Would it be reasonable to assume that this is as a result of some sort of hacking or data leakage? Nice to know all our email addresses have been harvested by signing for this event

----------------------------------------------------------------------

Return-Path: <gwyneth.wright@globistictec.com>
Received: from jenna.genesysnet.co.uk (jenna.genesysnet.co.uk
[178.250.73.25])
by trixie.genesysnet.co.uk (8.14.7/8.14.7) with ESMTP id 18GJpOTd016294
for xxxxxxxxxxxxxx>; Thu, 16 Sep 2021 20:51:24 +0100
Received: from mail-vs1-f46.google.com (mail-vs1-f46.google.com [209.85.217.46])
by jenna.genesysnet.co.uk (8.14.4/8.14.4) with ESMTP id 18GJpLL5007064
for <xxxxxxxxx@orpheusinternet.co.uk>; Thu, 16 Sep 2021 20:51:23 +0100 Received: by mail-vs1-f46.google.com with SMTP id 186so2067591vsi.3
for <xxxxxxxx@orpheusinternet.co.uk>; Thu, 16 Sep 2021 12:51:23
-0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=globistictec.com; s=google;
h=mime-version:from:date:message-id:subject:to;
bh=yZ7z4KXD6CkT0nm44u5w2cA8n0DTm4FVOXF3wKrkXs4=;

b=IbCzVHp9KOz7X3wX+zjl+j84mfTuzAbgISr3daaeOCVuVxbIbdxb+QUxY1gLtFpgHa

gob5popgv0kS3kxQAZ/j11arZpdtndM2PXwdL0QMFAztZ47c6NvqE4K6cN39jswCgfJr

saEzX3c8BuzRywkBttAMM7LVlBYsaPe4NxNH10ikiqI7oIAiKflSqC6Bqfy/N+I2pEIo

lBlUVkVnlOpwoc+fwl50p2I8jYJplDvOjaBma6J2A0r4c/XvIqYJtDwupd68Jk1PjRpb

cSvhkiFo5+9mfwdgKzM88HPiPnmO53EE+TuGr2RakYrQ0bW6tlTI6qwDZGSqeb6aIQXB
TDIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=yZ7z4KXD6CkT0nm44u5w2cA8n0DTm4FVOXF3wKrkXs4=;

b=SQ8DlAz0aw9u/LnkSG9wngPhbV2BWXxPMYT/t97oAVoKKqXZf65Jkz5tobsUsuGyp5

nv5hDm93nKIwdATm+X6auzGFK+SoXBCDig2MZQJZxSGY2OPzvU5R3Bnlzs+N69Asq73m

Nc9zRx45iKs3qKdSlokzq/tiFCa7dZJ2MaCsTnV87vxpcAjR075WU3pH+Ac3Zmng6rAL

f+SBHKLXVN+NLCVLKr1A8W5s71kJxuOhlrc4hltoSPbcVyTsWT8x26NIqxjnIWTa4MDe

vbLZTRmsV/vIb3yagQNnWlW4Pn+Y/cwnDQpG+Q90PzCKxm1HW0J8lV/gQx5JZFadJk2n
WMug==
X-Gm-Message-State:
AOAM532PGwvTYWoCu/bUU7qrpF2VVE6eVp0ei/PrlHA12d1HN+Ogs00v
GDSkNIJ4dTR2a5pTzqZ5XPq4fU/1rQUbeIuMT28n8A==
X-Google-Smtp-Source: ABdhPJzw6SbTn+k2z/ZNoSUAtwmkncm5EeBi1/NkGkH2VX0HbC9yPtAw707efrZIxm3iOPRzN75mTBlxR1D6yV6AApo=
X-Received: by 2002:a67:2f8f:: with SMTP id
v137mr5996404vsv.13.1631821880691;
Thu, 16 Sep 2021 12:51:20 -0700 (PDT)
MIME-Version: 1.0
From: Gwyneth Wright <gwyneth.wright@globistictec.com>
Date: Fri, 17 Sep 2021 01:26:42 +0000
Message-ID: <CAJtm8+9Mbq4ZqkZd5Sm4Sy6g9GoH=asuwr4rw9YS_VM=C8qTgw@mail.gmail.com>
Subject: Wakefield Acorn & RISC OS Computer Show - 2021 Attendees list
To: undisclosed-recipients:;
Content-Type: multipart/alternative;
boundary="0000000000008943f605cc2223ec"

