Solved

Threat of harvesting email addresses from "massive cc"

Posted on 2010-09-17
6
571 Views
Last Modified: 2012-05-10
I have recently been warned that "the primary method of harvesting email addresses is by massive
forwards." My initial reaction was to doubt that this is the "primary method."

However, I am wondering what level of threat it poses.

It seems the only way it would work would be if either someone on the distribution list was an abuser, or somewhere along the route that the email takes there is a harvester.

I am looking for insight into this problem, as to the level of risk it poses.
0
Comment
Question by:jasimon9
  • 2
  • 2
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 33703123
If you are worried about mass CC:, just use BCC:.
If you need to have mass amounts of people on an email then you should be using groups.
0
 

Author Comment

by:jasimon9
ID: 33703353
It is kind of a theoretical question. Not something that I am engaged in much.

Just the comment made by someone that I thought was perhaps not correct.
0
 
LVL 22

Assisted Solution

by:Matt V
Matt V earned 25 total points
ID: 33703507
Malware on your pc will look in your address books and your cc: lines for sure.   It is a reasonably accurate statement.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 32

Accepted Solution

by:
aleghart earned 225 total points
ID: 33703786
It's not the primary method any more, as there are compiled lists that are bought and sold.  A few years ago, an AOL empoyee sold a list of 90+million AOL screen names.  But not before he used it first to spam for his own online business.

In the "early" days, you'd see people trying to get themselves on your CC list.  "I absolutely LOVE all of these joke e-mails...please add me to all of your lists."  Sometimes it was a prank to flood somebody's inbox with jokes.  Sometimes the person would keep parsing all the inbound mail to collect addresses to add to their own spamming lists.

BCC is so much simpler.
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 225 total points
ID: 33703833
Also, there are plenty of "businesses" that use low-paid labor to take trade show guides and copy all the email addresses.  They sell the lists to spammer as well as to sites that pay them for unique records.

Our work emails are easy targets.  The spam usually uses the generic email address we listed in the directory, along with a reference to the trade show or the industry we're in to make the spam look legitimate.

Use of temporary aliases are handy for that.  Mail to "show12@domain.tld" obviously came from trade show #12's directory being harvested.

Individuals can use aliases from a mail provider or mail forwarder.  'Nyms' is the word used by some services for temporary aliases.  I used to have one "lists-aleghart@..." so I knew what came from a certain public forum.  Easy to kill the alias and change my profile at the site that was being harvested.
0
 

Author Comment

by:jasimon9
ID: 33704103
Great input so far.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now