It’s very easy to scrape sites like LinkedIn for your personal contact info. Spammers may have found your email address after a data breach. A spammer may have purchased a list of email addresses (legally or illegally) that had your email address on it. Spammers often test out common email combinations, like firstname.lastname, until they get a valid result. It’s very easy for spammers to find your email address if you’ve ever posted it online publicly. There are a number of different ways that email spammers could have obtained your email address, including: When spam messages successfully bypass spam filters and reach your inbox, it’s because scammers were able to verify that your email address is valid (as in, it won’t bounce back messages as undeliverable). Phishing is often a way for bad actors to gain unauthorized access to a person’s email or other private accounts, but it’s not yet clear what’s motivating this attack.Why Did I Get a Spam Email? How Do Scammers Get My Email Address? The second reason it’s so tricky is that it’s unclear what the attack is attempting to do. But when a person clicks on the link, the attack immediately replicates itself-meaning, it has the potential to spam all of that person’s contacts with the same message. For one, it looks legit: An invitation to view a Google Document appears to come from an existing contact. There are two big reasons why this thing is so tricky. In one Reddit thread, where people are trading information about the attack, someone describes the scam as “almost undetectable.” But there are clues to look out for-both of the suspicious emails I received were sent to an odd email address, with me blind-copied. Just in the course of writing this short post, I received two separate emails that appear to be part of the attack.
Several IT experts are describing the attack as huge, startlingly fast-moving, and perplexing. (Look for “manage apps,” and revoke access to untrusted apps.) If you’re concerned your account has been compromised, you can go to Google’s security page to adjust permissions. The scope of the attack is not limited to news organizations, but appears to be spreading on a massive scale through people’s contacts. Journalists in newsrooms across the United States are swapping warnings about what appears to be a widespread phishing attack, sent via a particularly sneaky invitation to a fake Google Doc.
0 kommentar(er)