*Hi,*



*Would you be interested in acquiring **Wakefield Acorn & RISC OS Computer
Show **- 2021 Attendees Email list is Available now?*



*Data Field Includes: - Company Name, Web Address, Contact Name, Job Title, Mailing Address, Phone Number, Industry, SIC Code and Email Address.*



*Interested, let me know, so that I will send you more information, counts, cost and samples of the list.*



*Looking back to hearing from you.*



*Regards,*



*Gwyneth Wright | Marketing Executive,*

--
Stuart Winsor

Tools With A Mission
sending tools across the world
http://www.twam.co.uk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In message <596e059beeSpambin@argonet.co.uk>
Stuart <Spambin@argonet.co.uk> wrote:

Would it be reasonable to assume that this is as a result of some sort of hacking or data leakage? Nice to know all our email addresses have been harvested by signing for this event

No it would not be reasonable to assume to assume it some form of hacking
or data leakage.

I myself had the same spam email. You have not signed for this event, its
a *spam* email, someones details has been forged to post this *spam*
email.

If you look at the header info you will see its actually using a message
ID from Google server.

--
Chris Hughes

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 18 Sep 2021 as I do recall,
Stuart wrote:

Would it be reasonable to assume that this is as a result of some sort of hacking or data leakage? Nice to know all our email addresses have been harvested by signing for this event

[snip]

*Would you be interested in acquiring **Wakefield Acorn & RISC OS Computer Show **- 2021 Attendees Email list is Available now?*

*Data Field Includes: - Company Name, Web Address, Contact Name, Job Title, Mailing Address, Phone Number, Industry, SIC Code and Email Address.*

Given that I rather doubt that people who signed up to attend the
Wakefield Show were asked to supply their "Industry" and "SIC Code", I'd
assume that it's a standard-format scam aimed at gullible hackers.

--
Harriet Bazley == Loyaulte me lie ==

USER ERROR: replace user and press any key to continue.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 18 Sep, Stuart wrote in message
<596e059beeSpambin@argonet.co.uk>:

Would it be reasonable to assume that this is as a result of some sort of hacking or data leakage? Nice to know all our email addresses have been harvested by signing for this event

Just to be clear, are you concerned that you signed up to (virtually) attend Wakefield 2021, supplied your email address in order to do so, and that, as
a result, it's now been harvested?

If you think the leak came from the show organisers, you might wish to
contact them to let them know. I'm assuming that you didn't sign up with the SpamBin address from your post, so knowing the address that has been spammed would help to identify the potential source of the leak (or possibly save a
lot of wated time looking in the wrong place).

--
Steve Fryatt - Leeds, England

http://www.stevefryatt.org.uk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <mpro.qzoh5x01t1gp301sv.news@stevefryatt.org.uk>,
Steve Fryatt <news@stevefryatt.org.uk> wrote:

so knowing the address that has been spammed would help to identify the potential source of the leak (or possibly save a lot of wated time
looking in the wrong place).

Replied to directly.

--
Stuart Winsor

Tools With A Mission
sending tools across the world
http://www.twam.co.uk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <mpro.qzoh5x01t1gp301sv.news@stevefryatt.org.uk>,
Steve Fryatt <news@stevefryatt.org.uk> wrote:

Would it be reasonable to assume that this is as a result of some sort
of hacking or data leakage? Nice to know all our email addresses have
been harvested by signing for this event

Just to be clear, are you concerned that you signed up to (virtually)
attend Wakefield 2021, supplied your email address in order to do so,
and that, as a result, it's now been harvested?

