Hello, I just received a mail stating: "Your 8 important incoming emails are stuck on the opensuse.org Email server." a link sent me to the "https://ipfs.io" server that asked me for credentials, see screenshot https://www.cjoint.com/doc/22_11/LKEldUzfzvk_Screenshot-20221130-115948.png I find this very suspect what do you think? (source of the mail available) thanks jdd -- mon serveur usenet: dodin.fr.nf c'est quoi, usenet? http://www.dodin.org/wiki/pmwiki.php?n=Usenet.Usenet
Hello, In the Message; Subject : phishing? Message-ID : <a4669210-86c9-42ff-1517-faa796cc495e@dodin.org> Date & Time: Wed, 30 Nov 2022 12:05:03 +0100 [jdd] == "jdd@dodin.org" <jdd@dodin.org> has written: jdd> Hello, jdd> I just received a mail stating: jdd> "Your 8 important incoming emails are stuck on the opensuse.org Email server." jdd> a link sent me to the "https://ipfs.io" server that asked me for credentials, jdd> see screenshot Please show the e-mail's headers. Regards. --- ┏━━┓彡 野宮 賢 mail-to: nomiya @ galaxy.dti.ne.jp ┃\/彡 ┗━━┛ "The question of who holds the platform and whether the person or organisation holding it is trustworthy has serious and profound implications in these volatile times. Once trust is broken, it is extremely difficult to restore. It is necessary to diversify in advance." -- Financial Times --
Hi On 11/30/22 21:35, jdd@dodin.org wrote:
Hello,
I just received a mail stating:
"Your 8 important incoming emails are stuck on the opensuse.org Email server."
a link sent me to the "https://ipfs.io" server that asked me for credentials, see screenshot
https://www.cjoint.com/doc/22_11/LKEldUzfzvk_Screenshot-20221130-115948.png
I find this very suspect
what do you think? (source of the mail available) thanks jdd
I suspect so, normally such emails would only go to the list managers and would be in a different format, so either the author subscribed to the list or this one accidently got through. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
jdd@dodin.org wrote:
Hello, I just received a mail stating:
"Your 8 important incoming emails are stuck on the opensuse.org Email server."
a link sent me to the "https://ipfs.io" server that asked me for credentials, see screenshot
I find this very suspect what do you think? (source of the mail available)
It is obviously fishing. -- Per Jessen, Zürich (5.6°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
Hello, In the Message; Subject : Re: phishing? Message-ID : <tm7fle$8a9$2@saturn.local.net> Date & Time: Wed, 30 Nov 2022 12:43:42 +0100 [PJ] == Per Jessen <per@computer.org> has written: PJ> jdd@dodin.org wrote: PJ> > Hello, PJ> > I just received a mail stating: PJ> > PJ> > "Your 8 important incoming emails are stuck on the opensuse.org Email PJ> > server." PJ> > PJ> > a link sent me to the "https://ipfs.io" server that asked me for PJ> > credentials, see screenshot PJ> > PJ> > I find this very suspect PJ> > what do you think? (source of the mail available) PJ> It is obviously fishing. I, for one, think it's probably a phishing spam. The rule of thumb with current phishing spam is 'don't ever open it'. I am concerned that jdd had opened the e-mail. Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ galaxy.dti.ne.jp ┃\/彡 ┗━━┛ "A society bound by e-mail and mobile phones deprives us of the freedom to face ourselves and indulge our fantasies." -- Michael Crichton (Speech in Japan) --
Masaru Nomiya wrote:
Hello,
PJ> It is obviously fishing.
I, for one, think it's probably a phishing spam. The rule of thumb with current phishing spam is 'don't ever open it'. I am concerned that jdd had opened the e-mail.
This type of phishing is virtually always after the email account credentials. Something which we don't even have for opensuse.org :-) -- Per Jessen, Zürich (5.1°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2022-11-30 13:04, Per Jessen wrote:
Masaru Nomiya wrote:
Hello,
PJ> It is obviously fishing.
I, for one, think it's probably a phishing spam. The rule of thumb with current phishing spam is 'don't ever open it'. I am concerned that jdd had opened the e-mail.
