Receiving virus,s with eircom.net suffix

Gobethewall

I have an eircom.net mail address. Over the last couple of months I have been receiving virus mails all with eircom.net addresses (3 or 4 a day), all addresses unknown to me.
Have a lot of eircom addresses been spoofed or does anyone have a theory as to why all eircom addresses?
I would like to access my security info in eircom to check my integrity, but this doesn't appear to be possible anymore

jamesbil

I have been having the same issue. most recent were from document@eircom, but also lots of random names.
even had some from my own address! Changed my password.

One_Of_Shanks

Same

Gobethewall

Any idea what's causing it?

I have had six this morning, all eircom.net. I also got 2 that were like text you get on your phone saying that I had 1 missed call, wtf. on a PC, I don't know whats going on.

Luckily my anti virus is intercepting them, but I dread to think what's in them if one gets through

Gobethewall

jamesbil wrote: »

I have been having the same issue. most recent were from document@eircom, but also lots of random names.
even had some from my own address! Changed my password.

Yes, the last 2 I received were document@eircom.net and there have been loads with random names.


I feel something has happened on the eircom mail service, maybe we might get a reply from a rep with some explanation....

Eir: Pamela

Hi Guys,

I would reccomend marking these messages as SPAM.

-Pamela 

jamesbil

Think we all worked that out. Surely the problem needes to be addressed by eircom/eir?

Alun

jamesbil wrote: »

Think we all worked that out. Surely the problem needes to be addressed by eircom/eir?

It's not got anything to do with eir though. Anyone, anywhere in the world, using any ISP can forge an email with any email address as the sender they want, including ones ending in eircom.net. The first part of the sender's email address is probably just fake, not necessarily a real eircom user's email address anyway.

FWIW they appear to be coming from an IP address in Vietnam.

db

I've been receiving the same into my eircom.net email account also for the last few weeks.  Marking them as spam does nothing to stop more coming in.  If Eir put any sort of decent anti-virus on their mail servers they could prevent this very easily.

satguy

We all have eircom.net email in this home, and we are all getting this "" [font=Arial, Helvetica, sans-serif] invoice no: 948240" from [/font][font=Arial, Helvetica, sans-serif]document@eircom.net[/font][font=Arial, Helvetica, sans-serif] contained a virus "" when we scan our mail, others just come from strange names like ""Mark - Pic"" or "" John - Your Doc "" . or sometimes this  [/font][font=Arial, Helvetica, sans-serif]Message-ID: <[/font][font=Arial, Helvetica, sans-serif]8BDe142b2-AE098767ba-E160-B611Fe2e2-04abbb46b7@eircom.net[/font][font=Arial, Helvetica, sans-serif]>[/font]


[font=Arial, Helvetica, sans-serif]We get many of these everyday.[/font]

Dfmnoc

same here

jamesbil

Avast free detects them all thankfully. But it is still a nuicance.

Gobethewall

It's somewhat comforting to know that I'm not the only one, I was getting paranoid.

My Avast is catching them too, but, if they up the anti and come in with something new we could all be screwed.

If all Eir can offer is mark as spam Oh dear oh dear!

satguy

I think they have asked Google (only up the road from eir head office) to send over one of their interns during his lunch break, so that he can show them how to set up a mail scanner.. 

Johnboy1951

Alun wrote: »

jamesbil wrote: »

Think we all worked that out. Surely the problem needes to be addressed by eircom/eir?

It's not got anything to do with eir though. Anyone, anywhere in the world, using any ISP can forge an email with any email address as the sender they want, including ones ending in eircom.net. The first part of the sender's email address is probably just fake, not necessarily a real eircom user's email address anyway.

FWIW they appear to  be coming from an IP address in Vietnam.

Of course it is!
eir are passing on these emails to customers accounts, in the full knowledge they are not genuine eir/eircom generated emails.
It would take very little effort to weed out those emails before they hit the customer inbox.

Eir: Pamela

Hi Guys,

FROM addresses are easily spoofed, and it is not a true reflection of the real sender of a phishing/spam/malware email, so in most cases the email will not have originated in the @eircom.net mail environment.
 
Spam fighting is a constant moving target for us and we monitor our mail queues 24x7. The eircom antivirus/antispam technology is very good (we handle approx. 10-15 million email messages in a 24 hour period), however, no anti-spam technology is perfect and occasionally customers will be inconvenienced by these types of emails I'm afraid.
 