Steve has now assured me that WROCC have no record of the Email address
used. He does, however, suspect the likely source and I am concerned what information the scammer may hold. It seems likely to be a party within
the RISC OS community because the Wakefield show would not be widely known about outside RISC OS circles.

--
Stuart Winsor

Tools With A Mission
sending tools across the world
http://www.twam.co.uk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In message <596e059beeSpambin@argonet.co.uk>
Stuart <Spambin@argonet.co.uk> wrote:

Would it be reasonable to assume that this is as a result of some sort of hacking or data leakage? Nice to know all our email addresses have been harvested by signing for this event

The email is only strange. The person which sent it doesn't seem to have
any knowledge about the RISC OS scene in my opinion. What about the following variant:

The only reason why you found the email interesting is "Wakefield Acorn &
RISC OS Computer Show 2021". What if the subject would have been
"Frankfurter Buchmesse 2021 Attdendees list"? Of course you won't have
paid any attention to it and classified it as spam.

It seems to be a standard text and only the name of the show is changing.
The creator of the email may have got a list of shows from which webpage ever (astonishing is that Wakefield made it on such a list but perhaps Google may help to find it). Then the creator generates a spam email to addresses he got in which way ever and perhaps mixes some show names by pure random.

But why wroting such an email? Don't ask me. The only reason I can think of
is to find persons which are interested in such informations. This may be
sales men but also perhaps hackers. When you will answer I assume you will
get anything else but not the list of attendees of the show.

AFAIR Wakefield was a virtual event this year. In case that such a list
should really exists, I think it would require access to the data of the related video conferencing system. And why anyone should to tell there more about him there as necessary?

Regards

Thomas Milius

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thomas Milius <Thomas-Milius@vodafonemail.de> wrote:

In message <596e059beeSpambin@argonet.co.uk>
Stuart <Spambin@argonet.co.uk> wrote:

Would it be reasonable to assume that this is as a result of some sort of hacking or data leakage? Nice to know all our email addresses have been harvested by signing for this event

The email is only strange. The person which sent it doesn't seem to have
any knowledge about the RISC OS scene in my opinion. What about the following variant:

The only reason why you found the email interesting is "Wakefield Acorn & RISC OS Computer Show 2021". What if the subject would have been
"Frankfurter Buchmesse 2021 Attdendees list"? Of course you won't have
paid any attention to it and classified it as spam.

It seems to be a standard text and only the name of the show is changing.
The creator of the email may have got a list of shows from which webpage ever (astonishing is that Wakefield made it on such a list but perhaps Google may help to find it). Then the creator generates a spam email to addresses he got in which way ever and perhaps mixes some show names by pure random.

If you search for '2021 attendees list' it brings up a lot of similar
attempts - it seems the formula is "<name of conference> - 2021 attendees list".

So it may not be from this year, just that someone has got the name
"Wakefield Acorn & RISC OS Computer Show" and glued '2021 attendees list' on the end to make it look up to date. It could have been from 10 years or
more ago.

It could just be coincidence that they managed to strike lucky and find a
topic the OP was interested in. I note the Debian-www mailing list
received:
Birmingham– Recycling & Waste Management Exhibition-2021-Attendees List
so spectacularly off-topic. Although the chance of hitting the OP with an on-target event seems pretty slim, and I wonder where their email has been
used in conjunction with the Wakefield show that might have picked up this association from.

Standard advice is to put your email into:
https://haveibeenpwned.com/
and it'll tell you which data breaches it shows up in. But I doubt there
are any RISC OS lists in there.

Theo

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 20 Sep 2021 as I do recall,
Thomas Milius wrote:

It seems to be a standard text and only the name of the show is changing.
The creator of the email may have got a list of shows from which webpage ever (astonishing is that Wakefield made it on such a list but perhaps Google may help to find it).

Yes, that was my assumption. The body of the e-mail seems to refer to a standard industry show, not to a hobbyist activity.

--
Harriet Bazley == Loyaulte me lie ==

The purpose of rules is to make you think before you break them.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)