Spam
-
Why am I receiving spam from a sender if you never display a user’s email address? This is the only website I have ever registered for using my work email (to create an avatar) and now I am receiving spam. Can someone please explain to me in technical terms how this might be possible?
This is the link I received in the email they sent and their certificate appears to be a WordPress cert. How is this possible? (I obfuscated my email address in the link – it was my email address – now (email visible only to moderators and staff))
http://251.236.94.34.bc.googleusercontent.com/ero?id=3wVnOaPCoA&email=(email visible only to moderators and staff) &opd=LWszn8DSqE
-
Hi there,
As you said, we do not display your email address on your account so I’m not sure why would you relate that spam email to WordPress.com? What did you mean when you wrote
their certificate appears to be a WordPress cert? -
The reason I asked about WP not giving out my email is because I never received any spam before signing up for a WP (Gravatar) account, which I used to display my avatar for a Microsoft forum, who already had my email information. I have never signed up to any other service with the email being spammed so it seemed unlikely that my email was exposed elsewhere.
The reason I related the spam email to WP is because it is pointing to a “WP” site. It appears to be an old site that was compromised that some person has hacked to send spam to trick people into signing into their work Microsoft accounts. It is not a WP site per se, but the site’s underlying component is WP.
After clicking the link in a safe environment, I was able to find the site: https://andygiger.com/blog/wp-admin/user/.employee_administrators/documents/informations/recived/.employee_managements/otl/otl/app/signin
Here is the certificate displayed by the site (in Firefox): about:certificate?cert=MIIEVTCCAz2gAwIBAgIUBAGwghsptMXD5UJRuXH0gN7xA6MwDQYJKoZIhvcNAQELBQAwgdcxIzAhBgNVBAMMGm9wZW5saXRlc3BlZWQtd29yZHByZXNzLXY3MQswCQYDVQQGEwJVUzEQMA4GA1UEBwwHVmlydHVhbDEbMBkGA1UECgwSTGl0ZVNwZWVkQ29tbXVuaXR5MRAwDgYDVQQLDAdUZXN0aW5nMRMwEQYDVQQIDApOZXcgSmVyc2V5MRAwDgYJKoZIhvcNAQkBFgEuMRYwFAYDVQQpDA1vcGVubGl0ZXNwZWVkMQswCQYDVQQrDAJDUDEWMBQGA1UELhMNb3BlbmxpdGVzcGVlZDAeFw0yMDA4MjQwMDQwMzhaFw0yMjExMjIwMDQwMzhaMIHXMSMwIQYDVQQDDBpvcGVubGl0ZXNwZWVkLXdvcmRwcmVzcy12NzELMAkGA1UEBhMCVVMxEDAOBgNVBAcMB1ZpcnR1YWwxGzAZBgNVBAoMEkxpdGVTcGVlZENvbW11bml0eTEQMA4GA1UECwwHVGVzdGluZzETMBEGA1UECAwKTmV3IEplcnNleTEQMA4GCSqGSIb3DQEJARYBLjEWMBQGA1UEKQwNb3BlbmxpdGVzcGVlZDELMAkGA1UEKwwCQ1AxFjAUBgNVBC4TDW9wZW5saXRlc3BlZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLH8z%2Fl9JY7wob7r86JK%2FGyYYtNBroVPRXjuDp7tbmHt2RuHK6BbSVvAk39Si27wbWrZZ98e17%2FAQ3bRP6tTE8PSvVxQgEc0WYqIqlgPSL7AkBA5bB72uMs4SiM5Kctv4ZZnSZJMucD9KJBNHHQgvQjBYZMz5ieLinGL8B34rJPgPjyYe9XWIvxDdm71iIKj6H5LgJOX%2B8RlSzx8VawgSEsyQBVH6AfOW9GmnsZC%2FJzRiJKVihW4hqXWUHLhx7IABLDSwtI%2BcHm%2Bs9Doc8d0NDpH%2FQAmKvXj1kOcL%2FRDu2Q8e8XWcHrYsbNWKcaIBTyhRC817CFgkRAQmx9o9au3n%2FAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQCs0yq4xZ1JbGTrPIcHfhJJGujeq%2FLwdM1VDh3NaHQCt9w5Zurep%2F%2F%2FtPxKlYXP%2BvljS0XQ1YsDWfhrcN0ECCmTlQlLpPU%2FgmVQ8k1gpaSsjRv%2BNkGGDE%2F1rwAimHdk%2BeYHwMmyOCOC4exmK%2BHXJ2njJtO%2FwvisabmCglkEyl81kjIJZ3%2FXerMkqk5aKjVe%2F%2FlugElPE44x4JafFjHd45%2Bs%2FvjUht%2FtgM70QhMo1ocjCffbl3X7VwrYroqQdyzGRSu6by6jc0T1wtEU%2BC1yHMltBlcdywNrcALXAnIadS7MERoDzsN2Ci2JvvpzKo08WVOF1MKHsXUqMixEjt2BstU0
I reported the site to several entities, including Google and CISA, and the redirects and spoofing pages appear to have been taken down, since the site is working as normal now. I guess that makes this a moot point anyway, although I still don’t know how the spammer got my email… :/
-
I found the site I was using to submit feedback to Microsoft. It was uservoice.com. I am pretty confident it was probably that site who publicly posted my email address. I initially thought it was Microsoft’s site, but they are using a third party for the forum. Wow…
I apologize for the confusion. I just wanted to get to the bottom of this spam mess, since I try so hard to keep it out of my inbox. Even those who are constantly vigilant make stupid mistakes on occasion. :/
I appreciate you answering me staff-mckluskey and trying to assist. I’m sorry for the inconvenience.
- The topic ‘Spam’ is closed to new replies.
WordPress.com Forums 