This type of phishing is virtually always after the email account credentials. Something which we don't even have for opensuse.org :-)
But the victim may enter the openSUSE credentials. Bugzilla, wiki, all. Some human back there will figure out what the credentials they got are useful for. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Hello, In the Message; Subject : Re: phishing? Message-ID : <tm7grt$8fs$1@saturn.local.net> Date & Time: Wed, 30 Nov 2022 13:04:13 +0100 [PJ] == Per Jessen <per@computer.org> has written: PJ> Masaru Nomiya wrote: PJ> > Hello, PJ> > PJ> > PJ> > PJ> It is obviously fishing. PJ> > PJ> > I, for one, think it's probably a phishing spam. PJ> > The rule of thumb with current phishing spam is 'don't ever open it'. PJ> > I am concerned that jdd had opened the e-mail. PJ> This type of phishing is virtually always after the email account PJ> credentials. Something which we don't even have for opensuse.org :-) Yes, I know it. I'm using the address in this email for ML for nearly 20 years, which is why I receive a lot of phishing spam daily, all of which I send to /dev/null via procmail's filters. The only way I can see the phishing spam sent to me is through the procmail's log file. Regards. --- ┏━━┓彡 野宮 賢 mail-to: m.nomiya @ gmail.com ┃\/彡 ┗━━┛ "Bill! You married with Computer. Not with Me!" "No..., with money."
Le 30/11/2022 à 12:56, Masaru Nomiya a écrit :
I am concerned that jdd had opened the e-mail.
there is no risk on just opening a mail, and of course I didn't even try to enter any of my credentials there but I have sometime valid mails from strange domain and I like better to warn thanks jdd -- mon serveur usenet: dodin.fr.nf c'est quoi, usenet? http://www.dodin.org/wiki/pmwiki.php?n=Usenet.Usenet
On 11/30/22 05:43, jdd@dodin.org wrote:
Le 30/11/2022 à 12:56, Masaru Nomiya a écrit :
I am concerned that jdd had opened the e-mail.
there is no risk on just opening a mail, and of course I didn't even try to enter any of my credentials there
but I have sometime valid mails from strange domain and I like better to warn
The URL you sent is reported as malicious by three security vendors in Virustotal. Definitely stay away from it. Regards, Lew
Masaru, et al -- ...and then Masaru Nomiya said... % % I, for one, think it's probably a phishing spam. Agreed. % % The rule of thumb with current phishing spam is 'don't ever open it'. Well, ... Don't follow any links, whether by clicking or by opening remote content or whatever, but it's OK to open it otherwise. After all, the MTA opens it to put it in the mailbox :-) % % I am concerned that jdd had opened the e-mail. One hopes that we would all by now know to not allow our MUAs to access or follow remote content. % % Regards. % % --- % ?$B(.(,(,(/WD Masaru Nomiya mail-to: nomiya @ galaxy.dti.ne.jp HAND :-D -- David T-G See http://justpickone.org/davidtg/email/ See http://justpickone.org/davidtg/tofu.txt
Hello, In the Message; Subject : Re: phishing? Message-ID : <20221201021844.GO19721@jpo> Date & Time: Thu, 1 Dec 2022 02:19:14 +0000 [DTG] == David T-G <davidtg-robot@justpickone.org> has written: [...] MN> % The rule of thumb with current phishing spam is 'don't ever open it'. DTG> Well, ... Don't follow any links, whether by clicking or by opening DTG> remote content or whatever, but it's OK to open it otherwise. After all, DTG> the MTA opens it to put it in the mailbox :-) https://www.sussex.ac.uk/its/help/faq?faqid=961 it is also stated here; If you receive any unwanted email, the best approach in almost every case is to delete it immediately. I think this is common knowledge? Moreover, In the Message; Subject : Re: phishing? Message-ID : <tm7grt$8fs$1@saturn.local.net> Date & Time: Wed, 30 Nov 2022 13:04:13 +0100 [PJ] == Per Jessen <per@computer.org> has written: [...] PJ> Something which we don't even have for opensuse.org :-) I still think this is an inaccurate statement ... The header of any email contains important information, including information similar to account credentials. In the case of the opensuse Mailing list, we believe that the following header information is relevant. ---------------------------------------------------------------------- Return-Path: <users-bounces@lists.opensuse.org> ...] X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on nsuse.org [...] List-Id: openSUSE Users <users.lists.opensuse.org> -------------------------------------------------------------------- From this I have the following configuration in my .procmailrc regarding emails from opensuse ML. ------------------------------------------------------------------ :0 H * 9876543210^0 ^To:. *users@lists.opensuse.org. * 9876543210^0 ^To:. *opensuse@opensuse.org. * 9876543210^0 ^Cc:. *users@lists.opensuse.org. * 9876543210^0 ^Cc:. *opensuse@opensuse.org { :0 H * 9876543210^0 ^List-Id:. *users.lists.opensuse.org. mh/Linux/opensuse/. :0 /dev/null } ------------------------------------------------------------- With this configuration, it is not possible for spoofed emails to be placed in the opensuse folder. Regards. --- ┏━━┓彡 野宮 賢 mail-to: m.nomiya @ gmail.com ┃\/彡 ┗━━┛ "Bill! You married with Computer. Not with Me!" "No..., with money."
