Warning following Chain Reaction security issue
Underscore
Posts: 730
Just in case, a quick heads up. I've just received a phishing mail to the e-mail address that was compromised in the CRC debacle. It looks like an order mail from play.com - but, in my case, the e-mail address had only been used for CRC so is different from the one I use for play. All the links point to a ZIP file from www.play-support.com (via iafrica.com) containing an executable (which I'm guessing it would be very bad to run, were I running Windows rather than Linux).
HTH,
_
HTH,
_
0
Comments
-
Thanks for the heads up
I just checked my inbox and I've got one too.
Should I stop using that email adress?“New York has the haircuts, London has the trousers, but Belfast has the reason!0 -
Thanks, I've got one as well, might be time to set up a fresh email account.0
-
Me to, recognised it as a scam straight away but was surprised they had my name. I also had my credit card details stolen a while back (not longer after using the card on CRC).0
-
Thanks for the heads up, will keep an eye on my inbox.
David0 -
ive had this email as well its not the email address i use for play,as jon stated i also had my card details stolen after using crc recently.scanned the zip file with kaspersky and it came up ok still not going to open :roll:0
-
Just got one of those today. I don't know if it's related to the crc event some time ago.
It was a order confirmation from play.com, I moused over a link in the email and saw it was something with iafrica.com in it. :roll: Prompted binned.0 -
Also got the same email with an Exe file within a zip file; checked all cards and there doesn't seem to be anything amiss.0
-
I too use a dedicated email address for every online retailer. I recently had spam emails to the addresses I use for 'The Times' and 'Travelodge'. Now these email addresses are never used for outgoing email, only for those accounts... so i wrote to the Data Controller for each company asking them to explain how this has happened. They have to respond by law within 14 days, else I shall be informing the Data Registrar who has quite wide powers in this respect including ordering them to shut down their website (tho I dont expect that to happen in reality)Invacare Spectra Plus electric wheelchair, max speed 4mph
0 -
whats more disconcerting, is that it is addressed to me by the name displayed on my credit card i.e. "Full First Name" "Initial of second name" " Surname".0
-
TailWindHome wrote:Should I stop using that email adress?
Not necessarily. Any e-mail account can get spammed or targeted for phishing attempts, it's just that you know that this one has been compromised and so it is more likely to happen.
Having said that, I would highly recommend using unique e-mail addresses for each on-line registration as it makes these things even more clear - getting a mail from "play.com" to my CRC address is an obvious red flag. I've used www.spamgourmet.com for the last 10 years for this and it seems to "just work", but I'm sure that there are plenty of others to pick from...
HTH,
_0 -
It may well be the case that these emails are going out to everyone on the spammers list and that they are naming any retailer they can think of. They do the same for banks and year end HMRC tax bills. In other words the retailers haven't been compromised at all, it is because you use that company you are more likely to tune into the email message.
Bin any email with an attachment unless you are expecting one. There are dozens of them going around at the moment, and big institutions don't attach files to bulk messages.0 -
OptimisticBiker wrote:I too use a dedicated email address for every online retailer. I recently had spam emails to the addresses I use for 'The Times' and 'Travelodge'.
It's that a slightly bit paranoid?0 -
My wife had been in touch with HMRC about a tax rebate..within a couple of weeks she got a phishing email wanting bank details for the tax rebate.
From an HMRC domain. I said this was a scam.
She contacted them, they confirmed what I suspected, it was a scam
Apparently it was "just luck" that this happened at the same time that she was expecting a rebate.
"Just luck"? My big fat hairy arrrrr0 -
snooks wrote:My wife had been in touch with HMRC about a tax rebate..within a couple of weeks she got a phishing email wanting bank details for the tax rebate.
From an HMRC domain. I said this was a scam.
She contacted them, they confirmed what I suspected, it was a scam
Apparently it was "just luck" that this happened at the same time that she was expecting a rebate.
"Just luck"? My big fat hairy arrrrr
No, they just email millions of people near the time that people do their tax forms. A small percentage of those people are more than likely to have been dealing with HMRC so are open to thinking that the email is real.
You can tell they are fraudulent by hovering over the link and see what overseas domain they are really linking to, and secondly by being easy to use. HMRC never it make it simple to send them details.0 -
davmaggs wrote:No, they just email millions of people near the time that people do their tax forms. A small percentage of those people are more than likely to have been dealing with HMRC so are open to thinking that the email is real.
In my wife's case, it was no where near the time that everyone else was doing their tax returns, unless the end of July beginning of August has turned into a new tax year?
Hence my scepticism that it was "just luck"0 -
Not at all. No different to using spamgourmet or similar. I just have my own domain so can give everyone I deal with their own identifying address... e.g. bikeradar@<my domain>.co.uktofu21 wrote:OptimisticBiker wrote:I too use a dedicated email address for every online retailer. I recently had spam emails to the addresses I use for 'The Times' and 'Travelodge'.
It's that a slightly bit paranoid?
Then i can easily filter incoming mail into folders - if its sent to the bikeradar email adress I know, in theory, its from this site... I have a little routine to check the senders address and if it matches what I expect it to be then great, if not it goes in the quarantine.
Since I use my home PC to access my work systems and I have access to the production servers on one of the largest UK eCommerce sites I take security very seriously. I also take data protection seriously, so if someone was to contact our Data Controller saying they'd got spam from an email address associated with our site I and my Head of Security would have some serious questions to answer...Invacare Spectra Plus electric wheelchair, max speed 4mph0 -
You access work systems from your home PC? Bloody hell that's one lax security policy you guys have got in place. I have never worked anywhere that allowed people to use their home PCs to access production systems.
When I hear things like that it does surprise that there are so many issues with data leakage etc...0
