Spam email mentioning sites I’ve visited?

Status
Not open for further replies.

JHZR2

Staff member
Joined
Dec 14, 2002
Messages
52,631
Location
New Jersey
Strange email I got today...

My spam filters work well, in that I get very few. Maybe one message slips through a month into my inbox, and either they're pretty well done phishing emails, or they just randomly make it through, but are easy to pick out. But today one came through. Was a spam message "from" a close friend, but it had her maiden name (and NOT her email address when looking at the details).

Most of the message was irrelevant. Some babble about not using Facebook, and some link that obviously I didn't click on.

The strange thing was the very end. It said:

jxpolyvoltine creeper You've heard a lot about brushless power tools on ToolGuyd and elsewhere. Here's a brief discussion … unparalleled overbillow

The thing that surprised me was the indication of ToolGuyd - I was just on his site two days ago, looking at brushless circular saw reviews. Related somehow? If so, that concerns me.

I'm only operating on my phone, on the AT&T network, using warp and 1.1.1.1 from cloudflare. Phone is running iOS 13.3, latest version. As I understand it, apps are sandboxed, so even a rogue app couldn't get my browsing history or cookies.

As far as I know, ToolGuyd is legit. It's not just one of those amazon link through sites that give generic info based upon amazon reviews.

So is this a freak occurrence? Am I reading into this too much?

If not, what should I check? To reiterate, I'm only running safari on my iPhone running 13.3, so all the malwarebytes and whatnot for PCs are largely irrelevant.
 
Originally Posted by JohnnyJohnson
You can thank the originator of the problem our old friend and I use that term loosely Billy Gates and his back doors.


Except at least on my end, no product of Gates' was in use.
 
Besides my antivirus software from Microsoft, I use UBlock Origin, Privacy Badger, Autoplay Stopper and visit websites in Firefox Private Windows.
Still not enough, but it helps. My email provider is GMail.

I will not use any Ducks for web searches and will not a very restrictive web browser to surf the web. Have not been burned with any bad guys yet and I've been using Windows since 1999.
The rest is in gods hands. I won't / can't restrict the entire world from seeing me. There's a limit I must allow, or be faced with gridlock trying to enter webpages.
 
Is it possible you logged in to another website with your email and browsed to the ToolGuyd site before clearing your browsing history (Settings > Safari > Clear History)? One of the sites you logged into could have set a 3rd party cookie that tracked you across other sites that used that same 3P service.

There are more exquisite ways they can track you, such as IP and device configuration details but Apple has been clamping down on that.

Anytime I log into a site or purchase something, I clear search history before & after. If I'm feeling paranoid, I do Privacy > Advertising > Reset Advertising Identifier..
 
Originally Posted by WagonWheel
Is it possible you logged in to another website with your email and browsed to the ToolGuyd site before clearing your browsing history (Settings > Safari > Clear History)? One of the sites you logged into could have set a 3rd party cookie that tracked you across other sites that used that same 3P service.

There are more exquisite ways they can track you, such as IP and device configuration details but Apple has been clamping down on that.

Anytime I log into a site or purchase something, I clear search history before & after. If I'm feeling paranoid, I do Privacy > Advertising > Reset Advertising Identifier..


I don't log in anywhere via email, Facebook, etc. If I wish to log into a site I create a unique login. Don't have one for ToolGuyd, haven't been to the site in probably 6 months, which is why it's strange that it popped up in the random spam message in the body of text. The rest of the message was meaningless.
 
Originally Posted by KrisZ
How about a keyboard exploit? Safari may very well be sandboxed, but keystrokes are probably not.


This is on an iPhone.

Originally Posted by JeffKeryk
Anyone who thinks they can use the Internet in private has another guess coming.
Period.


Agree. But the point here is that this is either a random situation, or I'm exposed to spammers in a way not anticipated, and I want to close the gaps.

I get it that anyone who uses the internet is tracked, and there's a whole profile somewhere on most everyone. Intent here is to close whatever gap that might exist, because this one is more curious to me.
 
They listen, they record, they spy. Plain and simple.