On 2022/12/01 12:04:09 +0900, Masaru Nomiya wrote:
https://www.sussex.ac.uk/its/help/faq?faqid=961
it is also stated here;
If you receive any unwanted email, the best approach in almost every case is to delete it immediately.
I think this is common knowledge?
In theory yes ... but if this would be common there would be no spam mails anymore as no one would click on the honey trap Werner -- "Having a smoking section in a restaurant is like having a peeing section in a swimming pool." -- Edward Burr
Hello, In the Message; Subject : Re: [research] phishing? Message-ID : <Y4haRrgUExw+eKiP@boole.suse.de> Date & Time: Thu, 1 Dec 2022 08:39:50 +0100 [WF] == "Dr. Werner Fink" <werner@suse.de> has written: WF> [1 <text/plain; utf-8 (quoted-printable)>] WF> On 2022/12/01 12:04:09 +0900, Masaru Nomiya wrote: WF> > https://www.sussex.ac.uk/its/help/faq?faqid=961 WF> > WF> > it is also stated here; WF> > WF> > If you receive any unwanted email, the best approach in almost WF> > every case is to delete it immediately. WF> > WF> > I think this is common knowledge? WF> In theory yes ... but if this would be common there would be WF> no spam mails anymore as no one would click on the honey trap Honey traps! Very old stuff at.... Spammers' techniques for stealing personal information, such as credit card details, have evolved to an alarming degree. You may wish to check it out. Regards. --- ┏━━┓彡 野宮 賢 mail-to: nomiya @ galaxy.dti.ne.jp ┃\/彡 ┗━━┛ " Today’s China is not the old China humiliated and bullied over 100 years ago. It is time for these people to wake up from their imperial dream." -- Hua Chunying’s Regular Press Conference on August 4, 2022 --
On 2022-12-01 04:04, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Re: phishing? Message-ID : <20221201021844.GO19721@jpo> Date & Time: Thu, 1 Dec 2022 02:19:14 +0000
[DTG] == David T-G <...> has written:
[...] MN> % The rule of thumb with current phishing spam is 'don't ever open it'.
DTG> Well, ... Don't follow any links, whether by clicking or by opening DTG> remote content or whatever, but it's OK to open it otherwise. After all, DTG> the MTA opens it to put it in the mailbox :-)
https://www.sussex.ac.uk/its/help/faq?faqid=961
it is also stated here;
If you receive any unwanted email, the best approach in almost every case is to delete it immediately.
I think this is common knowledge?
Opening in Linux is safe, at least with Thunderbird, or plain text apps such as Alpine, Mutt or mailx. The reason is that all those clients do not "open" remote content. After all, the filtering action also "opens" mail. My Thunderbird does not render remote content, and asks me permission to do it, an when I decide so. I do not know about other clients such as kmail or evince, but I assume they are also safe. Maybe if mail contains javascript code there would be danger when it executes, but when does it execute, at what instant? And of course, "opening" doesn't include "clicking" on links on the email, that can be not safe. And in this case, it is dangerous. For Windows, the verb "open" may have a different meaning.
