Suddenly I started receiving a bunch of scam mails (phishing). I suspect some bot or bot-net is involved, because I’ve received maybe a couple hundred e-mails at the time of writing, all from different (likely auto-generated) senders. With anything from 2-10 emails per day.
The scam is essentially just some phishing, all related to the same topic. I’ve mostly been able to mitigate it by filtering out mails containing certain keywords or phrases that show up in the scam mails. However, the mails change relatively often (about once a day) so every now and then something gets through, and I’ll update my filter.
My question is really if there’s any way I can figure out
- Where this is coming from,
- How they got hold of my email
So that I can try to go after the root cause / prevent other scammers from getting hold of it.
I gave up on this years ago.
Figuring out how they got hold of your email won’t be very satisfying. It’s not possible, but if it were you would find it’s some obscure forum you signed up for 10 years ago to make the search function work, which hasn’t updated their forum software during that 10 years, and is now leaking email addresses.
Point is, the horse has already bolted and now your email address is on the lists that get sold on the dark net. There’s no going back.
My understanding with spam / phishing is that most email providers will identify and remove 95% of it. gmail will catch 99.9% just because of the volume of emails going through their servers. I personally would pry my eyes out with a fork before using gmail so I’m stuck receiving 5% of spam. It’s nothing really. Every day (or several days) I look at my inbox, action and archive as appropriate, and delete the rest. It literally takes less than 1 second because I would have to “delete the rest” anyway.
As others have mentioned, “catch-all” email addresses are one method to kind of mitigate or manage the problem, but ultimately I’ve found it to be a cool trick but ultimately inconvenient and maybe pointless.
I’ve never had an issue with this before, and as of now, my filter is catching most of these mails, so in that sense it’s not too bad. Unless the topic of the phishing attempts suddenly changes completely, in which case I’ll have to start building the filter again…
Anyway: The scam they’re running is relatively specific (a specific banking-thing that pretty much everyone in my country uses, written in not-English, probably LLM generated). Do you know if there’s any way I could alert my email-provider about this? I can imagine it’s being sent to quite a few people, and should be relatively easy for someone higher up the chain, with more sophisticated tools, to filter out.
No one cares about catching specific phishing campaigns.