Scam emails being received from my contacts display name but not their emails address
A couple of weeks ago I started to receive emails which had the display name of one of my contacts on them but the email addresses/domains were random, each email was a link to an 'invoice' which I didn't click. This has been continuing and one even had the contacts real email address as their display name but still was from a random address. Today I was told by someone else that they have been receiving the same sorts of messages where the display names are in their contact books.
I spoke to the initial contact of mine and they said a few of their contacts had received such messages so it looks like they have been targeted for this. It doesn't seem that their systems or email has been hacked though otherwise the messages would be sent from their actual address.
Has anyone else been seeing this recently? I can't think how to stop it as the addresses/domains are random. I just know someone somewhere will fall for one of these emails and think they were infected by the contact whose name is in the display name.
Cheers
Re: Scam emails being received from my contacts display name but not their emails add
I've seen quite a few in our spam filter over the last month or so especially, mostly from people who had btinternet/gmail/yahoo accounts so whether they have had their contacts harvested previously but now as you say the emails are coming from random domains.
Re: Scam emails being received from my contacts display name but not their emails add
Apparently some of these are being sent from work email addresses to other mailboxes on the same domain, I've asked to be forwarded these as this would be different than opportunistic mails from a contact dump on one of the high profile hacks. The original person who I received the message from is BT Internet though so could be from the Yahoo hack!
Re: Scam emails being received from my contacts display name but not their emails add
An update on this, one of my large clients has been receiving a lot of these emails, again the display names have been people they would deal with but the sending email address is random. These mailboxes are hosted by Rackspace who don't have anything to suggest as they checked the mail headers and are happy it is nothing wrong/infiltrated on their system (which I would agree with).
Two strange examples:
One such email seems to have arrived from a legit email address on the essexhighways.org domain (an Essex council site), I checked the TXT records on that domain and they have an SPF record for Office 365 and Symantec Message Labs so not sure how this happened unless they have an infected device or added the SPF record after it was sent.
One email was sent from a random email address but the contact name was one of the directors in this company, but the name was mis-spelt. It was also sent to a contact email address which is not used to send any email or published anywhere, it is just used as a contact on a domain so mail sent there reaches a mailbox on another domain the company uses. So this address should not have been listed in anyone's contact books. This makes me wonder if a device that has one of the company email addresses connected to Outlook has been compromised and the GAL accessed but odd it hasn't sent many emails. All of the devices I manage have Eset Endpoint Security reporting back to Remote Administrator so will do some digging but this doesn't account for anyone's personal devices.