Moreover,
In the Message;
Subject : Re: phishing? Message-ID : <tm7grt$8fs$1@saturn.local.net> Date & Time: Wed, 30 Nov 2022 13:04:13 +0100
[PJ] == Per Jessen <...> has written:
[...] PJ> Something which we don't even have for opensuse.org :-)
I still think this is an inaccurate statement ...
Per means that [whatever]@opensuse.org is not an email account, so it doesn't have credentials we can give (ie, a login/password).
The header of any email contains important information, including information similar to account credentials. In the case of the opensuse Mailing list, we believe that the following header information is relevant.
---------------------------------------------------------------------- Return-Path: <users-bounces@lists.opensuse.org> ...] X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on nsuse.org [...] List-Id: openSUSE Users <users.lists.opensuse.org>
--------------------------------------------------------------------
From this I have the following configuration in my .procmailrc regarding emails from opensuse ML.
------------------------------------------------------------------ :0 H * 9876543210⁰ ^To:. *users@lists.opensuse.org. * 9876543210⁰ ^To:. *opensuse@opensuse.org. * 9876543210⁰ ^Cc:. *users@lists.opensuse.org. * 9876543210⁰ ^Cc:. *opensuse@opensuse.org { :0 H * 9876543210⁰ ^List-Id:. *users.lists.opensuse.org. mh/Linux/opensuse/.
:0 /dev/null } -------------------------------------------------------------
I don't understand what are those numbers you use.
With this configuration, it is not possible for spoofed emails to be placed in the opensuse folder.
-- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Le 01/12/2022 à 11:44, Carlos E. R. a écrit :
And of course, "opening" doesn't include "clicking" on links on the email, that can be not safe. And in this case, it is dangerous.
clicking on a link is not dangerous on linux. did you notice we just received an opensuse mail with a link we have to clic to vote :-)) These phishing mails aim to make you type password of course typing passwd can be dangerous, reason why I asked here to know if the mail was sent by openSUSE or not. I often receive mails asking me to say if I'm happy of my purchase in a store, and alas often the link have nothing to do with the store name :-( even french government promote official sites that are not *.gouv.fr as they should :-( (exemple: ameli.fr for the french social health administration - not amelie.fr which is a commercial health society, very dangerous similarity!) jdd -- mon serveur usenet: dodin.fr.nf c'est quoi, usenet? http://www.dodin.org/wiki/pmwiki.php?n=Usenet.Usenet
On Thu, 1 Dec 2022 11:57:30 +0100 "jdd@dodin.org" <jdd@dodin.org> wrote:
Le 01/12/2022 à 11:44, Carlos E. R. a écrit :
And of course, "opening" doesn't include "clicking" on links on the email, that can be not safe. And in this case, it is dangerous.
clicking on a link is not dangerous on linux.
That's an over-generalisation. It depends on where you click on it and how that program is configured to respond, and if it opens a browser then on how that browser is configured (run JS or no?) and what other data is stored within the application and what bugs it has. etc etc If the link is to a zero-pixel image (i.e. a tracker) then clicking on the link accomplishes everything the sender hoped for. i.e. confirming that the mail address is real.
did you notice we just received an opensuse mail with a link we have to clic to vote :-))
These phishing mails aim to make you type password
of course typing passwd can be dangerous, reason why I asked here to know if the mail was sent by openSUSE or not.
I often receive mails asking me to say if I'm happy of my purchase in a store, and alas often the link have nothing to do with the store name :-(
even french government promote official sites that are not *.gouv.fr as they should :-( (exemple: ameli.fr for the french social health administration - not amelie.fr which is a commercial health society, very dangerous similarity!)
jdd
On 2022-12-01 11:57, jdd@dodin.org wrote:
Le 01/12/2022 à 11:44, Carlos E. R. a écrit :
And of course, "opening" doesn't include "clicking" on links on the email, that can be not safe. And in this case, it is dangerous.
clicking on a link is not dangerous on linux.
