spam "from" gmail contacts

[1695814]

Lately I've been getting spam that, I'm assuming, spoofs the sender as being one of my gmail contacts. I've received spam from my SIL, nephew, and a past-president of the SOA.

Should I be afraid? very afraid? or nonchalant?

Maybe I've got it all wrong & these people's email accounts are really being used as spam-bots, but I rather doubt it.

Do you have any insight? How would it be able to "read" one of my gmail-contacts? I'm going to do a virus etc. scan on my desktop where this email gets downloaded into thunderbird. (I also have a laptop where I only access gmail online.) Maybe something fishy is going on there. Otherwise, I have no idea.

[campbell]

well, you can click on the little triangle to the upper right (next to the reply button) and select "show original" which will give you the full headers, MIME, etc. on a separate page

Thing is, I don't know what you should be looking for there for spoofed emails. But it should be in the header somewhere. I went looking in my spam folder, and couldn't find any obviously spoofed email addresses that weren't fake from the outset.

[PeppermintPatty]

You should look for emails that come from a route of IP addresses than the one ones your friends normally use.

But if you are getting a lot of email "from" people you know, the odds are that someone in your circle of friends has a virus sending out spam to that person's contacts. It might be using that person's address, or it might be picking a random address from that person's contacts to be "from".

When I get spam "from" a friend, and a quick routing check doesn't rule them out, I write to them (NOT returning that mail, but sometimes forwarding it, sans the attachment or link) and tell them I got what looks like spam, and they might have a virus. The last half dozen times this has happened, the person DID have a virus, and thanked me for letting them know.

I've never heard of a virus that can read the addresses of the people receiving the email. I seriously doubt that is what is happening.

[1695814]

cool. thanks for all the input.

[yoyo]

m/s

it had to said

[1695814]

So, I got another one tonight...

The name in the "from" was my brother, 2125814, but the email (& reply to) address was "akshay_blore19@yahoo.com" (not my brother's).

The subject & body of the email, had my wife's first name, 494. The subject was "for 494" & the body of the email was "hey, 494 [link] [date] [time]"

[1695814]

Here's all the original mumbo jumbo from clicking that little triangle thingy:

Spoiler:

