|
Wednesday, March 11, 2026
[[Name]]
[[Address]]
[[City]], [[State]] [[Zip]]
Hi [[Name]]
Special Alert-Malicious Activity - "Brute Force
Dictionary Attack"
Dear
Valued Avjobs Customer,
It has
been brought to our attention that Avjobs Applicant
System Subscribers may have been contacted at their
MyAvjobs.com email address with a spam message titled
Mutual Trust........(Your Name), by someone claiming
to be an attorney at law by the name of Barr Khalid Atun
Awang of Khalid Atun Awang Advocates & CO in Malaysia.
The email message is an attempt to obtain your
assistance in distributing money left behind by his
deceased client. The letter may indicate that the
deceased has the same last name as you.
The
email is fraudulent and we ask that you do not reply or
provide any of your personal or financial information.
It is also important that you delete the message from
your MyAvjobs.com account.
If you
receive additional contact in any format and would like
to report it, please contact us.
Avjobs takes great care in
protecting your identity. By reviewing the
server logs, we determined that our system had been the
victim of a "brute force dictionary attack" in which the
spam sender attempted to guess every email address on
our system. More explicitly this spammer had attempted
to send emails to every possible combination of letters
that could form an email address in our system.
Please rest assured that
your personal information is safe. This is an example
of a brute force dictionary attack on a domain (a method
of sending spam) and does not indicate specific access
to your profile.
Spamming and Mail Server Attacks
We have enhanced our spam
blocking filter and raised the level of scrutinization
of inbound messages.
Rather that provide you with
a mountain of technical information, we are suggesting
(to those who are interested) an overview of how these
attacks work by pointing you to the additional technical
information and an in depth explanation that may be
found on Wikipedia.com:
http://en.wikipedia.org/wiki/Dictionary_attack
The strain of so many
emails temporarily impaired our mail server, and our
team decided to install a block that would prevent any
more messages from the responsible network (in this
case, yahoo.com) from entering our server. Our
system received 498,506 "brute force" emails before the
block was installed. Few, if any, of these emails
actually made their way to existing email addresses.
Even when an email
address has not been posted or shared in any way, it is
still possible to receive spam through various "attacks"
on a mail server. The recent "brute force
dictionary attack on our mail server generated a
tremendous amount of spam, even to addresses that do not
exist. Anecdotal evidence from our network operators
and partner companies indicates that such attacks are
not uncommon, and that while network administrators
continue to take measures to block them, a significant
amount of spam can still result. These attacks take the
form of "dictionary attacks," in which the attacker
sends email to all the words in the dictionary, or
attacks in which email is sent to common surnames and
first initials (such as "jsmith" or "bjones"). For
individual users, there is little that can be done to
avoid the spam that may result from such attacks other
than blocking all email from a specific domain. |
