Suddenly I started receiving a bunch of scam mails (phishing). I suspect some bot or bot-net is involved, because I’ve received maybe a couple hundred e-mails at the time of writing, all from different (likely auto-generated) senders. With anything from 2-10 emails per day.

The scam is essentially just some phishing, all related to the same topic. I’ve mostly been able to mitigate it by filtering out mails containing certain keywords or phrases that show up in the scam mails. However, the mails change relatively often (about once a day) so every now and then something gets through, and I’ll update my filter.

My question is really if there’s any way I can figure out

  1. Where this is coming from,
  2. How they got hold of my email

So that I can try to go after the root cause / prevent other scammers from getting hold of it.

  • subtext@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    There’s really nothing to be done about the compromised email address, but I would really recommend using a service that creates unique email addresses per service that you sign up for to mitigate the blast radius when one service gets pwned. It takes a long while, but thankfully privacy laws are stronger now and it’s easier to force a company to either delete your information or change the email they have for you.

    Some potential services to consider include:

    https://addy.io/

    https://proton.me/pass/aliases

    https://www.fastmail.com/features/masked-email/

    https://support.apple.com/guide/icloud/what-you-can-do-with-icloud-and-hide-my-email-mme38e1602db/icloud

    • thebestaquaman@lemmy.worldOP
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      Thanks! I’ll definitely look into that, though the only issue I can imagine is keeping track of which email that goes to which service (I’m one of those kinds of people that uses “Forgot my password” effectively as a password manager, don’t hate me for it, I have reasons).

        • thebestaquaman@lemmy.worldOP
          link
          fedilink
          arrow-up
          0
          ·
          2 months ago

          Since you chose to point it out: My reason is that I regularly need to be able to log into things on a non-personal machine, sometimes without access to my phone. So no, a password manager for all my accounts is out of the picture. I either write stuff down, remember it, or - sometimes - forget it and need to reset my password.

          • whitecold@lemmy.world
            link
            fedilink
            arrow-up
            0
            ·
            2 months ago

            Not having access to your phone and having to log in on other computers doesn’t rule out using password managers at all. You can use bitwarden’s web vault (or self-host vaultwarden). As long as you can log in to bitwarden web vault, you can access your passwords anytime, anywhere.

      • nocturne@sopuli.xyz
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        2 months ago

        the only issue I can imagine is keeping track of which email that goes to which service

        Using a password locker will take care of that.