Can you read this e-mail header?
To protect the privacy of the parties, I'm editing the names and replacing them with John Doe and Jane Doe. The rest is not being editted.
A friend and I were discussing a matter and suddenly this Jane Doe sent an e-mail to my friend about what we were discussing and my friend never gave their e-mail to anyone for them to know the subject that we were talking about.
I see some numbers and an IP address there between all the garb so maybe you can figure it out.
From Jane Doe Thu May 9 16:06:46 2013
X-Apparently-To: johndoe@yahoo.de via 46.228.37.113; Thu, 09 May 2013 15:06:38 +0000
Return-Path: <Jane.Doe@rocketmail.com>
Received-SPF: none (domain of rocketmail.com does not designate permitted sender hosts)
AQEB
X-YMailISG: 0BiONa0WLDvUignqySZRHlAG.v
NcfadfFZA4f.cg2v.HVPeSaZAs
_C2hx2qBEJ2YYTZ87Cjcq8.2M6
nLTgaNhIFctp3i_jkf9b7zeZnz
GFYhys9oOFjDNSRANLCp6R6aJN
5lHD6egGdVRLgwULNMq_lFMHsX
6frcwAF3BcvoT3Yddl8zWUFcZF
l6j_KwmEWkRYCTcCINBXiWaCg8
gDZ.ZKnI2LAOKfkECcPePZsHMR
nwyY_IPASkz6Cnj20D8zp5ZjRA
aZgfgg9eZXh5eGiRzxUtiv8UtN
iokyoSAyDg2rVbpXGDosm3ma2q
sSMEd4Ny.zMkN2YQ0ktYBaigre
qmprD1IMh7iRNr7wxVUTpM1w5m
&nbs p;uTHc5bQS00c9cQhTw0k87ZNa
LTPIrV0UBkXURfdUuLpAbOa0H3
QN2eIfmMTcuFWIVRkWY2bYRkNt
pZl_ZAgkRmtyZO6waQdwgkJVoJ
cmr3s_86UcPNrB7aQwduXbATkQ
VsHlZ.l6yI_vygAouPHM.UWcsX
X-Originating-IP: [98.138.90.94]
Authentication-Results: mta1183.mail.ir2.yahoo.com
Received: from 127.0.0.1 (EHLO nm21-vm0.bullet.mail.ne1.y
by mta1183.mail.ir2.yahoo.com
Received: from [98.138.226.177] by nm21.bullet.mail.ne1.yahoo
Received: from [98.138.226.56] by tm12.bullet.mail.ne1.yahoo
Received: from [127.0.0.1] by smtp207.mail.ne1.yahoo.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rocketmail.com; s=s1024; t=1368111996; bh=J60cx+867857NPzisnUe3jB
X-Yahoo-Newman-Id: 811538.7457.bm@smtp207.mai
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: WRayXL8VM1neiLpTr6MKMegdWZ
oIKiSqfUI.FklTQQxytxZ.7r1B
zDyK4pQ_UmYOoOgMzp5ekB_g4S
pb1XDsvzJyeTMyQNjRV9Xi2lDS
8uGNvQuqqlf9MkO0yK2H5PAu1w
hbI_FPqYVI5HMMHGqCusLhJMgd
v6X4PXXBZtKeYSgOh8E4XEsS64
0Gd2of4Q2J.q8KbmUZ36K8q9d3
CQA--
X-Yahoo-SMTP: oSxRVvSswBB_r4TQCRzVXmJyUV
by smtp207.mail.ne1.yahoo.com
Date: Thu, 09 May 2013 11:06:46 -0400
Subject: But i would like to meet you
Message-ID: <73dwfakfudb2jrkdmxsmbva6.
From: Jane Doe <Jane.Doe@rocketmail.com>
To: johndoe@yahoo.de
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding:
Content-Length: 54
A friend and I were discussing a matter and suddenly this Jane Doe sent an e-mail to my friend about what we were discussing and my friend never gave their e-mail to anyone for them to know the subject that we were talking about.
I see some numbers and an IP address there between all the garb so maybe you can figure it out.
