Reveiving PHishing Emails To My Gmail Account

Hi,

Today I have received 4 phishing emails to my Gmail account and am not sure exactly where to post nor where to send this to report them. Please keep in mind that, while I do have a cloudflare account ( for a number of years) and have not used cloudflare in about 3-4 years, I think. However, I am still receiving these emails.

I have not used Amazon Prime and have never had a Netflix account. I don’t stream and don’t haven’t watched TV in 3+ years! LOL I’m posting this in hopes that, maybe, something will be done about it.

I’ve tried posted the email links but it won’t let me. :frowning:

Thanks…

Are these from Cloudflare? If so, you can opt out here, https://dash.cloudflare.com/profile

I adjusted your permissions so you can share links and/or images. A screenshot of the email would be helpful. Opting out is also a good first start.

Me, right there with you!

1 Like

Here are the emails info from Cloudflare via gmail, copied and pasted:

"𝐔𝐏𝐒® [email protected] via terssygalop.za.com.cdn.cloudflare.net

𝐏𝐫𝐢𝐦𝐞® [email protected] via morabtyaaypo.za.com.cdn.cloudflare.net

[email protected] via aicacafe.za.com.cdn.cloudflare.net

𝐔𝐏𝐒® [email protected] via hangaropy.za.com.cdn.cloudflare.net"

If you want the header info, I’ll gladly post it. I’ve been surfing the net for 35+ years and fight hacking, etc. wherever I find it! :wink:

1 Like

I would say that they are NOT from Cloudflare, but solely something that is spoofing / pretending to be.

Assuming we can find a way for the transmission, …

Are you willing to share the full and unredacted RFC822 messages (header+body)?

Can be fetched from Gmail using “[Download message]” from the three dots in Gmail.

:point_up_2: My personal interest for these messages would be for this purpose, too.

3 Likes

I assumed they might be spoofing but I had to report it…just in case they weren’t. :wink:

Sure. I’ll post it in the morning. I’m very tired from work, etc. and need to eat and sleep. LOL

1 Like

I’ve sent an email address privately that you can forward them to.

2 Likes

Sent… :slight_smile:

Some people say Google is our friend.

But when, where, and how exactly?

For the mentioned domains above, that the sent messages were using:

← → ← → ← → ← → ← → ← → ← → ← → ← → ← →

$ whois -h whois.nic.us dxjbanpfq.us
No Data Found
$ whois -h whois.nic.us zetvwzszu.us
No Data Found
$ whois -h whois.nic.us qvbknhvth.us
No Data Found
$ whois -h whois.nic.us zvtxmxvnz.us
No Data Found

Four domains in header From:, in four different messages, that according to the US registry does not exist, but yet, Google (Gmail) still accepted phishing messages (using non-existing domain names) for delivery.

→ I think we should all sit down and give Google (Gmail) what they deserve here.

(A huge :+1:, … or was it a huge :facepalm: ?).

Re. The Yahoogle! (Google & Yahoo) requirements per 2024-02-01 (February 2024), … Google, where were you?

← → ← → ← → ← → ← → ← → ← → ← → ← → ← →

4/4 messages were delivered to Google (Gmail), through IP addresses that had one of those apparent auto-assigned Reverse DNS (PTR) record set, which whole email community have frowned up on, for like the past 25 years?

Such as e.g. if the IP address was 192.0.2.123, the Reverse DNS (PTR) could be something like 192-0-2-123.dynamic.example.com in reverse order, 123-2-0-192.ip.example.com

Such things will cause email rejections and/or heavy spam filtering at most destinations.

(Another huge :+1:, … or was it another huge :facepalm: ?).

← → ← → ← → ← → ← → ← → ← → ← → ← → ← →

4/4 messages abused what I personally would call a flaw in the set up of other third party organisations, such as e.g. the one we mention above as example.com.

A :facepalm: has been applied to this third party organisation as well.

← → ← → ← → ← → ← → ← → ← → ← → ← → ← →

In the end, …

I am also applying a :facepalm: to an organisation called Cloudflare, as there would be a thing or two, in my personal point of view, that this organisation SHOULD have done, and which (most likely) would have prevented this specific thread from happening in the first place.

