X
Tap here to go to the mobile version of the site.
Scheduled maintenance: Monday, March 30, between 3:30pm and 5:30pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

ஆதரவு மன்றம்

Firefox email address exposed to third party

  • 4 replies
  • 1 இந்த பிரச்சனை உள்ளது
  • Last reply by GeezerGeek
பதிவிடப்பட்டது

Today I received an email from Transit App sent to my Gmail alias email address that I only use for signing into my Firefox account. I have never used the Transit App and I would not have used my Firefox Gmail alias email address even if I did. So how did the Transit App folks harvest my email address from Firefox?

Today I received an email from Transit App sent to my Gmail alias email address that I only use for signing into my Firefox account. I have never used the Transit App and I would not have used my Firefox Gmail alias email address even if I did. So how did the Transit App folks harvest my email address from Firefox?
மேற்கோள்

Additional System Details

பயன்பாடு

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0

கூடுதல் தகவல்

Wesley Branton
  • Top 25 Contributor
714 தீர்வுகள் 5628 பதில்கள்
பதிவிடப்பட்டது

A lot of spammers/scammers just have a random bank of email addresses that they send messages to. It's possible that they just guessed your email address and that the message didn't actually come from the Transit App, but rather someone who wants you to think it's the Transit App.

There are certainly a lot of tools to check if an email address is valid, so spammers can just combine a few words from a dictionary together, add some numbers to the end and check to see if it's valid. When you get a computer that can check thousands of email addresses super fast, it's not very hard to create a pretty sizable mailing list.

A lot of spammers/scammers just have a random bank of email addresses that they send messages to. It's possible that they just guessed your email address and that the message didn't actually come from the Transit App, but rather someone who wants you to think it's the Transit App. There are certainly a lot of tools to check if an email address is valid, so spammers can just combine a few words from a dictionary together, add some numbers to the end and check to see if it's valid. When you get a computer that can check thousands of email addresses super fast, it's not very hard to create a pretty sizable mailing list.
இது உங்களுக்கு பயனுள்ளதாக இருந்ததா?
மேற்கோள்
jscher2000
  • Top 10 Contributor
8950 தீர்வுகள் 73359 பதில்கள்
பதிவிடப்பட்டது

GeezerGeek said

Today I received an email from Transit App sent to my Gmail alias email address that I only use for signing into my Firefox account.

Is that something like "myfirefoxaccount@gmail.com" that gets delivered to "myactualusername@gmail.com" ?

Do you have any unexpected devices on your account at https://accounts.firefox.com/settings/clients ?

Do you have any untrustworthy extensions on your Windows installation of Firefox (or any other installations)? You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:

  • Ctrl+Shift+a (Mac: Command+Shift+a)
  • "3-bar" menu button (or Tools menu) > Add-ons
  • type or paste about:addons in the address bar and press Enter/Return

In the left column of the Add-ons page, click Extensions.

Then cast a critical eye over the list on the right side. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious or that you just do not remember installing or why? If in doubt, disable (or remove).

Any improvement?

''GeezerGeek [[#question-1280189|said]]'' <blockquote> Today I received an email from Transit App sent to '''my Gmail alias email address''' that I only use for signing into my Firefox account. </blockquote> Is that something like "myfirefoxaccount@gmail.com" that gets delivered to "myactualusername@gmail.com" ? Do you have any unexpected devices on your account at https://accounts.firefox.com/settings/clients ? Do you have any untrustworthy extensions on your Windows installation of Firefox (or any other installations)? You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either: * Ctrl+Shift+a (Mac: Command+Shift+a) * "3-bar" menu button (or Tools menu) > Add-ons * type or paste '''about:addons''' in the address bar and press Enter/Return In the left column of the Add-ons page, click Extensions. Then cast a critical eye over the list on the right side. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious or that you just do not remember installing or why? If in doubt, disable (or remove). Any improvement?
இது உங்களுக்கு பயனுள்ளதாக இருந்ததா?
மேற்கோள்
பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

jscher2000, Thanks for taking a look at this and suggesting a possible cause. I do appreciate the effort you made.

As for the Alias, Gmail allows you to create an alias by adding a plus sign and any characters of your choosing to end of you email ID. For example, a Gmail alias for mymail@gmail.com could be mymail+firefox@gmail.com.

As for the malevolent extension theory, the few (5) extensions I have installed are pretty common (Facebook Container, uBlock, Evernote, etc.). Besides, I would expect that the extensions are sandboxed so that they don't have access to your Firefox account information. For example, would an extension have access to the passwords you store in your browser, if you use that feature of Firefox? I would expect, by design, that extensions would not have access to Firefox account information. If the Firefox browser does allow that, then I think that is a problem.

Thanks again.

jscher2000, Thanks for taking a look at this and suggesting a possible cause. I do appreciate the effort you made. As for the Alias, Gmail allows you to create an alias by adding a plus sign and any characters of your choosing to end of you email ID. For example, a Gmail alias for mymail@gmail.com could be mymail+firefox@gmail.com. As for the malevolent extension theory, the few (5) extensions I have installed are pretty common (Facebook Container, uBlock, Evernote, etc.). Besides, I would expect that the extensions are sandboxed so that they don't have access to your Firefox account information. For example, would an extension have access to the passwords you store in your browser, if you use that feature of Firefox? I would expect, by design, that extensions would not have access to Firefox account information. If the Firefox browser does allow that, then I think that is a problem. Thanks again.
இது உங்களுக்கு பயனுள்ளதாக இருந்ததா?
மேற்கோள்
பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

Hello Wesley Branton,

I appreciate the suggestion and in case you are not aware of how Gmail aliases work, I'm copying my explanation from another post.

Gmail allows you to create an alias by adding a plus sign and any characters of your choosing to end of you email ID. For example, a Gmail alias for mymail@gmail.com could be mymail+firefox@gmail.com.

I would agree with possibility that a spammer was randomly generating email addresses if the email had been sent to my regular email address instead of an Gmail alias address. Why would any spammer generate emails to Gmail alias addresses when they can just as easily send it to the root email address? The recipient would receive the email regardless whether an alias was used or not. If the spammer was sending emails to generated aliases, I would have received an email for each alias address he generated but I only received one email for the alias email address I use explicitly for Firefox. That is how I know that company that sent the email got it from my Firefox account.

Still, I appreciate your effort to help resolve the issue. It is only after we eliminate all other possibilities that we can figure out how this happened.

Thanks

Hello Wesley Branton, I appreciate the suggestion and in case you are not aware of how Gmail aliases work, I'm copying my explanation from another post. Gmail allows you to create an alias by adding a plus sign and any characters of your choosing to end of you email ID. For example, a Gmail alias for mymail@gmail.com could be mymail+firefox@gmail.com. I would agree with possibility that a spammer was randomly generating email addresses if the email had been sent to my regular email address instead of an Gmail alias address. Why would any spammer generate emails to Gmail alias addresses when they can just as easily send it to the root email address? The recipient would receive the email regardless whether an alias was used or not. If the spammer was sending emails to generated aliases, I would have received an email for each alias address he generated but I only received one email for the alias email address I use explicitly for Firefox. That is how I know that company that sent the email got it from my Firefox account. Still, I appreciate your effort to help resolve the issue. It is only after we eliminate all other possibilities that we can figure out how this happened. Thanks
இது உங்களுக்கு பயனுள்ளதாக இருந்ததா?
மேற்கோள்
கேள்வி எழுப்பு

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.