|
|
Did this also appear in your Flickrmail inbox?
If so, go to that page, and use the Report Abuse>Spamorama link at the bottom of the page. Don't delete the Flickrmail.
If it did not appear in your Flickrmail, then it was mailed directly to your email address with a 'spoofed' From address. In that case, report the message as spam to your email provider.
Posted 32 months ago.
( permalink
)
|
|
|
Hi AussieDee, I'm sorry to hear about this; I've also removed the link from your post since if it's a suspect site, we don't want other users to visit it.
I'm going to open a case to get more information from you offline. The email will be sent to the primary address on the account you are posting from.
Thanks!
Posted 32 months ago.
( permalink
)
|
|
|
ColleenM: It wasn't actually a spoofed from address. Headers and dkim signature all match real flickr servers. It looks like someone found a bug and is exploiting it to spam en masse. I've received this same email to two different email addresses, neither of which is associated with flickr.
Screenshot with full headers: [image removed by staff]
Posted 32 months ago.
( permalink
)
zyrcster (staff) edited this topic 32 months ago.
|
|
|
Hi ehfisher, thanks for posting that screenshot.
It has some information in it that probably should not be broadcast, so I edited the link out of your post, but I will be using it to look into this case, so I thank you for the time you took in making it.
Posted 32 months ago.
( permalink
)
|
|
|
No problem. As I said, I got it to another email address, too. Just send me a message if you need a copy of that message.
Posted 32 months ago.
( permalink
)
|
|
|
Thanks, those headers are actually exactly what I need.
I do need to know, was there a photo embedded in the email, or is what was in your screenshot the entire email?
Also, does this appear in your recent activity (you may need to set it to show when someone "shares something with you").
Thanks.
Posted 32 months ago.
( permalink
)
|
|
|
My screenshot was the entire email. Both of the copies of this message I got were sent to email addresses not associated with my flickr account (addresses that have never been associated with a flickr account, in fact), so nothing shows up under recent activity on my account.
Posted 32 months ago.
( permalink
)
|
|
|
Ah, thanks very much for that info.
Posted 32 months ago.
( permalink
)
|
|
|
I got a similar email to my personal email that is linked to flickr but it did not go to my flickr inbox. I am wondering if our personal info has been compromised. I believe it was a virus as the suffix was dll. luckily I am on a mac.
Posted 32 months ago.
( permalink
)
|
|
|
I can forward the email to you guys if you would like zyrcster. It was branded with flickr logo and the subject line was structured like real flickr email alerts.
Posted 32 months ago.
( permalink
)
|
|
|
I have also recieved a spam email that looks just like an email from flickr (so and so "wants you to see a photo"). I did not receive it in my flickrmail. I can forward this for investigation too if need be.
Posted 32 months ago.
( permalink
)
|
|
|
I have also received spam from a supposed Flickr account. It didn't come to Flickrmail address, only to my personal address...
Posted 32 months ago.
( permalink
)
|
|
|
Thanks folks, we are looking into this. We also don't need any screencaps, but I am mailing a couple of you offline.
Posted 32 months ago.
( permalink
)
|
|
|
Thanks! just sent you the attachment. Sorry, read the screen cap line after I hit send.
Posted 32 months ago.
( permalink
)
|
|
|
I also got spammed - it didn't come to my Flickrmail, but to my personal address.
30♥ish
Posted 32 months ago.
( permalink
)
|
|
|
I also received the spam email at my personal email address and not here on flickr. I hope nobody clicked on the links.
Posted 32 months ago.
( permalink
)
|
|
|
Thanks for the reports folks. We'll probably see a number more reports in here over this, and we're sorry you are getting them. A lot have been sent already, but we're working on preventing others.
Posted 32 months ago.
( permalink
)
|
|
|
We received spam from somebody who had a flickr account (no images, favs or details) who wanted me to view an image. It came to my personal email address and not me flickr mail account.
Does this mean that flickr system has been compromised? How otherwise could these people get our personal email details??
Posted 32 months ago.
( permalink
)
|
|
|
Hi F-2
"Does this mean that flickr system has been compromised?"
No; please read the top staff added note in the very first post, thanks. :)
"How otherwise could these people get our personal email details??"
They don't get them from Flickr, and they wouldn't need to anyway- email lists are bought and sold on the open market all the time from unscrupulous people.
Posted 32 months ago.
( permalink
)
|
|
|
I got this in my personal email as well just as Alison Lyon's has described. I do not have my personal email address listed on my flickr account and it is a weird coincidence that I came across this message today. Looking at the headers it looks like it was sent via Yahoo's own mail servers so probably hard to track. If you want a copy of it, let me know and I'll email it with full headers.
Sure it is possible that it came from a list but weird that it all happened on the day that flickr went down. Just pure coincidence I'm sure.
Posted 32 months ago.
( permalink
)
|
|
|
No copy needed, thanks Kinematic Digit. They are indeed coming through Y! servers, as they are using the share this feature; they just are getting by specific limitations that we have for them, and a lot did go out. We implemented some quick changes earlier which put the damper on many more attempts, and will be revisiting our sharing code Wednesday (it's the wee hours of Wednesday here). But it's definitely unrelated to the earlier incident, that was a code deploy gone very wrong. And, as noted, none of the addresses are sourced from us, which is illustrated by you getting a message sent to an address you don't use here. Some of them probably will match an address that is used in the system, but that doesn't mean it came from us. (And most of the ones I was checking on outbound messages earlier were not at all related to Flickr accounts.)
