Interesting spam...

[Cheek]

...I have never received any sort of spam regarding app development jobs or anything of that sort, despite often reading about network and internet security online - until today. The same day I signed up to receive emails via an email submission field on grc. The question is, is it me or is it you? Or is it something else? Because, last week I contacted my financial institution, via a contact form on a regular (not encrypted?) page (not within my account area) on their site regarding a page IN my account area that suspiciously wouldn't load and got an almost instantaneous response. Not from them, but from a gmail address. And it didn't come to my gmail address but to the proton address I only use to receive OTPs from them. I phoned them - couldn't get through on their regular line so used the toll-free line for out of state calls and they showed no sign of any errors or cause for the page I was served when the page I wanted wouldn't load but it was a "trusted third party" page. Which was interesting but not alarming. Until I got the email response.

Is it coincidence? Anybody come across anything like this lately? I haven't experienced anything like this since being served ads in yahoo mail that were obviously sparked by something I'd written in a private email to a sibling. 30 years ago. Which is precisely what sparked my interest in browser hardening, network and internet security in the first place.

edited to add I neglected to mention that my confirmation email didn't come through. Or so I thought. It wasn't in the inbox nor the spam folder. So I had it sent again and didn't get that one either but found them both, in the trash folder - having been routed there by a filter I don't recall creating set to delete all emails with "account" in the subject line. A filter I can't even imagine, let alone remember creating.

 

[cschuber]

I get all kinds of SPAM related to my Open Source development. Some if it is spooky. For instance, a discussion I had with a developer regarding some software we were working on. Another time the SPAM mentioned a topic I was discussing with another developer on a mailing list. In both cases the SPAM came from a Google network, as could be seen in the SMTP audit headers.

At other times I receive emails from people suggesting patches or fixes to software. Yet the emails feel off, like the sender doesn't have a grasp of the subject at hand, or the sender lacks a grasp of programming in general. This suggests, IMO, that there are active efforts to cultivate connections with developers.

My desktop of choice is a FreeBSD laptop -- been using FreeBSD for a desktop since 1995. And may SMTP server is also a FreeBSD system, in my basement. This makes reviewing SMTP audit headers simple.

My guess, and take this with a grain of salt, as this is just a guess, is that there seems to be an effort to cultivate relationships with developers to lay the groundwork for supply chain attacks. This is just a gut feel as many of the emails just seem "off".

Or maybe I'm just more sensitive to this and it's just my imagination. I don't know. It feels like there's been a shift since late last summer.

 

[Cheek]

I get all kinds of SPAM related to my Open Source development. Some if it is spooky. For instance, a discussion I had with a developer regarding some software we were working on. Another time the SPAM mentioned a topic I was discussing with another developer on a mailing list. In both cases the SPAM came from a Google network, as could be seen in the SMTP audit headers.

At other times I receive emails from people suggesting patches or fixes to software. Yet the emails feel off, like the sender doesn't have a grasp of the subject at hand, or the sender lacks a grasp of programming in general. This suggests, IMO, that there are active efforts to cultivate connections with developers.

My desktop of choice is a FreeBSD laptop -- been using FreeBSD for a desktop since 1995. And may SMTP server is also a FreeBSD system, in my basement. This makes reviewing SMTP audit headers simple.

My guess, and take this with a grain of salt, as this is just a guess, is that there seems to be an effort to cultivate relationships with developers to lay the groundwork for supply chain attacks. This is just a gut feel as many of the emails just seem "off".

Or maybe I'm just more sensitive to this and it's just my imagination. I don't know. It feels like there's been a shift since late last summer.

I don't do email. My inbox, spam folder and trash are empty, right now, and 90% of the time. If I wasn't retired and hadn't escaped such things, I wouldn't have noticed. I've checked my defenses and everything appears okay but it's the nature of the beast that they always do - until they don't. But this all took place in the past week. Normal, normal, normal for years then boom - a string of anomalies.

I'm still in LMDE5 so I'm familiar with my system and it feels like somebody found a way just under the outer layer of somebody's security with regard to the transmission of things entered in online fields and forms, and is poking around to see what they can do with that. Could even be AI - since there's no such thing as "I". More like artificial human assumption than intelligence. But, of course, if it was looking at me when I was looking at it or able to see what I did next, it's probably learned something about the perils of assuming its programmers actually possess the intelligence they're trying to clone. Or, barring that, perhaps it has learned to keep its mouth shut until it has all the facts.

There's been nothing to suggest any sort of response to or awareness of my use of the forms on this forum so...

It's always a little freaky to think about how long the bad actors could have possessed the information they're now selling forward...and what they've been doing with it...it's possible they've had that information for years - and been using it for more than a decade.

How anyone w/could have trusted MS to secure or maintain its handling of wifi is beyond me...I shudder to think what it would take to shake that kind of faith...maybe this is it. Who knows. I'm retired and this coffee isn't going to drink itself! ROFL!

 

[Cheek]

I get all kinds of SPAM related to my Open Source development. Some if it is spooky. For instance, a discussion I had with a developer regarding some software we were working on. Another time the SPAM mentioned a topic I was discussing with another developer on a mailing list. In both cases the SPAM came from a Google network, as could be seen in the SMTP audit headers.