Well... some links can. For example, if it is an Amazon link, that link is individualized to you, and tracks you. They will know that you clicked on it and you had a look at that amazing USB powered nail polisher. And then, you will be pestered with a zillion more mails about shoe polishers, glass polishers, keyboard polishers, etc etc :-D
did you notice we just received an opensuse mail with a link we have to clic to vote :-))
These phishing mails aim to make you type password
Yep.
of course typing passwd can be dangerous, reason why I asked here to know if the mail was sent by openSUSE or not.
In this case, it is dangerous.
I often receive mails asking me to say if I'm happy of my purchase in a store, and alas often the link have nothing to do with the store name :-(
Indeed.
even french government promote official sites that are not *.gouv.fr as they should :-( (exemple: ameli.fr for the french social health administration - not amelie.fr which is a commercial health society, very dangerous similarity!)
Yes, they do that... And send mails or SMS you have to enter a site with credentials or give some personal information. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 12/1/22 04:44, Carlos E. R. wrote:
On 2022-12-01 04:04, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Re: phishing? Message-ID : <20221201021844.GO19721@jpo> Date & Time: Thu, 1 Dec 2022 02:19:14 +0000
[DTG] == David T-G <...> has written:
[...] MN> % The rule of thumb with current phishing spam is 'don't ever open it'.
DTG> Well, ... Don't follow any links, whether by clicking or by opening DTG> remote content or whatever, but it's OK to open it otherwise. After all, DTG> the MTA opens it to put it in the mailbox :-)
https://www.sussex.ac.uk/its/help/faq?faqid=961
it is also stated here;
If you receive any unwanted email, the best approach in almost every case is to delete it immediately.
I think this is common knowledge?
Opening in Linux is safe, at least with Thunderbird, or plain text apps such as Alpine, Mutt or mailx. The reason is that all those clients do not "open" remote content. After all, the filtering action also "opens" mail.
My Thunderbird does not render remote content, and asks me permission to do it, an when I decide so.
I do not know about other clients such as kmail or evince, but I assume they are also safe.
Maybe if mail contains javascript code there would be danger when it executes, but when does it execute, at what instant?
And of course, "opening" doesn't include "clicking" on links on the email, that can be not safe. And in this case, it is dangerous.
For Windows, the verb "open" may have a different meaning.
The vast majority of Windows users run in administrative mode all the time. If they "open" an email with an executable it can run and install whatever it wants to without their knowledge. Linux users do not run with administrative user privileges all the time [ as a rule ]. Executables cannot just run. They have to be run intentionally. Windows CAN be set up that way and all the Windows machines I set up are, User and Administrator. -- In times of Tyranny and injustice when law oppresses the people, the outlaw takes his place in history. ~ · Robin Hood · 2010 · Screen Title
On 2022-12-01 12:02, Bill Walsh wrote:
On 12/1/22 04:44, Carlos E. R. wrote:
On 2022-12-01 04:04, Masaru Nomiya wrote:
...
For Windows, the verb "open" may have a different meaning.
The vast majority of Windows users run in administrative mode all the time. If they "open" an email with an executable it can run and install whatever it wants to without their knowledge. Linux users do not run with administrative user privileges all the time [ as a rule ]. Executables cannot just run. They have to be run intentionally. Windows CAN be set up that way and all the Windows machines I set up are, User and Administrator.