From Jane Doe Thu May 9 16:06:46 2013
X-Apparently-To: johndoe@yahoo.de via 46.228.37.113; Thu, 09 May 2013 15:06:38 +0000
Return-Path: <Jane.Doe@rocketmail.com>
Received-SPF: none (domain of rocketmail.com does not designate permitted sender hosts)
AQEB
X-YMailISG: 0BiONa0WLDvUignqySZRHlAG.v
NcfadfFZA4f.cg2v.HVPeSaZAs
_C2hx2qBEJ2YYTZ87Cjcq8.2M6
nLTgaNhIFctp3i_jkf9b7zeZnz
GFYhys9oOFjDNSRANLCp6R6aJN
5lHD6egGdVRLgwULNMq_lFMHsX
6frcwAF3BcvoT3Yddl8zWUFcZF
l6j_KwmEWkRYCTcCINBXiWaCg8
gDZ.ZKnI2LAOKfkECcPePZsHMR
nwyY_IPASkz6Cnj20D8zp5ZjRA
aZgfgg9eZXh5eGiRzxUtiv8UtN
iokyoSAyDg2rVbpXGDosm3ma2q
sSMEd4Ny.zMkN2YQ0ktYBaigre
qmprD1IMh7iRNr7wxVUTpM1w5m
&nbs p;uTHc5bQS00c9cQhTw0k87ZNa
LTPIrV0UBkXURfdUuLpAbOa0H3
QN2eIfmMTcuFWIVRkWY2bYRkNt
pZl_ZAgkRmtyZO6waQdwgkJVoJ
cmr3s_86UcPNrB7aQwduXbATkQ
VsHlZ.l6yI_vygAouPHM.UWcsX
X-Originating-IP: [98.138.90.94]
Authentication-Results: mta1183.mail.ir2.yahoo.com
Received: from 127.0.0.1 (EHLO nm21-vm0.bullet.mail.ne1.y
by mta1183.mail.ir2.yahoo.com
Received: from [98.138.226.177] by nm21.bullet.mail.ne1.yahoo
Received: from [98.138.226.56] by tm12.bullet.mail.ne1.yahoo
Received: from [127.0.0.1] by smtp207.mail.ne1.yahoo.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rocketmail.com; s=s1024; t=1368111996; bh=J60cx+867857NPzisnUe3jB
X-Yahoo-Newman-Id: 811538.7457.bm@smtp207.mai
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: WRayXL8VM1neiLpTr6MKMegdWZ
oIKiSqfUI.FklTQQxytxZ.7r1B
zDyK4pQ_UmYOoOgMzp5ekB_g4S
pb1XDsvzJyeTMyQNjRV9Xi2lDS
8uGNvQuqqlf9MkO0yK2H5PAu1w
hbI_FPqYVI5HMMHGqCusLhJMgd
v6X4PXXBZtKeYSgOh8E4XEsS64
0Gd2of4Q2J.q8KbmUZ36K8q9d3
CQA--
X-Yahoo-SMTP: oSxRVvSswBB_r4TQCRzVXmJyUV
by smtp207.mail.ne1.yahoo.com
Date: Thu, 09 May 2013 11:06:46 -0400
Subject: But i would like to meet you
Message-ID: <73dwfakfudb2jrkdmxsmbva6.
From: Jane Doe <Jane.Doe@rocketmail.com>
To: johndoe@yahoo.de
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding:
Content-Length: 54
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What I mean is, a spammer's name should not be the name of the person we had been discussing.
Genealogy related is what we were talking about, a lost contact with relative.
Genealogy related is what we were talking about, a lost contact with relative.
I use Mail.com and people who do not know me from Adam send email to me from phony addresses or from myself sometimes (it looks like I sent it myself). I see my own address in the subject line.
So what you see is no surprise. It is just spam and I don't know why Yahoo did not categorize as spam. It is not the most secure email system.
I cannot tell you how the hacker got your email address, but I have seen this happen to me. All of this goes into the Mail.com spam bucket.
... Thinkpads_User
So what you see is no surprise. It is just spam and I don't know why Yahoo did not categorize as spam. It is not the most secure email system.
I cannot tell you how the hacker got your email address, but I have seen this happen to me. All of this goes into the Mail.com spam bucket.
... Thinkpads_User
I wonder if your friend sent a mail to a Yahoo email address (likely) that itself was compromised, and the hacker used this.
It is all social engineering so you will open the email. Then your computer is compromised.
... Thinkpads_User
It is all social engineering so you will open the email. Then your computer is compromised.
... Thinkpads_User
ASKER
It is all social engineering so you will open the email. Then your computer is compromised.
So, what do we do? Change passwords and that is all we can do?
So, what do we do? Change passwords and that is all we can do?
You should (along with your friend) change your Yahoo! email passwords, but that won't stop the email from coming. You need to blacklist it if you can. That is what I try to do. The only way I know how to stop this (because it is email) is with spam filtering. The next line of defense is really good Anti Virus software.
... Thinkpads_User
... Thinkpads_User
Here is a link from ZDNet that talks to my above points about social engineering and specially crafted web pages. Someone your friend knows probably has been hit with this stuff.
http://www.zdnet.com/microsoft-fixes-two-critical-ie-security-flaws-including-nuke-zero-day-7000015369/?s_cid=e589&ttag=e589
... Thinkpads_User
http://www.zdnet.com/microsoft-fixes-two-critical-ie-security-flaws-including-nuke-zero-day-7000015369/?s_cid=e589&ttag=e589
... Thinkpads_User
ASKER
-
@nickg5 - Thank you, and I was happy to help you with this.
... Thinkpads_User
... Thinkpads_User
ASKER
And the e-mail was sent from a Jane Doe.
Our messages between us two had "re: Jane Doe" in the subject line.
And then here comes a message from a Jane Doe.
My friend's address is the @ yahoo.de so that is not the hacker or the phony.
The @ rocketmail is the phony or the pfisher. But phisher's don't normally know what my friend and I were discussing which was shown in our subect lines.
We were discussing their relative and re: Jane Doe" was in the subject line of our e-mails.
Then here comes a message from Jane.Doe @ rocketmail claiming to be Jane Doe.