se7en
|
| posted on 14/6/11 at 03:18 PM |
|
|
Has someone hacked this sites email?
I received the following email today. It appears no different to the hundreds of similar email sent to me over the years. The thing that I found
alarming was the email address they used.
I have a domain with unlimited email addresses and I use this to filter my email. When I sign up to a website I use the website address at my domain
e.g. locostbuilders@#####.co.uk. This enables me to set filters to direct emails to various folders and to stop emails when I do no longer wish to
receive them. Some of the sites do not have an unsubscribe function so it is just as easy for me to create a filter, e.g. as in the case of email
address clashmedia@#####.co.uk
Most of the forums I subscribe to have been very secure but this is the first time that this has happened. Therefore, I am wondering how my email
address at locost builders has been hacked.
onlineservice@
To locostbuilders@#####.co.uk
From: onlineservice@ (Halifax.co.uk Halifax)
Sent: 14 June 2011 14:30:37
To: locostbuilders@#####.co.uk
This message looks suspicious to our SmartScreen filters and we'll delete it after ten days.
Faster Payment Confirmation
You have recieved this message because you have a payment of £600 to recieve from your tax refund by HM Revenue & Customs via our faster payment
service.
You are required to confirm your online banking details as part of our security checks before we authorise the payment.
It will be deposited into your account within 2-3 hours as soon as we confirm your details.
Continue
Regards,
Customer Security
Halifax Bank plc.
I don’t mind having to deal with this type of email but because of this email I now have to change my email address at locostbuilders.
Tom
PS obviously I have not shown my domain name in this post.
|
|
|
|
|
Ivan
|
| posted on 14/6/11 at 04:03 PM |
|
|
I got the same message from Halifax Bank - have been getting phishing messages from them for about a year now so not sure if it's through a LCB
hack or not.
|
|
|
wilkingj
|
| posted on 14/6/11 at 04:10 PM |
|
|
Halifax Phishing Emails have been around for many years..
Always check the sites they appear to be sending you to, ie check the domain name rather than the page content.
Spam spam spam .... Wonderful SPAM.... I blame it on all the Vikings!
1. The point of a journey is not to arrive.
2. Never take life seriously. Nobody gets out alive anyway.
Best Regards
Geoff
http://www.v8viento.co.uk
|
|
|
GreigM
|
| posted on 14/6/11 at 04:46 PM |
|
|
Interesting, as I also got some spam to an address I only use for this and 1 other site......I do the same thing as se7en and change the part in front
of the @ in my email so I can identify where an email got the address.
|
|
|
T66
|
| posted on 14/6/11 at 05:34 PM |
|
|
I have 2 hotmail accounts, and the filters are trained, I rarely get any spam.
All the dross just goes straight in the bin, one address is for friends, the other is for utilities/companies etc so is liable to slightly more
traffic and spam, but the filters pick most of it up.
You use the word hacked, which imho suggests someone has logged into your email account , which Is not what I think your suggesting, far more likely
your email address has been given out by you to a third party who has sold/passed it on elsewhere.
|
|
|
JoelP
|
| posted on 14/6/11 at 05:38 PM |
|
|
what se7en means, is how has someone got his email address which he has only used to register on this site?
Beware! Bourettes is binfectious.
|
|
|
flibble
|
| posted on 14/6/11 at 06:04 PM |
|
|
Also got the same one today to the address I signed up with, I very very rarely use this address for anything else.
|
|
|
se7en
|
| posted on 14/6/11 at 06:39 PM |
|
|
quote:
Originally posted by T66
You use the word hacked, which imho suggests someone has logged into your email account , which Is not what I think your suggesting, far more likely
your email address has been given out by you to a third party who has sold/passed it on elsewhere.
When I used the word hacked, I used it correctly as in someone has illegally obtained my email address from locostbuilders.co.uk. This email address
is specific to locostbuilders.co.uk and nowhere else. I have not used this address for anything else nor have I given it out to anyone else ie the
only place a hacker/spammer could have got this address, is from the locost builders site. I can understand your defence of the locost builders site
but I am stating facts.
JoelP - you are correct
I am well aware of this type of spam as, like 1000's of other internet users, it has been around for quite some time in many guises of Halifax,
Barclays, etc.
Tom
|
|
|
snakebelly
|
| posted on 14/6/11 at 07:52 PM |
|
|
i also received this email this morning on my lcb account
|
|
|
David Jenkins
|
| posted on 14/6/11 at 09:29 PM |
|
|
This was discussed a while back - people had received spam that could be directly linked to this forum... I no longer show my email in my profile
here. If people want to send me an email they can use the link to my website, which has a 'confused' bitmap of my 'public'
email address - they have to type it in manually because it can't easily be scanned by 'robots'. My public email address will be
scanned by several spam filters.
Anyone who makes that effort deserves a reply!
|
|
|
Fozzie
|
| posted on 14/6/11 at 10:00 PM |
|
|
I don't think its 'hacking' as such.....
If you click on the Member list at top left of page just under the Header, you will see a column headed
'Email' .... those who have listed an email will have an envelope in the space.......
So very easy for a 'spammer' to spam us all with spam-mail .....
Perhaps it may be an idea that only the registered members can see the member list.
