Strange Spam in English and German

[NewTricks]

This afternoon an email made it past the Google filter(s) and landed in my inbox of a previously compromised account from 2014. I've since changed my password multiple times and currently it contains 22 characters. I'm currently using a disposable Duck Duck Go address on this as well.

The strangeness comes from English and German, in the same mail.

It starts out in English:

"Dear Client,

At CVS we are constantly trying to improve our service and would like to hear your feedback on how we performed. The survey is short and will only take 2 minutes to complete." They promise a $90 promo reward and a link to their survey, followed by a closing.

Next is a vast expanse of blank space, then it continues in German, (I didn't translate) but it appears to be a combination of password reset, confirmation code, and newsletter sign up. Sprinkled here and there are English phrases.

The sender is Das Österreichische Volkswörterbuch <henry2434gre@gmail.com>

I opened it because I thought is was a from AVLab Cybersecurity Foundation; they send email in Polish (which contains English translations).

I know how to use filters in Gmail and stayed on top of spam for about 7 years, choosing to filter and send to trash vs. just deleting. Spam slowed to a trickle and now maybe 2 a week. I am anticipating a new wave of mail now and this provides motivation for migrating all those contacts associated with this address to other addresses or even other mail platforms.

Questions:

• Have I inadvertently now "confirmed" my address and therefore continued harassment by opening the mail? 
• Can an opened mail transmit viruses without clicking on any links?
• Is there anything in Thunderbird which might be useful for harvesting info on this
• Should migration of all contacts from this be urgent now?

 

Edited March 16, 2023 by NewTricks
technical glitch posted before completion

[nukecad]

It looks like that email address may have been compromised.

Check it in HaveIbeenpwned: https://haveibeenpwned.com/

If it has been compromised then it's probably best to abandon it in favour of a new one.
email addresses are cheap/free, it's just a hassle letting your contacts know you have changed.

It's also possible that some company that you have had dealings with has sold your email address to a marketing company.
They'll claim you agreed to allow that in their T&C's.

To your questions:

1. The address was confirmed when the email didn't 'bounce back' as undeliverable.
2. Not usually, but as with all things malware never say never.
3. You should be able to see the email header information in Gmail to see wher it actually originated, I not sure that Thunderbird could show you any more than that.
4. That depends on how seriously you regard it, but if it's been pwned then yes.

PS. Some of these surveys are genuine, a month ago I got a £5 Amazon gift card for doing one (I've already spent it and had the goods from Amazon).
There were also options for other shopping vouchers, or to to have £5 sent to a Paypal account.
Vouchers are fine, but of course never give anyone your bank details.
They had told me where they got my email from, but I'd still carefully checked the email header and the organisation first before doing the survey.

If you'd like a bit of free money for doing such a survey then your issue is weeding the genuine ones from the scammers, one way to start is if you have never heard of them and/or if they are offering too much then it's probably a scam.
eg. a £5 voucher for doing a survey would be reasonable, $90 sounds a bit too much to me but could be genuine.
Next is there a choice of different rewards?
$90 sounds more like a 'discount' on a particular product that you'd still be paying for.  ie. it's a marketing email dressed up as a survey. Which is fine as long as you want that product and were thinking of buying it anyway.

If in any doubt at all then don't reply and just junk it.

[NewTricks]

Good morning @nukecad, thanks for the response.

Yes, it has been pwned and I am aware. My problem is procrastination with the hassle to abandon the address and let my contacts know is really big, but objectively, not as huge as a more serious problem.

Yes, a new recent purchase probably landed me in a new marketing list.

Re: surveys and vouchers. I do. 99.9 are legit but if I'm not in the mood, then trashed. Free money? That weeding would like time. I don't doubt I could learn the ropes and get a modest amount. That $90 enticement was over the top and I never shop at CVS.

My lessons, besides checking email headers are to always wear glasses while checking email.

[NewTricks]

PLUS, after some (calm) reflection-you can't salvage a compromised address, regardless of how many password changes. Mail still comes in. That's like "closing the barn door after the horse has escaped." The only reliable way to solve the problem is ABANDON that address.

Bit the bullet & did it. Already making changes, maybe it will be done sooner than I expect.

[NewTricks]

This story has a twisted ending which I offer to new members and casual visitors.

On 3/16/2023 at 8:11 AM, NewTricks said:

always wear glasses while checking email.

1. This is so severe that CVS has directly addressed it here.

2. TrendMicro reported it in August 2022 and updated last week here

3. Snopes reported it February 2022 here

4. ConsumerFraudReporting.org references this in 2013 here

 

[Adlerbr]

Infelizmente estou com esse mesmo problema e não sei o que fazer!

Me ajuda por favor.

[digmorcrusher]

Its a scam. just delete it. I got one about 2 weeks ago, very easy to figure out its a scam as we don't have CVS in Canada.