Spam emails from KFC. How is this possible?

S

Solomon Gennadievich2019-08-11 23:47:58

Email

Solomon Gennadievich, 2019-08-11 23:47:58

Spam emails come with scams from supposedly a KFC mailbox. In theory, if there was a substitution of the sender, then a huge warning would come out. How is this possible? Can it be an employee of the KFC IT department, use access for fraudulent purposes?

Titles

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

C

chupasaurus, 2019-08-12
@chupasaurus

Quick header analysis:

The letter was sent from the address 193.124.94.162, which has the MX of the diplab.ru domain
When sending, the MAIL FROM SMTP header had an address [email protected](mail from), but in the letter itself, the From header contained an address on the KFC domain
The Exim program, which sent a letter from this IP, kindly introduced itself with an SMTP header HELOas a mailer kfc.ru, to which the mail server mail.rusuddenly agreed (the main mailer kfc.ruis Yandex), kindly put it in your mailbox, at the same time replacing the sender in the web interface.

So it goes.

D

Dimonchik, 2019-08-12
@dimonchik2013

Looks like you haven't been spammed by Google Maps / Reminders yet?
they find a hole in the webform of the donor site, form such a letter and spam
+ you don’t show the full headers, maybe it’s still not kfc but ordinary proxies

C

CityCat4, 2019-08-12
@CityCat4

Fraudster vulgaris. In the title of the site, which is not KFC at all, some kind of diplab. Already enough to dump in the trash and not warm your head.