I can have my phone, an Apple, in my pocket. Be talking to someone about something I am interested in purchasing. You can bet $$$$ that an ad for that product will appear in my FB feed the next time I open it.
This is without any search or anything to do with google or FB. Just some plain old conversation with my phone within listening distance.
Same for my amazon alexa dot thing. They all listen and spy.

Im not a conspiracy theory type person. It really doesn't bother me much that they spy. If I want to research that product, there is a handy link right in my FB feed......
 
Originally Posted by Hombre909
Originally Posted by demarpaint
I'm thinking Google.


+1

Google is not your friend.


I said that years ago when folks on here were bonkers for Android and wanted to hate Apple. They said Google promises to do no harm.

That has proven wrong in every element of our existence, not just selling ads.

And if a google ad came up, I'd totally get it.

But from a spam message, supposedly from a friend using her maiden name... and stated in the text in such a strange way... that's not google imo.
 
FWIW, full text, names omitted by XXXX and YYYY:

Quote


XXXX


http://buildehairdresserr.xyz/7HB32mQ/recriminate/
YYYY






YYYY
uncorrigibly













When people ask, "I just want to quit Facebook, but my family and friends are on it, what should I do?" my first response is usually "Well, just stop using Facebook." It's a little flippant, but it's my personal approach to Facebook too. There's a big difference between being present on a social network and being active. Often, just being present—as in, your friends can find or message you to get in touch—is enough. You don't have to devote any time into it beyond making sure your public profile looks good to outsiders. Then, you can check in when the mood strikes, or set up email notifications for whenever you get messages or event invites. Respond to those requests and messages, let your friends know that you don't spend a lot of time on Twitter or Facebook, give them better ways to get in touch with you, and then go back to not using them.
figurehead mobilisation remunerated
backbencher neural



mdfqwr tireman Marlen Photo by Mike Mozart. semirevolute



jxpolyvoltine creeper You've heard a lot about brushless power tools on ToolGuyd and elsewhere. Here's a brief discussion … unparalleled overbillow
 
This is definitely not something from Google or apple. T
Originally Posted by JHZR2
Originally Posted by KrisZ
How about a keyboard exploit? Safari may very well be sandboxed, but keystrokes are probably not.


This is on an iPhone.



I understand, but are you using the native keyboard and have no third part keyboards installed? The latest IOS13 has a vulnerability where third party keyboards can be exploited.
 
Last edited:
Open the email on a different device and see if the message is the same. It's probably reading a cookie on your current device.
 
Originally Posted by KrisZ
This is definitely not something from Google or apple. T
Originally Posted by JHZR2
Originally Posted by KrisZ
How about a keyboard exploit? Safari may very well be sandboxed, but keystrokes are probably not.


This is on an iPhone.



I understand, but are you using the native keyboard and have no third part keyboards installed? The latest IOS13 has a vulnerability where third party keyboards can be exploited.


My first question would be "what's a third party keyboard?", so I think my answer would be no. But interesting tidbit of info to look into.

Originally Posted by Alfred_B
Open the email on a different device and see if the message is the same. It's probably reading a cookie on your current device.


Good thing to try. Used my iPad, and the result was the same.
 
1) Congratulations on getting the whole thing cut-and-paste into this forum, with editing, on an iPhone.
I wouldn't have tried without a keyboard-centric OS and a real keyboard.

2)
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Sounds like a lot of work, so have you become a high-value target?
(A bit of a surprise that the above work was done by a Google team.)
Probably not.

3) I submitted the site to https://quttera.com/home.
It indicates the website runs in cloudflare, and uses nginx.
It says the current status of the website is "malicious".
https://quttera.com/detailed_report/toolguyd.com
says there's a link to a blacklisted domain http://westlingmachine.com.
https://quttera.com/labs-data-url/westlingmachine.com just says 2/7 sites have blacklisted the domain as malicous.
Nothing further.

There is a relatively (Sept 2019) nginx vulnerability. Maybe that's where you should look.
 
As mentioned, they do have some rather exquisite methods of "fingerprint" tracking now, such as screen resolution, device type, etc.

I personally find the entire web tracking racket fascinating at best. Sometimes I will do random searches for unrelated product to see how I can influence it, think lady's handbags and pickup trucks. What's the worst to come of it, it might show me an ad?!
 
Status
Not open for further replies.
Back
Top