That said, -

Cloudflare had absolutely nothing to do with the actual sending of these phishing messages.

1 Like

Agreed! LOL

Thanks, I didn’t think that CF had anything to do with it, directly. However, I didn’t know if there was something that they could do to help or not.

As for Google, I’m in the process of moving away from them to ProtonMail. I also started using duck.com email (duckDuckGo’s email domains) for a year or so and have not had one spam or phishing email yet!

Hi,

I’d be really interested in seeing how exactly this was done, so it would be super nice if you could also send me a copy of the email.

Sure, here ya go…

(Attachment :white_check_mark:skhilled :bell::truck:𝐲𝐨𝐮 𝐡𝐚𝐯𝐞 (𝟭) 𝗽𝗮𝗰𝗸𝗮𝗴𝗲 𝐰𝐚𝐢𝐭𝐢𝐧𝐠 𝐟𝐨𝐫 𝐝𝐞𝐥𝐢𝐯𝐞𝐫𝐲 :envelope_with_arrow::package:—Fri, 19 Apr 2024 09 07 16 +0000.eml is missing)

(Attachment :white_check_mark:skhilled :bell::truck:𝐲𝐨𝐮 𝐡𝐚𝐯𝐞 (𝟭) 𝗽𝗮𝗰𝗸𝗮𝗴𝗲 𝐰𝐚𝐢𝐭𝐢𝐧𝐠 𝐟𝐨𝐫 𝐝𝐞𝐥𝐢𝐯𝐞𝐫𝐲 :envelope_with_arrow::package:—Fri, 19 Apr 2024 10 37 59 +0000.eml is missing)

(Attachment skhilled-!:stop_sign: 𝐘𝐨𝐮𝐫-𝐏𝐫𝐢𝐦𝐞-𝐌𝐞𝐦𝐛𝐞𝐫𝐬𝐡𝐢𝐩-𝐇𝐚𝐬-𝐄𝐱𝐩𝐢𝐫𝐞𝐝 ____𝐭ɑ𝐤𝐞-ɑ𝐜𝐭𝐢𝐨𝐧 !.eml is missing)

(Attachment skhilled-❝𝖸𝗈𝗎𝗋-𝐀𝖼𝖼𝗈𝗎𝗇𝗍-𝗡𝗲𝘁𝗳𝗹𝗶𝘅-𝗐𝗂𝗅𝗅-𝖻𝖾 𝗋𝖾𝗆𝗈𝗏𝖾𝖽 𝗍𝗈𝖽𝖺𝗒-Fri, 19 Apr 2024 10 00 23 +0000𝐭ɑ𝐤𝐞-ɑ𝐜𝐭𝐢𝐨𝐧 !.eml is missing)

That didn’t work so well.

How about just pasting the raw content, minus any sensitive info into pastebin.com ?

I tried to attach and send them but they were rejected. I got an email stating so…

Ha! I haven’t used pastebin in quite awhile and forgot about it. LOL I think because I blocked it, it won’t let me copy the links in it.

date: Apr 19, 2024, 5:52 AM
mailed-by: hangaropy.za.com
signed-by: hangaropy.za.com.cdn.cloudflare.net
security: Standard encryption (TLS) Learn more

UPS

You Have a package waiting for delivery
Scheduled Delivery Date: Fri, 19 Apr 2024 09:07:16 +0000

This message was sent to you to notify you that the shipment
information below has been transmitted to UPS. The physical package
may or may not have actually been tendered to UPS for shipment. To
verify the actual transit status of your shipment, click on the tracking
link below
Shipment Details

Tracking Number:#57555655709
UPS Service:UPS GROUND
N° of packages: 1
Shipment Status:Pending verification

:package:
CLICK HERE

You can Unsubscribe
10620 NW 123 Street Road Unit 102, Medley, Florida 33178

The advertiser does not manage your subscription.
If you prefer not to receive further communication please unsubscribe here
Or write to: 6101 Long Prairie Rd,Ste 744 #511, Flower Mound, TX, 75028

Hmm, that’s weird. I can’t find anything in my mail logs. Is it ok if I just ask @DarkDeviL for a copy of what you sent him?