No it wont stop it, but puts a hurdle in the way.
Please be aware that if you do remove your email addy .... you wont get thread updates and it is harder
to reset your password if things go wrong.....
I have my email showing, just in case any of you need to contact me 'off site' .... and as yet I have not had any, but....
I do have spam/phishing filters ...
I will have a word with ChrisW ... to see if he has suggestions .....
Fozzie 
edited for typos! 
[Edited on 14-6-11 by Fozzie]
'Racing is Life!...anything before or after is just waiting'....Steve McQueen
|
|
|
craig1410
|
| posted on 15/6/11 at 12:24 AM |
|
|
I've also got my own domain and use a specific email address for each forum I use, including this one. I started off with
locostbuilders@my.domain.name and am currently on locostbuilders4@my.domain.name. As Fozzie says, it's not difficult to harvest email addresses
from forums and isn't really hacking per se.
Note my domain name isn't actually my.domain.name in case anyone was wondering but you can easily find out what it is by clicking the Email
button on my post or on the member list.
Cheers,
Craig.
|
|
|
GreigM
|
| posted on 15/6/11 at 08:04 AM |
|
|
Unfortunately my email is not listed in the member list, neither (unless he changed it since the event) is se7en's...indicating it may be
something more serious than simple email harvesting.
quote:
Originally posted by Fozzie
I don't think its 'hacking' as such.....
If you click on the Member list at top left of page just under the Header, you will see a column headed
'Email' .... those who have listed an email will have an envelope in the space.......
So very easy for a 'spammer' to spam us all with spam-mail .....
Perhaps it may be an idea that only the registered members can see the member list.
No it wont stop it, but puts a hurdle in the way.
Please be aware that if you do remove your email addy .... you wont get thread updates and it is harder
to reset your password if things go wrong.....
I have my email showing, just in case any of you need to contact me 'off site' .... and as yet I have not had any, but....
I do have spam/phishing filters ...
I will have a word with ChrisW ... to see if he has suggestions .....
Fozzie
edited for typos!
[Edited on 14-6-11 by Fozzie]
|
|
|
se7en
|
| posted on 15/6/11 at 09:45 AM |
|
|
quote:
Originally posted by GreigM
Unfortunately my email is not listed in the member list, neither (unless he changed it since the event) is se7en's...indicating it may be
something more serious than simple email harvesting.
You are correct, Craig. I did remove my email address since this incident.
I do not feel that it is safe here until the software is changed to allow only moderators access to that part of the profile information.
The only peeps needing to see the profile are the 'management' when they need to contact you, as Fozzie has stated, the email address is
only used to notify members about updates to threads, etc.
I appreciate all your comments on this matter.
Tom
|
|
|
Fozzie
|
| posted on 15/6/11 at 09:57 AM |
|
|
I have just had a word with The Boss, he is in a meeting at the mo so I am posting on his behalf.
'This happened a while back, about 8 months ago and was fixed.
Unfortunately it seems as though a few email addies were compromised before then'......
I will be speaking with Chris later when he is back from his meetings with regard to 'hiding'
the member base email details ...
Fozzie
'Racing is Life!...anything before or after is just waiting'....Steve McQueen
|
|
|
andyd
|
| posted on 15/6/11 at 11:34 AM |
|
|
To my knowledge I have never shown my email address on the Member List and don't have the "email me" thing on my posts
however I have also had the Halifax spam to the address I only use for this site. Like many I use my domain name as a filter so I know exactly
where my email addresses are coming from to see if I've made it on a spam list I don't want to be on.
I would say that the site has been compromised in some way as I don't see another way for someone to know the address I currently use.
I hear what Chris is saying but I'm pretty sure my address wasn't shown 8 months ago so unless someone is a very good guesser,
someone has been a naughty boy/girl/man/woman/dog/cat/other.
Just to add, I've just looked back in my spam folder and I had two such similar Halifax emails to my Locost address at the end of May.
[Edited on 15/6/2011 by andyd]
Andy
|
|
|
T66
|
| posted on 15/6/11 at 12:54 PM |
|
|
Point taken - but if you choose to leave an email address next to your profile, its hardly getting hacked ? Or do I still have the shitty end of the
stick (still) ?
I have just checked my profile, and Ive never had any spam emails as I havent added an email address.
Surely thats the best way to prevent spam....
Bit like nobody ever rings my mobile, as the only people with the correct number is my service provider and those in my phonebook. I never give the
correct mobil/landline number unless absolutely essential. Had the same number four years.
This is one of the problems with personal information and the tinterweb, we are all relatively easy to find, car reg Nos and a good old google
search.
Less is definitely more......
|
|
|
stevebubs
|
| posted on 15/6/11 at 03:04 PM |
|
|
I think Chris was actually admitting there was a weakness and it was compromised 8 months ago, but should be Ok now..
|
|
|
Fozzie
|
| posted on 15/6/11 at 04:33 PM |
|
|
quote:
Originally posted by stevebubs
I think Chris was actually admitting there was a weakness and it was compromised 8 months ago, but should be Ok now..
Spot on.... 
'Racing is Life!...anything before or after is just waiting'....Steve McQueen
|
|
|
