Abused for phishing email
Someone is using the address firstname.lastname@example.org and maybe the account for sending phishing email to customers of ours. It is also the reply address for this phishing mail. I checked if the account exists at Vivaldi and it does. I cannot find this user.
Is there anyone who can find the user and block the account?
Example of the mail:
Von: "Motorcycle Storehouse B.V." email@example.com
Betreff: Aw: Invoice Overdue
Datum: 12. Oktober 2017 um 10:32:39 MESZ
We are contacting you in regard of pending overdue/outstanding invoice.
kindly send statement of unpaid invoices and update us when overdue will be paid.
Please do this as soon as possible,as we lost all our data due to security upgrade.You can check up with your accounts department regarding this.
I would be really thankful to you,if you could look into the matter personally and settle our dues at the earliest as we need to prepare the balance sheet for the accounted month.
Also we would be sending payable account details,Please note our account details have changed as of October 1st 2017
If invoice has already been paid,Please disregard this message.We greatly appreciate your business.
Your prompt reply will be much appreciated.
Motorcycle Storehouse B.V.
9781 AC Bedum
Phone: +31 (0) 50 303 22 75
Fax: +31 (0) 50 303 22 77
**** mail address deleted
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
Please contact vivaldi.com/contact/
I did, got a (standard) reply, to try also on the forum:
Thanks for reaching out to us! We're doing our best to reply you as soon as possible. In the meantime, visit our forum on https://forum.vivaldi.net/, sometimes you can get a faster reply there. In case you're having some issues with connecting to the forum, please tell us your username so we can help you further.
Thanks for using Vivaldi!
Hi and thanks for reporting this to us.
We have banned the user account in question.
Our community Manager checks the spam mail address.
Eric, how can you be sure that the spam mail really comes from vivaldi .net?
Did you check the sending mail server's ip in mail headers?
The last sender IP should be
Many spammers fake the sender address easily so the receiving person might think it is from vivaldi .net
@isak Thanks, Isak.
MCS_eric last edited by Gwen-Dragon
X-Spam-Level: ** In-Reply-To: <firstname.lastname@example.org> X-Toi-Spam: u;0;2017-10-12T08:32:47Z Return-Path: <email@example.com> Return-Path: <firstname.lastname@example.org> Mime-Version: 1.0 X-Virus-Scanned: Debian amavisd-new at vivaldi.net X-Toi-Msgid: 886f8588-dc93-4dce-b80a-f924d292310f X-Priority: 3 (Normal) Message-Id: <email@example.com> X-Mailer: AfterLogic webmail client Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vivaldi.net; h= references:in-reply-to:subject:subject:from:from:x-mailer :message-id:content-type:content-type:date:date:mime-version :received:received; s=dkim; t=1507797169; bh=+dtiJkjjK6aVCih5HsI AOV48qvp3qaHjGIHVVZucaUA=; b=wECqNtj7p9sfBySm1uGEJEpMHLWeYf3iAIx 8WarTnDkekEe5lPVKGR6ldCy7ePrDvxmW8A6/WNL/uux17pW/xmr1wORgPy8KJHJ oQ5DYeA5sw0MfpFqcPzivlNgK8o0UcQSxRl5zE4cGig7KtFNlzFaRzFnqQnTcEJy 2lF8wDQw= References: <firstname.lastname@example.org> <email@example.com> X-Toi-Virusscan: unchecked X-Spam-Status: No, hits=2.5 required=5.0 tests=KERIO_ANTI_SPAM: -0.000, BAYES_50: 1.567, HTML_MESSAGE: 0.001, MISSING_HEADERS: 1.021, URIBL_BLOCKED: 0.001, TOTAL_SCORE: 2.590,autolearn=no Content-Type: multipart/related; boundary="----=_Part_926_323266946.1507797159" X-Kerio-Anti-Spam: Build: [Engines: 126.96.36.1993, Stamp: 3], Multi: [Enabled, t: (0.000008,0.009906)], BW: [Enabled, t: (0.000007)], RTDA: [Enabled, t: (0.468558), Hit: No, Details: v2.6.12; Id: 15.5f4886.1bs2u69b9.2h7tc], total: 0(700) X-Envelope-To: <firstname.lastname@example.org> **@@address altered before posting** Received: from mailin58.aul.t-online.de ([172.20.27.247]) by ehead18b12.aul.t-online.de (Dovecot) with LMTP id gNk1Fa8o31n/ZQAAZOKcCA; Thu, 12 Oct 2017 10:32:47 +0200 Received: from mail.vivaldi.net ([**188.8.131.52**]) by mailin58.aul.t-online.de with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted) esmtp id 1e2Yv4-0WZkDw0; Thu, 12 Oct 2017 10:32:42 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.vivaldi.net (Postfix) with ESMTP id CAC8939E; Thu, 12 Oct 2017 08:32:51 +0000 (GMT) Received: from mail.vivaldi.net ([127.0.0.1]) by localhost (mail.vivaldi.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cy-ueaNDIFe6; Thu, 12 Oct 2017 08:32:49 +0000 (GMT) Received: from webmail.vivaldi.net (unknown [10.20.20.55]) (**Authenticated sender: smrn**) by mail.vivaldi.net (Postfix) with ESMTPSA id 47F803FB; Thu, 12 Oct 2017 08:32:49 +0000 (GMT)