Delivered-To: [redacted]@gmail.com
Received: by 10.14.4.132 with SMTP id 4csp595597eej;
Mon, 17 Sep 2012 04:58:44 -0700 (PDT)
Received: by 10.50.33.138 with SMTP id r10mr6571331igi.31.1347883123965;
Mon, 17 Sep 2012 04:58:43 -0700 (PDT)
Return-Path: <akshay_blore19@yahoo.com>
Received: from nm33-vm2.bullet.mail.ne1.yahoo.com (nm33-vm2.bullet.mail.ne1.yahoo.com. [98.138.229.66])
by mx.google.com with SMTP id x3si13649037ice.54.2012.09.17.04.58.42;
Mon, 17 Sep 2012 04:58:43 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of akshay_blore19@yahoo.com designates 98.138.229.66 as permitted sender) client-ip=98.138.229.66;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of akshay_blore19@yahoo.com designates 98.138.229.66 as permitted sender) smtp.mail=akshay_blore19@yahoo.com; dkim=pass (test mode) header.i=@yahoo.com
Received: from [98.138.90.53] by nm33.bullet.mail.ne1.yahoo.com with NNFMP; 17 Sep 2012 11:58:42 -0000
Received: from [98.138.89.169] by tm6.bullet.mail.ne1.yahoo.com with NNFMP; 17 Sep 2012 11:58:42 -0000
Received: from [127.0.0.1] by omp1025.mail.ne1.yahoo.com with NNFMP; 17 Sep 2012 11:58:42 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 513808.32658.bm@omp1025.mail.ne1.yahoo.com
Received: (qmail 31640 invoked by uid 60001); 17 Sep 2012 11:58:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1347883122; bh=8tEjARwp0kpHYbvmHWHJWGr1jLkBjrsEBIm5DKCwX7c=; h=X-YMail-OSG:Received:X-Mailer:Message-IDate:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=tPn9wRSOxTlgI+kE0trK84mowe/QEzxm/KJE6SjRrmP5L2fe9iUJ1/d/QHZoECX1rfpNDt9gSyLMr8azSqJpG2KI1WZaL839tu5cCdJMG4 +t71PuLjyIs1K7WAMkVob4SK0CBLnh+oZZkL7FDEjPZQ1/r0e3/4IkT9YcKQXDX8M=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Mailer:Message-IDate:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=jiXdD295lVBleIJZTh3HE+DNBSt7a97l9YEyBA0VLvkut959 cZv6i7+O64Xq0pU99r56ZTtWPsI/+c45Uoj/mK/bTPdfIA3KEwsRxb77KmzTWluM3x2HZp5PebFO+aYsCZrpWimcQ EdbUI2AFBqLo4F+2tbvAPLn+JWUFBObm2s=;
X-YMail-OSG: qEoMJ6AVM1kFMmupuqnDN085cP9.bOVBbyvxXHBriZwF3Zd
jQwqX7MQ1VGihIOKVbN30VpbyUDyRAP3igFd8aD9Ou03KnFB.m 2iKYKS2MSu
9906hiJtFyvOw00l4tqM2WuN_5ZRjMt0bH.WGUq2KqtjDayc5w fTvL82f5ME
rX.i_Ll5mguRSzEmtiFDwAtgCPt88TN7rm4JxgCxUBnd5cZUCh W24ZOEpxqH
3P5dVJ2zaBBfy1cuZ08Ivvp_SJmItnrwMzqvdOIFl9aqXIlTcT VcWUwxsyKI
u_ZL1U4zOzzgfKxwsaVfB13SOaStZcJdxNUSL_H0XnPCkmo3Pa .SbMa58cmL
qywm9Jl5IxpRMGWWEwF2zzfHcEBL1U5tzLX45Ze3OKX3XZnlQm 6z9HPttLok
kbs_rKKfViBeCARRwY2EZOyBKi..gfM5R8PSHswYQirObqlYaA gvQffyDz03
v9YAjosr7Vm7xkw.ID6psslkhPBr1q55WCTBYJHo3pZKJsXi0P G0FQf658mc
.0I_QJq8uztuB64cMa4DGACWG
Received: from [87.202.76.254] by web121403.mail.ne1.yahoo.com via HTTP; Mon, 17 Sep 2012 04:58:42 PDT
X-Mailer: YahooMailWebService/0.8.121.416
Message-ID: <1347883122.30856.YahooMailNeo@web121403.mail.ne1. yahoo.com>
Date: Mon, 17 Sep 2012 04:58:42 -0700 (PDT)
From: 212 5814 <akshay_blore19@yahoo.com>
Reply-To: akshay_blore19@yahoo.com
Subject: for 494
To: "[redacted]@gmail.com" <[redacted]@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

[mlschop]

I've been getting several of these as well. Most go right to spam folder, but one or two have gotten through to my inbox.

Do you have Facebook? I think it's Facebook related, because one of the names on an email belonged to someone I have never emailed, but I'm friends with on Facebook.

[1695814]

Quote:

Originally Posted by mlschop

I've been getting several of these as well. Most go right to spam folder, but one or two have gotten through to my inbox.

Do you have Facebook? I think it's Facebook related, because one of the names on an email belonged to someone I have never emailed, but I'm friends with on Facebook.

I don't have FB, but my wife does. She & I share an email acct (we're old like that) & of course the FB acct is linked with our email.

[BUT]

I received one spammy email from a nephew w/o a FB acct & one from the aforementioned former president of the SOA who I'm only linked to via linkedin & I emailed him once, too.

So far, no common denominator has held throughout all the spam...except that I've sent/received a previous email from all of them.

They do all end up in the spam folder...so there's that.

[DownInTexas]

Quote:

Originally Posted by 1695814

Lately I've been getting spam that, I'm assuming, spoofs the sender as being one of my gmail contacts. I've received spam from my SIL, nephew, and a past-president of the SOA.

Should I be afraid? very afraid? or nonchalant?

Maybe I've got it all wrong & these people's email accounts are really being used as spam-bots, but I rather doubt it.

Do you have any insight? How would it be able to "read" one of my gmail-contacts? I'm going to do a virus etc. scan on my desktop where this email gets downloaded into thunderbird. (I also have a laptop where I only access gmail online.) Maybe something fishy is going on there. Otherwise, I have no idea.

It may actually be their account that has been compromised. Since I've received a similar e-mail 40 minutes before you started this thread, which probably isn't coincidence.