In Linux, no matter if done as admin or as user, opening an email with an executable doesn't run it. You can not even double click on it to run it. However, a document with a script inside can be loaded and opened. A PDF can contain javascript, but we don't have any PDF reader that supports javascript. Acroread from adobe did. I don't know if some other proprietary reader does. Foxit? A Libre Office document can contain scripts, but by default running scripts is disabled. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Hello, Sorry for late reply. In the Message; Subject : Re: phishing? Message-ID : <3045301a-5382-9b51-64b9-42a1a915beca@telefonica.net> Date & Time: Thu, 1 Dec 2022 11:44:49 +0100 [CER] == "Carlos E. R." <robin.listas@telefonica.net> has written: In the Message; Subject : phishing? Message-ID : <a4669210-86c9-42ff-1517-faa796cc495e@dodin.org> Date & Time: Wed, 30 Nov 2022 12:05:03 +0100 [jdd] == "jdd@dodin.org" <jdd@dodin.org> has written: At the outset, you are aware that the images shown by jdd represent his operations on Windows? [...] jdd> see screenshot jdd> https://www.cjoint.com/doc/22_11/LKEldUzfzvk_Screenshot-20221130-115948.png jdd> I find this very suspect Now then, [...] MN> > it is also stated here; MN> > MN> > If you receive any unwanted email, the best approach in almost MN> > every case is to delete it immediately. MN> > MN> > I think this is common knowledge? CER> Opening in Linux is safe, at least with Thunderbird, or plain CER> text apps such as Alpine, Mutt or mailx. The reason is that all CER> those clients do not "open" remote content. I understand that this is. CER> After all, the filtering action also "opens" mail. I have already confirmed that filtering actoin is not the same as opening an email, in the way I will describe later. CER> My Thunderbird does not render remote content, and asks me CER> permission to do it, an when I decide so. CER> I do not know about other clients such as kmail or evince, but I CER> assume they are also safe. When choosing an email reader for the very excellent software recoll, I tested with Thunderbird, sylpheed and kmail, and chose kmail as a result. Of the three, I found Kmail to be the most secure. I was very surprised that it requires approval to display internal links. Needless to say. This was not the reason for choosing Kmail, but because it look and feel was the best. CER> Maybe if mail contains javascript code there would be danger CER> when it executes, but when does it execute, at what instant? CER> And of course, "opening" doesn't include "clicking" on links on CER> the email, that can be not safe. And in this case, it is CER> dangerous. I fully agree with you. CER> For Windows, the verb "open" may have a different meaning. I can't understand what you mean. The "delete it immediately" means don't even click on the email. On a smartphone, it means don't even tap (I didn't use a mobile phone and I never use a smartphone, so I may have misunderstood.). [...] PJ>>> Something which we don't even have for opensuse.org :-) MN>> I still think this is an inaccurate statement ... CER> Per means that [whatever]@opensuse.org is not an email account, CER> so it doesn't have credentials we can give (ie, a CER> login/password). Ah, I see. Thanks. BTW. The reason I say don't open suspicious emails, even on Linux, is because I fear the unfathomable technological advances of spammers. Even now, it's often said that there is still a lot of spam originated from linux machines, though it is a low percentage of the total computers. Of course, this is a phenomenon originating from the port 25 issue. 2. on email filtering As many of you probably know, there is the mail management softwares. Using this software, it is possible to check (multiple) sent e-mails to see; 1. when the email was delivered to the recipient 2. when did the recipient open the email (not necessarily once)? This is a software for advertisers. When I did the 'filtering test' using this software, it did not recognise the email as 'opened' and the email remained unread for a long time. So, the filtering is not equal to opening. Anyway, it seems to me that spammers are using this software. As I've been sending spams to /dev/null with the filter, I feel that spam from Russia stops sending spam in a few months, and spam from China in about two years,. Spam, which spiked as soon as the whole country went into home mode during the new corona pneumonia scare, has also dropped off sharply here. This is how it is in my case, but there is no change in the situation where spam is raging among the public and public authorities are actively ventilating caution, which is the current situation in Japan. I wish Japanese spammers could also use this software for advertisers. Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ galaxy.dti.ne.jp ┃\/彡 ┗━━┛ "A society bound by e-mail and mobile phones deprives us of the freedom to face ourselves and indulge our fantasies." -- Michael Crichton (Speech in Japan) --
Le 03/12/2022 à 06:25, Masaru Nomiya a écrit :
At the outset, you are aware that the images shown by jdd represent his operations on Windows?
certainly not, I almost never use windows, it's a screencopy of firefox showing what the remote site says, origin is openSUSE 15.3
jdd> https://www.cjoint.com/doc/22_11/LKEldUzfzvk_Screenshot-20221130-115948.png
jdd -- mon serveur usenet: dodin.fr.nf c'est quoi, usenet? http://www.dodin.org/wiki/pmwiki.php?n=Usenet.Usenet
On 2022-12-03 08:38, jdd@dodin.org wrote:
Le 03/12/2022 à 06:25, Masaru Nomiya a écrit :
At the outset, you are aware that the images shown by jdd represent his operations on Windows?
