect to a page about weight loss] Sent from my iPad Begin forwarded message: > the more light you pour upon it, the more it will One person with a belief is equal to a force of ninety-nine who have only interest. > > From: [redacted user name of person I know] -[redacted email of someone I know]@att.net- > Date: Sat, 12 Jun 2016 08:04:00 +0000 > To: Suzie Talianis > Subject: Fw(2): [redacted name I know] pg > > Mail Code: cndajv I'm seeing this from a number of users this morning on AT&T, SBC Global, PacBell and others -- and it's clear that someone has access to their address books, but they are not sending from their accounts when you look at the headers. Anyone else seeing this? Any thoughts on what these users can do to not be spoofed on accounts with these major services? Thanks! Neil
On Sun, 12 Jun 2016 11:42:29 -0600 Neil Ticktin via Outages <outages@outages.org> wrote:
users with accounts from AT&T, SBC Global, PacBell and other related providers
These are all bells who farm their mail service out to Yahoo. I haven't seen any of today's spam wave, but have been on the receiving end of previous ones from @bellsouth.net addresses. Same pattern: the forged senders are people I know and have emailed, the subject line often contains either my name or the name of someone else in their contacts, and the messages aren't originating at Yahoo. I've suspected some kind of compromise on the Yahoo side for months, at the very least some leaky interface to the contacts database, but no news has been forthcoming. -s
participants (2)
-
Neil Ticktin -
Shaun