Our recommendation to customers remains the same, mark any suspect email as “spam” and delete the email.

-Pamela 

jspuds

I have the same issue and do my best to report as many as I can to Spamcop.net, I would suggest others do the same as it helps block the senders eventually

Eir: Pamela

jspuds wrote: »

I have the same issue and do my best to report as many as I can to Spamcop.net, I would suggest others do the same as it helps block the senders eventually

Thanks jspuds,


-Pamela 

Gobethewall

Eir: Pamela wrote: »

Hi Guys,

FROM addresses are easily spoofed, and it is not a true reflection of the real sender of a phishing/spam/malware email, so in most cases the email will not have originated in the @eircom.net mail environment.
 
Spam fighting is a constant moving target for us and we monitor our mail queues 24x7. The eircom antivirus/antispam technology is very good (we handle approx. 10-15 million email messages in a 24 hour period), however, no anti-spam technology is perfect and occasionally customers will be inconvenienced by these types of emails I'm afraid.
 

Our recommendation to customers remains the same, mark any suspect email as “spam” and delete the email.

-Pamela 

Thanks for the reply Pamela,
I think we are all aware that the mails do not originate from an eircom.net source and I am certainly marking them as spam as I would with all unknown mail.
The problem with this one is the amount of mails all using the eircom suffix, it is obvious that some bad guys are targeting eircom customers in particular.
When I open up my mail I will get 3 or 4 ding dongs from my anti virus every time.
Though having said that, it seems to have calmed down a bit in the last couple of days. 

Eir: Pamela

Gobethewall wrote: »

Eir: Pamela wrote: »

Hi Guys,

FROM addresses are easily spoofed, and it is not a true reflection of the real sender of a phishing/spam/malware email, so in most cases the email will not have originated in the @eircom.net mail environment.
 
Spam fighting is a constant moving target for us and we monitor our mail queues 24x7. The eircom antivirus/antispam technology is very good (we handle approx. 10-15 million email messages in a 24 hour period), however, no anti-spam technology is perfect and occasionally customers will be inconvenienced by these types of emails I'm afraid.
 

Our recommendation to customers remains the same, mark any suspect email as “spam” and delete the email.

-Pamela 

Thanks for the reply Pamela,
I think we are all aware that the mails do not originate from an eircom.net source and I am certainly marking them as spam as I would with all unknown mail.
The problem with this one is the amount of mails all using the eircom suffix, it is obvious that some bad guys are targeting eircom customers in particular.
When I open up my mail I will get 3 or 4 ding dongs from my anti virus every time.
Though having said that, it seems to have calmed down a bit in the last couple of days. 

I can understand that completely Gobethewall, we appreciate you contacting us in relation to this and I have passed all your feedback onto our webmail team. Thanks for the update, hopefully this remains going forward. 


-Pamela 

db

Eir: Pamela wrote: »

Hi Guys,

FROM addresses are easily spoofed, and it is not a true reflection of the real sender of a phishing/spam/malware email, so in most cases the email will not have originated in the @eircom.net mail environment.
 
Spam fighting is a constant moving target for us and we monitor our mail queues 24x7. The eircom antivirus/antispam technology is very good (we handle approx. 10-15 million email messages in a 24 hour period), however, no anti-spam technology is perfect and occasionally customers will be inconvenienced by these types of emails I'm afraid.
 

Our recommendation to customers remains the same, mark any suspect email as “spam” and delete the email.

-Pamela 

As far as I can tell Eir are doing little to nothing to filter out these emails and your recommendation to mark the mails as spam does nothing to stop them coming in.  I am very close to dropping the use of my eircom.net email account and at that stage I will close my eir account completely.

Eir: Pamela

db wrote: »

Eir: Pamela wrote: »

Hi Guys,

FROM addresses are easily spoofed, and it is not a true reflection of the real sender of a phishing/spam/malware email, so in most cases the email will not have originated in the @eircom.net mail environment.
 
Spam fighting is a constant moving target for us and we monitor our mail queues 24x7. The eircom antivirus/antispam technology is very good (we handle approx. 10-15 million email messages in a 24 hour period), however, no anti-spam technology is perfect and occasionally customers will be inconvenienced by these types of emails I'm afraid.
 