Thanks again, and sorry for the messages you all saw.
Posted 32 months ago.
( permalink
)
|
|
|
Could this be coming from some Facebook application? I am using this compromised e-mail addr with Facebook also, and have not received too much junk before this.
Posted 32 months ago.
( permalink
)
|
|
|
I received the same email as Alison Lyons posted above however from a "alysena64kovcxh via Flickr"
fyi
Posted 32 months ago.
( permalink
)
|
|
|
Hi folks,
We believe we pushed back fairly hard on the spammers last night, however if you see anymore Share This spam getting through, please just let us know.
I also want to reiterate at this time that the spammers are using Share This, that they have not compromised our email system but are instead abusing a site feature, and that the reason you may be receiving these at an email address not associated with Flickr is because spammers buy email address lists and do their work from them.
Thanks.
Posted 32 months ago.
( permalink
)
|
|
|
Ok mine was from ionesupinob8mi5z via Flickr [no-reply-43863136N08@flickr.com], received today.
Posted 32 months ago.
( permalink
)
|
|
|
Thanks!
Posted 32 months ago.
( permalink
)
|
|
|
I'm getting a new one from jaredz4a7gwin1n about a Windows 7 sale.
Is there a way to simply turn this type of 'someone wanted to show you a photo' off ?
EDIT: Ugh - I now see the problem - it's not delivered to my email address on file with Flickr - so difficult to stamp it out without turning the feature off for everyone.
Posted 32 months ago.
( permalink
)
|
|
|
Yep, looks like a second round is going out right now. zyrcster or other staff, let me know if you need any information about it.
Posted 32 months ago.
( permalink
)
|
|
|
I got spam in my e-mail asking me to look at a picture that turned out to be an add for Windows 7
www.flickr.com/photos/windows7buy/4040109863/
Posted 32 months ago.
( permalink
)
|
|
|
A second round is definitely on. And same as last time: it does not go through Flickr mail but directly to my personal mailbox (though the one registered on Flickr).
Damn, that's annoying.
Posted 32 months ago.
( permalink
)
|
|
|
I got the same one.
Posted 32 months ago.
( permalink
)
|
|
|
Ditto here. Frakking spammers
Posted 32 months ago.
( permalink
)
|
|
|
Use Report Abuse: Spamorama
People are answering those 7 days a week. I haven't seen any staff responses here all most of today.
Posted 32 months ago.
( permalink
)
|
|
|
.
Posted 32 months ago.
( permalink
)
jkim.ca edited this topic 32 months ago.
|
|
|
Hey folks- We're aware of what's up, but definitely do send the nitty gritty details (message content, the account sending them) through Report Abuse > Spamorama
Many thanks
Posted 32 months ago.
( permalink
)
|
|
|
@jkim.ca: Actually... yes. Both accounts I've gotten this spam to were ones that I'd given to onOne at some point or another (and one of them I used only for them). Looks like they sold their list or it got compromised.
Posted 32 months ago.
( permalink
)
|
|
|
Me too, the same problem spamming e- mails from a non profiled flickr member directly to my non flickr address...how this is possible?
This is the account
[please use the Report Abuse process, thanks]
I use onOne softwares but i don' t remember if i created an onOne account...
Posted 32 months ago.
( permalink
)
Kevin (staff) edited this topic 32 months ago.
|
|
|
I also got spammed! Have deleted the email before I found this thread so I can't send details to the abuse task force. Apparently it was some kind of Windows 7 campaign. Why do Microsoft endorse spam - have they sunk this low?!
Glad I'm on a Mac!... :)
Posted 32 months ago.
( permalink
)
|
|
|
I will second the notion that this spam is somehow connected to OnOneSoftware, although they seem to disagree. It was the same as jkim.ca in my case: the spam messages arrived at ononesoftware@mydomain.tld, which I only used to register their demo software.
Posted 32 months ago.
( permalink
)
|
|
|
i have had the Windows7 spam linking to the same image (now removed) as chefranden has linked to. I failed to check which email address it was sent to, but i have downloaded the onOne demo
Posted 32 months ago.
( permalink
)
|
|
|
Just sent the copy of the e-mail.
Posted 32 months ago.
( permalink
)
|
|
|
i have received a second one of these emails this week. this time it came from a sommerdybalan174s1m at flickr. luckily my spam mailbox caught it.
Posted 32 months ago.
( permalink
)
|
|
|
My e-mail is associated with OnOne too.
Posted 32 months ago.
( permalink
)
|
|
|
This is Mike Wong from onOne Software. We've received several emails from people who have received these spam emails at email addresses that we are told have only been used to download a demo or register with us using a unique email address such as onone@mydomain.com.
We are investigating how these emails could have been compromised. I assure you that we have not sold or otherwise knowingly made any email addresses or any other contact information available to any third-party.
-Mike
Posted 32 months ago.
( permalink
)
|
|
|
Thanks for the post Mike! :)
Also, we've tackled some more spammers earlier today (a few hours ago), so if you saw any, we may know about them already, but do notify us via Report Abuse with the specifics and we will investigate.
Posted 32 months ago.
( permalink
)
|
Feed – Subscribe to help discussion threads