At other times I receive emails from people suggesting patches or fixes to software. Yet the emails feel off, like the sender doesn't have a grasp of the subject at hand, or the sender lacks a grasp of programming in general. This suggests, IMO, that there are active efforts to cultivate connections with developers.

My desktop of choice is a FreeBSD laptop -- been using FreeBSD for a desktop since 1995. And may SMTP server is also a FreeBSD system, in my basement. This makes reviewing SMTP audit headers simple.

My guess, and take this with a grain of salt, as this is just a guess, is that there seems to be an effort to cultivate relationships with developers to lay the groundwork for supply chain attacks. This is just a gut feel as many of the emails just seem "off".

Or maybe I'm just more sensitive to this and it's just my imagination. I don't know. It feels like there's been a shift since late last summer.

Just had a scary thought...
It sure feels like somebody is poking around - or setting something up - but what if it's both? What if selling the exploit forward to generate nefarious activity is used to bury evidence of something they're setting up? Something bigger...

I'm wondering because it occurred to me that the power went out for just a few seconds this morning. It was strange because it was during the cool of the morning, as opposed to in the heat of a mass of air conditioners all running at the same time. Not unheard of but what's weird is that it only did it once. Not even so much as a flicker, after. And now I'm just being paranoid, right?

 

[PHolder]

If you're in any way worried that someone is in your account, it's time to make their [presumed] life difficult. If you're not using a password manager, start today. Make the password to your password manager at least 15 or more (but ideally 25 or more) characters, including some digits and punctuation. Write it down on paper (seal it in an signed envelope if you worry about local access) as a backup. Change your email password to something only your password manager knows, that is at least 32 random characters long. After changing it, force logout any active sessions. Add a second factor if you can, a TOTP challenge for example. (I don't recommend using the same password manager for both, but you could.)

The risk to the effectiveness of this is that your entire device/network is owned, and if that were the case, it is hard to make these changes and have them be effective. Presuming you take the usual precautions, this would seem unlikely. Only you can know if you've ever had an experience that makes you doubt the reliability of your desktop PC and/or phone. TOTP password managers don't have to be online, although some are, so you could actually take your phone offline (airplane mode assuming you put it on a phone) when using it, hoping that any bad guy with any access loses access when you're offline.

Whatever the situation, your goal is to make you a less desirable target if you've somehow become one.

 

[cschuber]

I don't think it matter if one is a desireable target or not. Though, I suppose that depends. My gmail account (which I've never seriously used) has been a spam magnet for years. For my regular email address, my mail server in my basement blocks all incoming mail from IPs that don't also have a corresponding A record, i.e. their ISP must have registered matching A and PTR records for the IP. If not my SMTP, server rejects the connection. That blocks about 99.5% of all the SPAM. A bayesian filter does the rest. And the two or three that might slip past in a week are an opportunity to teach the filter.

Though I am toying with the idea of also blocking email from SMTP gateways that don't also have an MX record. That may probably throw out the baby with the bath water. And given that only two or three spam get past my filters it's probably not worth the effort and the time can be better spent elsewhere.

The fact that my gmail account is a spam magnet and the fact that, lately, most of the spam my infrastructure here at home has blocked is from Google's network, suggests that they're doing a terrible job of blocking spam. Then again maybe that's their point. Who knows how that email address became public when it was only used to register phones and tablets. Not a big deal, but something to ponder when there's nothing else to do.

 

[Cheek]

If you're in any way worried that someone is in your account, it's time to make their [presumed] life difficult. If you're not using a password manager, start today. Make the password to your password manager at least 15 or more (but ideally 25 or more) characters, including some digits and punctuation. Write it down on paper (seal it in an signed envelope if you worry about local access) as a backup. Change your email password to something only your password manager knows, that is at least 32 random characters long. After changing it, force logout any active sessions. Add a second factor if you can, a TOTP challenge for example. (I don't recommend using the same password manager for both, but you could.)

The risk to the effectiveness of this is that your entire device/network is owned, and if that were the case, it is hard to make these changes and have them be effective. Presuming you take the usual precautions, this would seem unlikely. Only you can know if you've ever had an experience that makes you doubt the reliability of your desktop PC and/or phone. TOTP password managers don't have to be online, although some are, so you could actually take your phone offline (airplane mode assuming you put it on a phone) when using it, hoping that any bad guy with any access loses access when you're offline.

Whatever the situation, your goal is to make you a less desirable target if you've somehow become one.

I don't think I'm a target nor that anyone is in my accounts. I don't have anything anyone would want, these days, and would be the most boring person on the planet to follow around the internet unless they have an interest in Great Pyrenees dogs, mechanical design, philosophy or giggling about baby goat antics. I'd be boring to follow anywhere, actually. At any rate, there's nothing out in the sociopolitical or electronic world that I can't simply pull the plug on. It might be inconvenient but I'm easily entertained.

I didn't mean that such a scenario would be freaky for me, personally. I was thinking more along the lines of what such people could do...ya know...pretty much worldwide.

I use my own version of haystacks so don't really need a password manager for anything other than junk logins. Though I did, once, years ago, have to rely on "muscle memory" to get into my primary email after an extended absence from work. That was interesting...but it worked!

 

[Cheek]

I don't think it matter if one is a desireable target or not.

That's true. Any computer would be useful as a bot but if that's all they want, they have no reason to put any effort into one they can't get into. Not when there's seven seas of wide-open and far more connected - or even interesting - computers to fish in.