Phishers using my email address for contact form spam

Well, I’ve gotta admit, this is a new one for me.

Screenshot of Seamonkey message window showing an email in English.
I don’t need my plumbing sorted out.

Somebody, or something has managed to grab my personal email address from somewhere and is using it for spam purposes, except instead of spamming me directly, they are using my email address in various contact forms on all kinds of websites.

Screenshot of Seamonkey message window showing an email in Japanese.
This was from a Japanese website that provides cleaning services. There’s several things wrong with this – I’m on the other side of the world, and I don’t think they can read broken English!

What is annoying is that some of these emails are seen as legitimate by my email provider (they’re seen as contact follow-up emails?) so they end up landing in my inbox instead of spam. I’ve set up “Someone spamming” folder dedicated to these emails and I’ll probably set up a filter to move them to there. So far I’ve accumulated seven of these things. You can see the two emails seen as legitimate below, where it says “Normal” under the priority column:

Seamonkey screenshot showing seven of the follow-up emails sent to me
Seven emails in hand, or rather – folder

If you’re wondering where the Google Drive links lead, they point to different PDF files which all have a Google ReCaptcha V2 widget, but this ReCaptcha is not legit. Look at the cursor when I move it over this ReCaptcha:

Tor browser window showing a Google Drive PDF document. In it, there is a clickable image of the Google ReCaptcha V2 widget.
I brought out the Tor Browser for extra peace of mind. I could have gone one step further and ran it in a VM, but that’d be overkill for this IMO. I’m certainly running an Malwarebytes scan after this though.

It’s a link! But to where?

A screenshot of the bottom left corner of the Tor Browser, showing the URL the link leads to.
I just want to solve my Captcha…

Hmm… I wonder how this appears in Searx?

A screenshot of me seaching the website in question on searx. Shown are various entries to the website itself, as well as pages analysing the risk of the website/server.

Seems legit.

Because I was curious and also a dumbass, I tried seeing what happens if you go to this website (or click that ReCaptcha).

It basically redirects you to these fake dating site signup form thingies; these aren’t the “unparalleledoffers” they’ve been promising…

A screenshot of a webpage showing a warning message telling me that I need to answer some questions before I can have sex.
There’s hot singles in your local Tor relay!

If you try to go to the website’s index, you get this generic “Under construction” message, so it’s clear whoever set this website up wasn’t expecting people to snoop around it.

A screenshot of a webpage just displaying "Under construction".
Scammers on lunch break.

I tried this with a bunch of the other URLs that the URL I searched for leads to (it sends you to a random URLs from a range of different URLs each time you visit) and it’s the same story.

I’ve already reported the URL in that PDF document using Google’s “Report Phishing Page” form, and to the domain registrar – GoDaddy. Hopefully they’ll deactivate the domain and break that link in the URLs.

As for me, I’m trying to figure out what leaked my email to the public. I understand that it’s inevitable, but I’m curious as to where they got it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s