Welcome to the Linux Foundation Forum!

Phishing attempt at Linux.com

Hi Folks,

I'm not sure where to post this but I figure here is as good a place as any. If the moderators need to move it thats OK with me.

So here's the problem. I joined the Linux.com community on May 17. I made it a point to leave the contacts fields in the enrollment

form blank, further I made sure only friends could view my profile

but the radio button to allow messages from Linus.com is checked yes.

Today I received a message at the email account that is supposed to be known only to Linux.com.

It was from an Elizabeth and appeared to be a friend invitation.

It was however a "phishing" attempt

The text of the message is posted below.

Dear Friend, I know that this is an unusual platform for us to be discussing this Kind of business but the situation has necessitated me to use this Medium to communicate you for now. But let me introduce myself to you. I am Miss. Elizabeth Mark, the manager of bill and exchange at the foreign remittance department of my Bank. In my department I discovered an abandoned sum of US$14.5M, (Fourteen Million, and Five Hundred Thousand US Dollars) at our head office Accra Ghana, that belongs to one of our foreign customers, who died along with his wife and only son in a plane crash of Alaska Airlines Flight number 261 which crashed on 31 January, 2000. The owner of this account is Mr. Morris Thompson an American and great industrialist and a resident of Alaska. It is therefore upon this discovery that I now decided to make this Business proposal to you and for our bank to release the money to You, for more detail send me an email in my private email address( [email protected] or [email protected] ) Yours truly, Miss. Elizabeth Mark.

I deliberately changed the .com of the email addresses in the body of the message to prevent someone here from accidentally clicking on these links and getting into some sort of trouble. Please don't click these email links.

Furthermore on the 17 th I received more spam messages at this mail account than I normally receive in a week. I sometimes go quite awhile before seeing spam at this account.

This spam issue may be a coincidence but the "phishing" message is very real.

My guess is that some lowlife has "hacked" Linux.com.

Has anyone else experienced this invasion of privacy.



  • mfillpot
    mfillpot Posts: 2,177
    I have noticed that if you have an RSS subscription to the Linux.com blogs, every blog comes over with the author's e-mail address. That is most likely were they got your email from.
  • fjgold
    fjgold Posts: 6
    Nope, no RSS subscriptions for me, I don't like RSS so I don't use it. If I want to read a blog I do it manually.

    I don't blog either.

    This is a serious issue and I hope we can get it fixed.
  • mfillpot
    mfillpot Posts: 2,177
    Were these messages sent from Linux.com as friend requests? I so I would recommend sending a message to Brian Profitt reporting g the spammer.
  • samjh
    samjh Posts: 5
    This would probably be the second attack against high-profile Linux websites recently. First was Debian Forums, and now here.

    Definitely worth reporting to the admins.

    Nice catch. :)
  • fjgold
    fjgold Posts: 6
    Yep, I reported this to Brian about 10-12 hours ago.
    Unfortunately I deleted the email without thinking so I can't provide headers etc., just the body of the message.

    This was in my inbox as coming from Linux.com as a friend
    invite from Elizabeth.

    I opened it without thinking, assuming it was from a legitimate member. I opened it in Thunderbird on my Win 7 install.

    Gee, I hope I haven't infected my Windows machine with some nasty.:laugh:

    Seriously I will run a virus scan to be sure.
  • mfillpot
    mfillpot Posts: 2,177
    All friend requests are send as text from linux.com, you don't have to worry about any bugs, that is unless they are masking their email server as linux.com.
  • vtel57
    vtel57 Posts: 164
    Thanks for posting this, Frank. If it is an issue, others will pop in and post here, I'm sure.

    On a probably unrelated note: The Linux.com server has BEEN SLOW AS MOLASSES this evening from the Tampa area. I bypassed my local DNS by using their IP ( and it was still slow as hell. I wonder what's up with that.

    Hey mfillpot, this is why I accidently double-posted on the Slackware Linux Users group earlier. I felt like I was on dial-up again. :(

    Anywho... :side:
  • mfillpot
    mfillpot Posts: 2,177
    I'm not feeling the delay, have you ran trace route to determine the point of lag?
  • vtel57
    vtel57 Posts: 164
    No. I didn't. It seems to be all better now, anyway. Probably just a local node that was slowing things up.

    Hmm... a drop out at nero.net (node 25). This is Linux.com's nameserver at Oregon State U. *scratching head*
  • fjgold
    fjgold Posts: 6
    Brian is aware of this issue and has banned the account in question. He is also searching for anti spam solutions to prevent this from happening again.:)
  • vtel57
    vtel57 Posts: 164
    COOL! So it wasn't just your imagination. I still wonder how they got your email addy? :(
  • mfillpot
    mfillpot Posts: 2,177
    Actually it sounds like they sent spam through a friend request and did not actually get the email address.
  • wdavies285
    wdavies285 Posts: 1
    just been spammed as well, shame that i have already sent all my money to an uncle i did not know i had in Nigeria, linux spammed come on we can't have that!
  • bproffitt
    bproffitt Posts: 8
    We are aware of these attempts. We're implementing some fixes to the system to prevent, but for now, e-mail [email protected] anytime you get these things, and try to ID the user so we can kick them off immediately. There will be zero-tolerance of spamming, via forums, e-mails, and DMs.

  • darkixion
    darkixion Posts: 41
    It won't be long before there will be posts directing us to cheap Nike gear from a Chinese website. That's what continues to happen on the interactive fiction usenet group.
  • zabouth
    zabouth Posts: 1
    Hi just a quick note to say I got the same message today form the user with the id 4576


Upcoming Training