certainly not, I almost never use windows, it's a screencopy of firefox showing what the remote site says, origin is openSUSE 15.3
jdd> https://www.cjoint.com/doc/22_11/LKEldUzfzvk_Screenshot-20221130-115948.png
LOL. They faked, invented, an opensuse.org login :-D -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Hello, In the Message; Subject : Re: phishing? Message-ID : <a95d55d2-00d8-5455-30b5-481a1c606726@telefonica.net> Date & Time: Sat, 3 Dec 2022 08:46:58 +0100 [CER] == "Carlos E. R." <robin.listas@telefonica.net> has written: CER> [1 <multipart/mixed (7bit)>] CER> [1.1 <text/plain; UTF-8 (base64)>] CER> On 2022-12-03 08:38, jdd@dodin.org wrote: CER> > Le 03/12/2022 à 06:25, Masaru Nomiya a écrit : CER> > CER> >> At the outset, you are aware that the images shown by jdd represent CER> >> his operations on Windows? CER> > CER> > certainly not, I almost never use windows, it's a screencopy of firefox CER> > showing what the remote site says, origin is openSUSE 15.3 CER> > CER> >> jdd> CER> >> CER> https://www.cjoint.com/doc/22_11/LKEldUzfzvk_Screenshot-20221130-115948.png CER> LOL. They faked, invented, an opensuse.org login :-D Norton's logo, too? Holy... My God! Good boy, never open spam! --- ┏━━┓彡 野宮 賢 mail-to: nomiya @ galaxy.dti.ne.jp ┃\/彡 ┗━━┛ "Tim Cook, the C.E.O. of Apple, said earlier this year that he would not let his nephew join social networks. Bill Gates banned cellphone until his children were teenagers, and Melinda Gates wrote that she wished they had waited even longer. Steve Jobs would not let his young children near iPads." -- The New York Times --
On 2022-12-03 09:16, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Re: phishing? Message-ID : <a95d55d2-00d8-5455-30b5-481a1c606726@telefonica.net> Date & Time: Sat, 3 Dec 2022 08:46:58 +0100
[CER] == "Carlos E. R." <robin.listas@telefonica.net> has written:
CER> [1 <multipart/mixed (7bit)>] CER> [1.1 <text/plain; UTF-8 (base64)>] CER> On 2022-12-03 08:38, jdd@dodin.org wrote: CER> > Le 03/12/2022 à 06:25, Masaru Nomiya a écrit : CER> > CER> >> At the outset, you are aware that the images shown by jdd represent CER> >> his operations on Windows? CER> > CER> > certainly not, I almost never use windows, it's a screencopy of firefox CER> > showing what the remote site says, origin is openSUSE 15.3 CER> > CER> >> jdd> CER> >> CER> https://www.cjoint.com/doc/22_11/LKEldUzfzvk_Screenshot-20221130-115948.png
CER> LOL. They faked, invented, an opensuse.org login :-D
Norton's logo, too?
Holy... My God!
Good boy, never open spam!
Oh, it is good entertainment :-D -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 2022-12-03 06:25, Masaru Nomiya wrote:
Hello,
Sorry for late reply.
In the Message;
Subject : Re: phishing? Message-ID : <3045301a-5382-9b51-64b9-42a1a915beca@telefonica.net> Date & Time: Thu, 1 Dec 2022 11:44:49 +0100
[CER] == "Carlos E. R." <robin.listas@telefonica.net> has written:
In the Message;
Subject : phishing? Message-ID : <a4669210-86c9-42ff-1517-faa796cc495e@dodin.org> Date & Time: Wed, 30 Nov 2022 12:05:03 +0100
[jdd] == "jdd@dodin.org" <jdd@dodin.org> has written:
At the outset, you are aware that the images shown by jdd represent his operations on Windows?
heh, no, it is firefox in the back, after he did click on the bad link. These guys invented a login which is generic, not really from opensuse.org, that includes a Norton security logo. But opensuse.org "mail" login does not even exist, it is not a "mail server", just a redirector. And opensuse-project@opensuse.org is a mail list, not a user. These bozos didn't investigate.