Our recommendation to customers remains the same, mark any suspect email as “spam” and delete the email.

-Pamela 

As far as I can tell Eir are doing little to nothing to filter out these emails and your recommendation to mark the mails as spam does nothing to stop them coming in.  I am very close to dropping the use of my eircom.net email account and at that stage I will close my eir account completely.

I'm sorry to hear you feel this way db and I will pass on your feedback to the webmail team.


-Pamela 

Decent Skin

Gobethewall wrote: »

Thanks for the reply Pamela,
I think we are all aware that the mails do not originate from an eircom.net source and I am certainly marking them as spam as I would with all unknown mail.
The problem with this one is the amount of mails all using the eircom suffix, it is obvious that some bad guys are targeting eircom customers in particular.
When I open up my mail I will get 3 or 4 ding dongs from my anti virus every time.
Though having said that, it seems to have calmed down a bit in the last couple of days. 

Not strictly true. I regularly get emails with From fields that refer to banks that I have no dealings with, or "Apple" emails to addresses that aren't registered with Apple.

This crap from the shower of cowardly scumbags is automated and just grabs emails wherever it can.

Generally they'll auto-generate a random email with the same suffix as their intended victim, as the likelihood of them opening it increases; I own a company and get ones that are from "scanner@[domain name].ie" which doesn't exist.

That said, an ISP should certainly be checking whether something claiming to come from them has actually been routed through them, IMHO.

One other point; most of those attachments doing the rounds this month are Zepto, which will encrypt most of your files, and there isn't a reliable solution / reversal yet; so be damn sure you don't open anything unknown and be sure to have a current backup.

sennah

Does eir have a SPF record on the eircom.net domain?

Surely a properly configured SPF record would reduce the amount of spoofing going on with @eircom.net email addresses... both inbound spam to eircom.net users and outbound spam to other email providers

LynnGrace

Another user here who is receiving a lot of these. I did raise it previously here but I think 'mark it as spam' was the answer I got too. Most of them get caught, but I also have set up extra filters to catch them. Am sick of them at this stage.

Eir: Pamela

LynnGrace wrote: »

Another user here who is receiving a lot of these. I did raise it previously here but I think 'mark it as spam' was the answer I got too. Most of them get caught, but I also have set up extra filters to catch them. Am sick of them at this stage.

[font=Verdana, sans-serif] [/font]
[font=Verdana, sans-serif]I can understand how frustrating this must be [/font][font=Verdana, sans-serif]LynnGrace,[/font][font=Verdana, sans-serif] [/font][font=Verdana, sans-serif]thanks for your feedback.[/font]
[font=Verdana, sans-serif] [/font]
[font=Verdana, sans-serif]-Pamela [/font]

[font=Verdana, sans-serif] [/font]

LynnGrace

Yes... 

Tow

This is getting beyond a joke, you are now allowing fake eir Bill Notifications to go through your own email servers.  It is getting to the stage where it appears your servers have been hacked.

Eir: Pamela

Tow wrote: »

This is getting beyond a joke, you are now allowing fake eir Bill Notifications to go through your own email servers.  It is getting to the stage where it appears your servers have been hacked.

[font=Verdana, sans-serif] [/font]
[font=Verdana, sans-serif]Hi [/font][font=Verdana, sans-serif]Tow,[/font]
[font=Verdana, sans-serif] [/font]
[font=Verdana, sans-serif]Thanks for getting in touch. We are aware of a series of unsolicited emails being received by members of the public where the email appears to come from eir. You can read more on this here http://support.eir.ie/article/phishingalert&#160;[/font]
[font=Verdana, sans-serif] [/font]
[font=Verdana, sans-serif]- Pamela [/font]

[font=Verdana, sans-serif] [/font]

Gobethewall

I am getting quite a lot ( 2 already today, both containing virus) with the following

voicemail@eircom.net
New voice mail message from ... with a phone no. and a time

Why would I be getting voicemail on my laptop?

Eir: Pamela

Gobethewall wrote: »

I am getting quite a lot ( 2 already today, both containing virus) with the following

voicemail@eircom.net
New voice mail message from ... with a phone no. and a time

Why would I be getting voicemail on my laptop?

I'm sorry to hear this Gobethewall, this e-mail would not be associated with eir.


-Pamela