Possible security breach? [Suspicious Help!!! email]

Post comments or questions about the Field Guide
chrisca
Posts: 107
Joined: January 22nd, 2010, 10:48 am

Possible security breach? [Suspicious Help!!! email]

Post by chrisca » July 26th, 2012, 11:34 am

I just received email from a Portland Hikers member's email address. However, I don't recall interacting with this person and don't have the person's email in my address book. It is possible that someone has obtained the names and email addresses of Portland Hikers members and is using them to send phishing messages attempting to get financial details.

Below is the text of the message I received with the person's name removed for privacy.

When I looked at the message closely, the "reply to" email address is slightly different from the member's real email address. It was carefully set up to make it difficult to tell the difference. So I'm certain this message is fraudulent.



--------------------------------------------------------------------------------

Date: Thu, 26 Jul 2012 06:21:40 -0700
From: (email address removed)
Subject: Help !!!
To:


I'm writing this with tears in my eyes, I came down to London, United Kingdom for a short vacation. Unfortunately,I was mugged at the park of the hotel where i stayed,all cash and credit card were stolen off me but luckily for me i still have my passport with me.

I've been to the the Police here but they're not helping issues at all and my return flight leaves in few hours from now but I'm having problems settling the hotel bills and the hotel manager won't let me leave until I settle the bills. Well I really need your financial assistance..

Please let me know if you can help me out?

I'm freaked out at the moment!!

(name removed)

User avatar
retired jerry
Posts: 14395
Joined: May 28th, 2008, 10:03 pm

Re: Possible security breach?

Post by retired jerry » July 26th, 2012, 11:54 am

I got that too

I'm pretty sure that's just a scam, don't respond

Poor (name removed)

User avatar
Martell
Posts: 2045
Joined: May 28th, 2008, 10:03 pm
Location: SW Portland

Re: Possible security breach?

Post by Martell » July 26th, 2012, 12:50 pm

Hi chrisca,

The "From" email address is the correct address, but the Reply-To is slightly different. Probably so that if the hacker loses control of the email account they still get the replies. That makes me think the Yahoo account may be hacked.

I'm still not sure it was a security breach of this site. She is an admin here, so it's possible if you ever emailed the contact for PH, or PH Field Guide, or TKO she could have your email in her address book.

I'm curious how many others got this email. I know Jerry and I did, but we would be in her address book.

-Dan
-Dan
Site Tech Helper

User avatar
Grannyhiker
Posts: 4598
Joined: May 28th, 2008, 10:03 pm
Location: Gateway to the Columbia Gorge

Re: Possible security breach? [Suspicious Help!!! email]

Post by Grannyhiker » July 26th, 2012, 1:01 pm

This email is a standard scam! Please do not reply!!! Good for you for spotting it!

I haven't gotten one, though, although if the person is whom I think it is, I have had an email or two from her in the past. I wish her the best in getting over this hacking situation!

I've been concerned about security since Frontier (successor to Verizon) recently switched all of us customers to yahoo mail.

Lurch
Posts: 1270
Joined: May 28th, 2008, 10:03 pm
Location: Aurora
Contact:

Re: Possible security breach? [Suspicious Help!!! email]

Post by Lurch » July 26th, 2012, 1:13 pm

I'm with Dan.. It's also not that difficult to spoof an email address and make it appear like it came from someone else... Sounds more like a breached address book / email account than a forum breach.

User avatar
kepPNW
Posts: 6411
Joined: June 21st, 2012, 9:55 am
Location: Salmon Creek

Re: Possible security breach? [Suspicious Help!!! email]

Post by kepPNW » July 26th, 2012, 1:17 pm

Didn't get it. Just checked the spam bucket.

As someone who runs multiple email servers, I do have a couple suggestions. It's clearly a scam, and odds are very high the account is not only compromised but that the original owner no longer has access to it. So it will do no good to send email to that account (as opposed to the fake Reply-To). The Received headers would tell the whole story, though. If, as I suspect, the account is compromised, forwarding the email to abuse@ and postmaster@ the host domain would alert them to clamp down on it until the owner can reclaim it properly. If the host domain is a biggie, like gmail or (especially) hotmail, that probably won't help at all. But many smaller email hosters will take the issue seriously.
Karl
Back on the trail, again...

User avatar
Jane
Posts: 3639
Joined: May 28th, 2008, 10:03 pm

Re: Possible security breach? [Suspicious Help!!! email]

Post by Jane » July 26th, 2012, 1:18 pm

Hi friends, unless more people were victim to this, the hack was my personal email account :( I have been in contact with Yahoo, and hopefully I can get it resolved - ALL stored emails and ALL contacts are gone - for now only I HOPE :| But it's been interesting how many people called, texted or emailed me worrying about me - I guess the messengers are getting more savvy in their "pleas".

I will definitely be taking advice on how to secure and update my antique computer and skills after this! Yes, all passwords are changed now too.

thank you! Jane

User avatar
retired jerry
Posts: 14395
Joined: May 28th, 2008, 10:03 pm

Re: Possible security breach? [Suspicious Help!!! email]

Post by retired jerry » July 26th, 2012, 1:54 pm

Jane, that's good to know you haven't been mugged in London :)

And hopefully it won't be a major hassle recovering from this

User avatar
RobFromRedland
Posts: 1094
Joined: May 28th, 2008, 10:03 pm

Re: Possible security breach? [Suspicious Help!!! email]

Post by RobFromRedland » July 26th, 2012, 2:15 pm

I'm not sure what it is, but it seems like a disproportionately high number of "hacked" accounts are Yahoo email accounts. I know people who have had their accounts compromised and they had pretty good passwords in place, and most normal precautions. My gut feeling is that yahoo has some security holes that some hackers know about. Hopefully they can close those holes......

My wife got one of these emails a while ago (from someone with a Yahoo account no less). So maybe it is a popular hack.

To help prevent it, make sure you change your password to a STRONG password (not a real word, with upper/lower case and including numbers and special characters if you can). Also, enable the secure password features if you can (https/SSL access to your account rather than http access).

Good luck recovering from it. What a pain.
Life is not a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside, thoroughly used up, totally worn out, and loudly proclaiming: WOW! What a ride! - Hunter S. Thompson

User avatar
kepPNW
Posts: 6411
Joined: June 21st, 2012, 9:55 am
Location: Salmon Creek

Re: Possible security breach? [Suspicious Help!!! email]

Post by kepPNW » July 26th, 2012, 2:26 pm

RobFromRedland wrote:I'm not sure what it is, but it seems like a disproportionately high number of "hacked" accounts are Yahoo email accounts.
Many aren't hacked at all. Over 400,000 account names and clear-text passwords were recently stolen from Yahoo Voice, and then posted all over the Internet. "Caveat emptor!", so to speak.

https://www.trustedsec.com/july-2012/ya ... mpromised/
Karl
Back on the trail, again...

Post Reply