[...] jdd> see screenshot
jdd> https://www.cjoint.com/doc/22_11/LKEldUzfzvk_Screenshot-20221130-115948.png
jdd> I find this very suspect
Now then,
[...] MN> > it is also stated here; MN> > MN> > If you receive any unwanted email, the best approach in almost MN> > every case is to delete it immediately. MN> > MN> > I think this is common knowledge?
CER> Opening in Linux is safe, at least with Thunderbird, or plain CER> text apps such as Alpine, Mutt or mailx. The reason is that all CER> those clients do not "open" remote content.
I understand that this is.
CER> After all, the filtering action also "opens" mail.
I have already confirmed that filtering actoin is not the same as opening an email, in the way I will describe later.
CER> My Thunderbird does not render remote content, and asks me CER> permission to do it, an when I decide so.
CER> I do not know about other clients such as kmail or evince, but I CER> assume they are also safe.
When choosing an email reader for the very excellent software recoll, I tested with Thunderbird, sylpheed and kmail, and chose kmail as a result.
Of the three, I found Kmail to be the most secure. I was very surprised that it requires approval to display internal links. Needless to say. This was not the reason for choosing Kmail, but because it look and feel was the best.
I tried kmail in the long past, and did not like it, was "incomplete" for my liking.
CER> Maybe if mail contains javascript code there would be danger CER> when it executes, but when does it execute, at what instant?
CER> And of course, "opening" doesn't include "clicking" on links on CER> the email, that can be not safe. And in this case, it is CER> dangerous.
I fully agree with you.
CER> For Windows, the verb "open" may have a different meaning.
I can't understand what you mean.
"open" in Windows also means "run", "execute".
The "delete it immediately" means don't even click on the email. On a smartphone, it means don't even tap (I didn't use a mobile phone and I never use a smartphone, so I may have misunderstood.).
Yes. But I can not delete an email without clicking on it, then hit delete. Anyway, I never delete email, not even confirmed virii :-)
[...] PJ>>> Something which we don't even have for opensuse.org :-)
MN>> I still think this is an inaccurate statement ...
CER> Per means that [whatever]@opensuse.org is not an email account, CER> so it doesn't have credentials we can give (ie, a CER> login/password).
Ah, I see. Thanks.
BTW. The reason I say don't open suspicious emails, even on Linux, is because I fear the unfathomable technological advances of spammers.
Well...
Even now, it's often said that there is still a lot of spam originated from linux machines, though it is a low percentage of the total computers. Of course, this is a phenomenon originating from the port 25 issue.
Hum.
2. on email filtering
As many of you probably know, there is the mail management softwares. Using this software, it is possible to check (multiple) sent e-mails to see;
1. when the email was delivered to the recipient 2. when did the recipient open the email (not necessarily once)?
Yes, but this depends on the client of the destination collaborating. It needs that the receiving client sends a "receipt" confirming delivery or reading. Thunderbird read receipts are configurable. I don't know what action is the default, but mine is set to always ask. AFAIK it does not respond to receive receipt request, which are processed my SMTP servers, and not all (usually only the sender server). The other method of confirmation is that the receiving client displays remote content of the html side of the post, like a photo (or a zero size photo). Thunderbird asks before doing this by default.
This is a software for advertisers. When I did the 'filtering test' using this software, it did not recognise the email as 'opened' and the email remained unread for a long time. So, the filtering is not equal to opening.
Ok.
Anyway, it seems to me that spammers are using this software.
As I've been sending spams to /dev/null with the filter, I feel that spam from Russia stops sending spam in a few months, and spam from China in about two years,. Spam, which spiked as soon as the whole country went into home mode during the new corona pneumonia scare, has also dropped off sharply here. This is how it is in my case, but there is no change in the situation where spam is raging among the public and public authorities are actively ventilating caution, which is the current situation in Japan.
I wish Japanese spammers could also use this software for advertisers.
I get very little spam. Depending on the mail provider, some are very effective at filtering spam or virii, like gmail. Others have too many positives, so I disable it (gmx). -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
participants (10)
-
Bill Walsh -
Carlos E. R. -
Dave Howorth -
David T-G -
Dr. Werner Fink -
jdd@dodin.org -
Lew Wolfgang -
Masaru Nomiya -
Per Jessen -
Simon Lees