Weird email, spam or legit?

Forum Moderators: phranque

Message Too Old, No Replies

Weird email, spam or legit?

csdude55

8:23 pm on Oct 15, 2018 (gmt 0)

This email was sent to me today through my contact form:

Please stop texting, messaging my iPhone. Thank you.

My sites focus on local regions, and the phone number they gave was from another state... so definitely not within any region that we target.

Further, as far as I know my server isn't set up to send texts; I'm 99% sure of this, because I've been struggling to find a way to send texts to users!

So what do you guys think... is this spam, and if I reply then I acknowledge that someone read it? Or a symptom of a legit problem (like a virus on the server) that needs to be investigated?

not2easy

8:50 pm on Oct 15, 2018 (gmt 0)

I would check the email headers and run whois on the source IP to determine if it is a mobile ISP, cloud server IP or something else. If you're not sending texts or messaging, maybe one of your users is and the message contains your URL? I don't think I would respond without being involved in any such activity.

csdude55

7:35 pm on Oct 16, 2018 (gmt 0)

I would check the email headers and run whois on the source IP to determine if it is a mobile ISP, cloud server IP or something else. If you're not sending texts or messaging, maybe one of your users is and the message contains your URL? I don't think I would respond without being involved in any such activity.

It came through my contact form so I don't have email headers, but I did check the IP and it's Charter... I see some spam bots using Charter, but not a huge amount.

I googled the email address, though, and found both the phone number and email listed together on a commercial page that seemed legit. So I emailed him and asked for details, but of course I haven't had a reply yet. It just makes no sense, though, because I don't have a telephone number anywhere on my site so I can't figure out how / why he would have googled my number and came up with my website, instead of just texting back.

It makes me nervous that something is happening without my knowledge, but I guess I'll have to chalk this up to just "weird" unless he either replies or someone else reports an issue :-(

keyplyr

7:44 pm on Oct 16, 2018 (gmt 0)

It came through my contact form so I don't have email headers

First, while it may in fact have come through your contact form, it is very easy to fake this.

Second, there *are* headers. You may not be aware of how or where to find them.

If this is in fact coming from your site by someone using your form, part of it will be on your server log. Try and match up the time stamp.

[fix typo]

[edited by: keyplyr at 8:55 pm (utc) on Oct 16, 2018]

csdude55

8:01 pm on Oct 16, 2018 (gmt 0)

I meant that the email from the guy reporting the issue came through my contact form. He hasn't replied, so I have no idea what day or time he received texts that presumably led him back to my site.

NickMNS

9:24 pm on Oct 16, 2018 (gmt 0)

First, while it may in fact have come through your contact form, it is very easy to fake this.

99% of the spam that I used to get through my forms were sent from a remote server as a POST request to the action url of the form. Blocking IP's in this case was somewhat futile as the user never connected to the server before the request was received. I have since implemented a Captcha and that solved the problem.

All this to say (and I believe it is what Keyplyr was eluding to), you may want to match the IP and time stamp from the form submission to the server logs to see if the individual actually went to your form, filled it in and the then clicked submit. If the page for the contact form was not visited then the probability is very high that this was a scam.

keyplyr

10:05 pm on Oct 16, 2018 (gmt 0)

I have since implemented a Captcha and that solved the problem.

That would be the logical move here: [google.com...]