One of my customers has started to receive "gibberish" spam to her email account. Some things of note:
-- She is extremely protective of this account as it's her "trusted" email account she uses only to personal recipients.
-- She is almost as paranoid as me (which is very paranoid) about security. She even poop-cans attachments from me unless I tell her beforehand that I'm sending an attachment--and we've been corresponding since 1989!
-- The incoming spam has a sender's address of her own email account.
Okay, I've been at this game (email, security, etc.) for more years than I care to admit but I'm missing something. "Gibberish" spam that attempts to sell nothing?
Aside from that, the more interesting question is how might her address have gotten out? I'm speculating three ways:
1. Her machine is compromised (which we've pretty well ruled out through various scans)
2. She sent an email to a "trusted" recipient who's machine has been compromised and an Evil Spammer boosted her address and, of course, others.
3. A trusted recipient forwarded an email with her address in it and that person's machine was compromised, yada yada yada.
Anyone have any other speculative possibilities? Anyone seen this behaviour before (spam sent to you from your own address)?
Thanks
Charles
-- She is extremely protective of this account as it's her "trusted" email account she uses only to personal recipients.
-- She is almost as paranoid as me (which is very paranoid) about security. She even poop-cans attachments from me unless I tell her beforehand that I'm sending an attachment--and we've been corresponding since 1989!
-- The incoming spam has a sender's address of her own email account.
Okay, I've been at this game (email, security, etc.) for more years than I care to admit but I'm missing something. "Gibberish" spam that attempts to sell nothing?
Aside from that, the more interesting question is how might her address have gotten out? I'm speculating three ways:
1. Her machine is compromised (which we've pretty well ruled out through various scans)
2. She sent an email to a "trusted" recipient who's machine has been compromised and an Evil Spammer boosted her address and, of course, others.
3. A trusted recipient forwarded an email with her address in it and that person's machine was compromised, yada yada yada.
Anyone have any other speculative possibilities? Anyone seen this behaviour before (spam sent to you from your own address)?
Thanks
Charles