[UPDATED 2/25/18 BELOW] We don’t typically make such strong “blanket” warnings like this one but we don’t see any alternative. For the last few weeks of summer 2014 we have seen a wide variety of scams targeting users’ email inboxes and they all have one thing in common…
The Sender’s email address comes from a domain that ends in “.eu” Dot-E-U means that the email presumably came from the European Union. The domain names that appear just in front of the .eu can vary. The real sender’s location can easily be spoofed.
So, our warning is to be VERY cautious about any email that comes from an email address ending in .eu
Here’s a graphic showing a variety of these scam emails and their subject lines…
Update 2/25/18: A TDS reader named Stan contacted us recently with this information about emails coming from “.eu” addresses:
“All day long, I get email from a domain that ends in .eu. ALL of them originate from about three different IP addresses. These are some recent examples of what I am talking about:
I notice that you have a very long list as well. Each of the domain names consists of two randomly chosen English words that are truncated. Every one of them is different from the last one. There are probably several million possibilities, so we never get an email with the same domain name twice. Always a different one. But the IP addresses are mostly the same.”
TDS told Stan that we strongly suspect an internet criminal gang located in Russia or Eastern Europe is responsible for these malicious domains. Using IPLocation.net to trace the IPs of these EU domains, we learned that most are located in the area of Bucharest, Romania and the two ending in “59” are located around Manchester, England.