QANTAS Cyber Incident

[kevrosmith]

Are people aware of "plus addressing" for email addresses? Not a replacement for multiple email accounts per se, but you can use it to distinguish where an email has come from when you give out a specific email address.

Plus addressing generally works in most places. If your email address is "[email protected]", you can put "[email protected]" and it will still be routed to your regular email account/inbox. There's no configuration needed to allow the additional word in your email address. You could, for example, use "[email protected]", or "[email protected]" when signing up to specific email lists.

On your inbox side, you could then create a rule which automatically diverts/files away an inbound email to a specific address... e.g. File everything from [email protected] into a Myer folder for reading later.

Note that there's reports some apps/sign-in fields don't permit a plus character in the username/email format, and there are other limitations, but for signing up to newslists etc. it could be useful for some.


Just to add: I'm not suggesting that using plus addressing is a way to avoid hacking, but it's still a useful strategy for filtering emails and providing a "unique" address to email lists etc. Certainly, anyone who knows about plus addressing can remove the part after the +, but it's still a useful feature, and figured some here may not be aware of it.

 

[mbell1510]

Is this it @mbell1510 ?View attachment 458060

There's typically button during the call, but you can view the settings by clicking the three dots in the phone app.

 

[NM]

Are people aware of "plus addressing" for email addresses? Not a replacement for multiple email accounts per se, but you can use it to distinguish where an email has come from when you give out a specific email address.

Plus addressing generally works in most places. If your email address is "[email protected]", you can put "[email protected]" and it will still be routed to your regular email account/inbox. There's no configuration needed to allow the additional word in your email address. You could, for example, use "[email protected]", or "[email protected]" when signing up to specific email lists.

On your inbox side, you could then create a rule which automatically diverts/files away an inbound email to a specific address... e.g. File everything from [email protected] into a Myer folder for reading later.

Note that there's reports some apps/sign-in fields don't permit a plus character in the username/email format, and there are other limitations, but for signing up to newslists etc. it could be useful for some.

Unfortunately, the scammers are also aware of this capability, and can just remove the +qantas from the email address and have your primary email address in their database. So while it can be effective in some circumstances, it is a not a way to reserve your primary email address from being used by the bad people.

 

[MEL_Traveller]

Is this it @mbell1510 ?

that looks like da wifi button!

 

[Be.au]

Are people aware of "plus addressing" for email addresses? Not a replacement for multiple email accounts per se, but you can use it to distinguish where an email has come from when you give out a specific email address.

Plus addressing generally works in most places. If your email address is "[email protected]", you can put "[email protected]" and it will still be routed to your regular email account/inbox. There's no configuration needed to allow the additional word in your email address. You could, for example, use "[email protected]", or "[email protected]" when signing up to specific email lists.

On your inbox side, you could then create a rule which automatically diverts/files away an inbound email to a specific address... e.g. File everything from [email protected] into a Myer folder for reading later.

Note that there's reports some apps/sign-in fields don't permit a plus character in the username/email format, and there are other limitations, but for signing up to newslists etc. it could be useful for some.

And you can easily clean the data by removing the + and everything between it and the @

So unfortunately not foolproof.

If you have your own domain, you could use a catch all setup instead - eg [email protected]

This can't be cleaned

 

[Daver6]

And you can easily clean the data by removing the + and everything between it and the @

So unfortunately not foolproof.

If you have your own domain, you could use a catch all setup instead - eg [email protected]

This can't be cleaned

You land up with a heap of spam if you land up using a catch-all. You'll find stuff going to [email protected], support@, accounts@ etc

 

[Flyfrequently]

that looks like da wifi button!

This dinosaur thanks you

 

[Pushka]

Well I had nearly the full bingo card, including phone number. This morning was on the phone to a family member and a voice came on saying this call is being recorded. Hung up straight away. So maybe they are hacking into calls?????

I did this to my son yesterday. Recorded his call. I accidentally clicked on the 'record call' button on my iPhone. Nothing sinister.

Husband has had three dud text messages, two from The Philippines and one from somewhere else offshore. For GovId. Yesterday. I've had one today. Our data from Qantas was not leaked. Because these texts and calls are just part of the new normal.

 

[ant-au]

Because these texts and calls are just part of the new normal.

I think this is also really important to remember.
SPAM messages, attempted logins to sites like MyGov & social media etc are all part of daily life now, whether we like it or not.

Could it be related to the QF breach? Possibly.
Could it be related to any number of previous breaches, hacks, or simply companies selling our data? Also very possibly.

 

[Spamam]

Possibly co-incidental but just received a phishing text saying I had 100k of reward points available at CBA to convert to QFF points.

 

[GDSman]

Possibly co-incidental but just received a phishing text saying I had 100k of reward points available at CBA to convert to QFF points.

got same text yesterday...feels not coincidental...

 

[pauldab]

You land up with a heap of spam if you land up using a catch-all. You'll find stuff going to [email protected], support@, accounts@ etc

As someone who's been doing this for the last 18 or so years I get maybe 2 to 3 messages a day which are spam, so I'm a big proponent for it.

 

[kpro]

You land up with a heap of spam if you land up using a catch-all. You'll find stuff going to [email protected], support@, accounts@ etc

I don't get a heap of spam on mine. My spam folder for the 30 days has only 11 items in it.

 

[VPS]

Unless I’m signing up to something significant like a bank or airlines where you have to have the right date of birth, I never put my real date of birth and always use a random email address. I have a password manager and put the date of birth and any other information that I have used into that manager.

 

[Daver6]

As someone who's been doing this for the last 18 or so years I get maybe 2 to 3 messages a day which are spam, so I'm a big proponent for it.

I don't get a heap of spam on mine. My spam folder for the 30 days has only 11 items in it.

My experience was vastly different. Having said that, it was over a decade ago and just disabled catch-all. It served no purpose. Suspect not helped that my domain name happened to be quite similar to a large Australian department store.

 

[RooFlyer]

So now the dust is settling a bit, what's the thinking of the 9-items-taken Vs the later 3-items-taken coming from that different Qantas e-mail?

One correct over the other? Left hand doesn't know what the right hand is doing?