Author Topic: Spoofed email from Steve Poulton  (Read 1972 times)

Spoofed email from Steve Poulton
« on: 19 November, 2021, 11:50:54 am »
Just received a spoofed email claiming to be from Stephen Poulton. Clearly fake so it seems that his email account has been compromised.

Posting here because I have no other way to contact him…

Kim

  • Timelord
    • Fediverse
Re: Spoofed email from Steve Poulton
« Reply #1 on: 19 November, 2021, 11:58:08 am »
Clearly fake so it seems that his email account has been compromised.

Not necessarily.  All you need to spoof an email address is the email address.  So it may be that someone else's address book is what's been compromised.

Cudzoziemiec

  • Ride adventurously and stop for a brew.
Re: Spoofed email from Steve Poulton
« Reply #2 on: 19 November, 2021, 12:02:58 pm »
I've just this second received presumably the same email claiming to be from Steve Poulton. downhamnursery@btconnect.com is the email address used. This appears to be in Norfolk, a long way from where Steve Poulton lives, so possibly attended by Steve's grandchildren.
Riding a concrete path through the nebulous and chaotic future.

Re: Spoofed email from Steve Poulton
« Reply #3 on: 19 November, 2021, 12:05:51 pm »
I’ve just realised that Steve is 3peaker on here so I’ve sent him a private message.

Re: Spoofed email from Steve Poulton
« Reply #4 on: 19 November, 2021, 12:45:40 pm »
I got one of these too

Re: Spoofed email from Steve Poulton
« Reply #5 on: 19 November, 2021, 01:12:27 pm »
It's a pretty comprehensive hack.  I've had four emails to different addresses.  Usually it's just the occasional one (from him and from others).

Re: Spoofed email from Steve Poulton
« Reply #6 on: 19 November, 2021, 01:14:33 pm »
I've just received one, "asking for a favour".

Re: Spoofed email from Steve Poulton
« Reply #7 on: 19 November, 2021, 01:37:02 pm »
As above it’s usually the address book that’s been compromised rather than the email account. It’s rare that spam has been sent from the true email address that’s being spoofed.

Address book being compromised is as simple as allowing an app (such as FB) access to your contacts.  Or alternately if you use those sign in with Google links some web sites are asking for access to your contacts during the Oauth authentication steps. Check those permission requests folks.

Jaded

  • The Codfather
  • Formerly known as Jaded
Re: Spoofed email from Steve Poulton
« Reply #8 on: 19 November, 2021, 05:06:54 pm »
I’ve just sent him the £1,000 he needed.
It is simpler than it looks.

Feanor

  • It's mostly downhill from here.
Re: Spoofed email from Steve Poulton
« Reply #9 on: 19 November, 2021, 05:18:06 pm »
<AOL> Me too.

Jaded

  • The Codfather
  • Formerly known as Jaded
Re: Spoofed email from Steve Poulton
« Reply #10 on: 19 November, 2021, 05:25:34 pm »
 ;D
It is simpler than it looks.

mmmmartin

  • BPB 1/1: PBP 0/1
    • FNRttC
Re: Spoofed email from Steve Poulton
« Reply #11 on: 19 November, 2021, 11:31:03 pm »
I’ve just sent him the £1,000 he needed.
Glad to hear someone else responded generously, as did i. I'm sure he'll pay me back. I look forward to getting that thousand quid within a few weeks.
Besides, it wouldn't be audacious if success were guaranteed.

3peaker

  • RRTY Mad 42 up
Re: Spoofed email from Steve Poulton
« Reply #12 on: 19 November, 2021, 11:34:21 pm »
Dear Friend/Contact
SCAMMER ACTIVE
Earlier today many of you might have an email purporting to have come from me declaring some financial difficulty and requesting you help in the solution. Any such request did not come from me, despite using my email address.

I feel I must apologise if this approach has caused concern but assure you I had no knowledge of this scam until one of my contacts phoned me. I have changed my email Password but cannot guess how the Scammer hacked into my Contact list.

Thank you if you have contacted me by phone or email

Kind Regards
Stephen/Steve Poulton
(3peaker)
SteveP

Promoting : Cheltenham Flyer 200, Cider with Rosie 150, Character Coln 100.

Jaded

  • The Codfather
  • Formerly known as Jaded
Re: Spoofed email from Steve Poulton
« Reply #13 on: 19 November, 2021, 11:36:44 pm »
Steve,

It is a common thing to happen, as soon as I got the email I knew it was a scam.

Hope you are OK,

J
It is simpler than it looks.

Re: Spoofed email from Steve Poulton
« Reply #14 on: 20 November, 2021, 06:42:09 am »
I wonder if the hacker is targeting Cheltenham CTC members at the moment?
A similar thing happened to Sam King's account a few weeks ago.

Re: Spoofed email from Steve Poulton
« Reply #15 on: 20 November, 2021, 02:52:54 pm »
Guess who I rode with today? Mr 3peaker himself.

Re: Spoofed email from Steve Poulton
« Reply #16 on: 20 November, 2021, 05:07:19 pm »
In surface mail, I wouldn't need to break into Steve Poulton's house in order to send a letter that claimed to come from his address.

In email, I don't need to break into Steve Poulton's account in order to send an email that claims to come from his address.

In surface mail, I wouldn't need to steal Steve Poulton's address book in order to know that he knew certain people, and send them a letter claiming to be from him, as long as I could get hold of any letter or document from anywhere that linked him with them.

In email, I don't need to break into Steve Poulton's address book in order to get hold of an email from anywhere that includes his address and those of a number of people whom he knows; whenever any email is sent to any group of people, it's a fair bet that most of them know each other (and if they don't, I've lost nothing from trying).

With surface mail, breaking into Steve's house would be a relatively troublesome way of getting hold of the information to send a spoof message. It's the same with email; breaking into an account is a relatively large amount of trouble to achieve the aim. It's possible his account has been compromised, but there's no more reason to assume it than with surface mail, in my view.

Steve changing his password was a very good idea. However, the fact he was able to do so is strong evidence that the account had not been compromised. The first act of any half-competent hacker, after breaking in, would be to change the password, so locking Steve out.

Re: Spoofed email from Steve Poulton
« Reply #17 on: 20 November, 2021, 05:24:41 pm »
I feel I must apologise if this approach has caused concern but assure you I had no knowledge of this scam until one of my contacts phoned me. I have changed my email Password but cannot guess how the Scammer hacked into my Contact list.

They don't have to unfortunately, the headers of emails are unencrypted, so it just needs to pass a point on the internet where someone is monitoring traffic.  Similarly, you can write anything in the header.

There's a chance your account has been compromised though, so a password change is best.  Plus anywhere you use the same email/username and password combo.

Re: Spoofed email from Steve Poulton
« Reply #18 on: 20 November, 2021, 06:49:56 pm »
I wonder if the hacker is targeting Cheltenham CTC members at the moment?
A similar thing happened to Sam King's account a few weeks ago.
That seems a bit niche, unless someone’s been winding up a safe speed hacker cross over, or something.

I wouldn’t expect any manual involvement in targeting an individual, unless they were really quite wealthy (or are boss enough that people do as they ask at work). Mostly these “help I need money for x” scams work by harvesting lots of email addresses, mailing them all and one in every several thousand falling for it.

If multiple people in a friendship group have been targeted, there’s a chance that the account of someone in the group has been compromised, so that their contacts have gone into the scam list. Or they might just have both signed up for an account with some completely disconnected service that’s been compromised.

Worth a check on haveibeenpwned.com.