Board logo

Has someone hacked this sites email?
se7en - 14/6/11 at 03:18 PM

I received the following email today. It appears no different to the hundreds of similar email sent to me over the years. The thing that I found alarming was the email address they used.

I have a domain with unlimited email addresses and I use this to filter my email. When I sign up to a website I use the website address at my domain e.g. locostbuilders@#####.co.uk. This enables me to set filters to direct emails to various folders and to stop emails when I do no longer wish to receive them. Some of the sites do not have an unsubscribe function so it is just as easy for me to create a filter, e.g. as in the case of email address clashmedia@#####.co.uk

Most of the forums I subscribe to have been very secure but this is the first time that this has happened. Therefore, I am wondering how my email address at locost builders has been hacked.

onlineservice@
To locostbuilders@#####.co.uk
From: onlineservice@ (Halifax.co.uk Halifax)
Sent: 14 June 2011 14:30:37
To: locostbuilders@#####.co.uk

This message looks suspicious to our SmartScreen filters and we'll delete it after ten days.

Faster Payment Confirmation

You have recieved this message because you have a payment of £600 to recieve from your tax refund by HM Revenue & Customs via our faster payment service.

You are required to confirm your online banking details as part of our security checks before we authorise the payment.

It will be deposited into your account within 2-3 hours as soon as we confirm your details.

Continue

Regards,

Customer Security
Halifax Bank plc.


I don’t mind having to deal with this type of email but because of this email I now have to change my email address at locostbuilders.

Tom

PS obviously I have not shown my domain name in this post.


Ivan - 14/6/11 at 04:03 PM

I got the same message from Halifax Bank - have been getting phishing messages from them for about a year now so not sure if it's through a LCB hack or not.


wilkingj - 14/6/11 at 04:10 PM

Halifax Phishing Emails have been around for many years..

Always check the sites they appear to be sending you to, ie check the domain name rather than the page content.


Spam spam spam .... Wonderful SPAM.... I blame it on all the Vikings!




GreigM - 14/6/11 at 04:46 PM

Interesting, as I also got some spam to an address I only use for this and 1 other site......I do the same thing as se7en and change the part in front of the @ in my email so I can identify where an email got the address.


T66 - 14/6/11 at 05:34 PM

I have 2 hotmail accounts, and the filters are trained, I rarely get any spam.


All the dross just goes straight in the bin, one address is for friends, the other is for utilities/companies etc so is liable to slightly more traffic and spam, but the filters pick most of it up.


You use the word hacked, which imho suggests someone has logged into your email account , which Is not what I think your suggesting, far more likely your email address has been given out by you to a third party who has sold/passed it on elsewhere.


JoelP - 14/6/11 at 05:38 PM

what se7en means, is how has someone got his email address which he has only used to register on this site?


flibble - 14/6/11 at 06:04 PM

Also got the same one today to the address I signed up with, I very very rarely use this address for anything else.


se7en - 14/6/11 at 06:39 PM

quote:
Originally posted by T66

You use the word hacked, which imho suggests someone has logged into your email account , which Is not what I think your suggesting, far more likely your email address has been given out by you to a third party who has sold/passed it on elsewhere.


When I used the word hacked, I used it correctly as in someone has illegally obtained my email address from locostbuilders.co.uk. This email address is specific to locostbuilders.co.uk and nowhere else. I have not used this address for anything else nor have I given it out to anyone else ie the only place a hacker/spammer could have got this address, is from the locost builders site. I can understand your defence of the locost builders site but I am stating facts.

JoelP - you are correct

I am well aware of this type of spam as, like 1000's of other internet users, it has been around for quite some time in many guises of Halifax, Barclays, etc.

Tom


snakebelly - 14/6/11 at 07:52 PM

i also received this email this morning on my lcb account


David Jenkins - 14/6/11 at 09:29 PM

This was discussed a while back - people had received spam that could be directly linked to this forum... I no longer show my email in my profile here. If people want to send me an email they can use the link to my website, which has a 'confused' bitmap of my 'public' email address - they have to type it in manually because it can't easily be scanned by 'robots'. My public email address will be scanned by several spam filters.

Anyone who makes that effort deserves a reply!


Fozzie - 14/6/11 at 10:00 PM

I don't think its 'hacking' as such.....

If you click on the Member list at top left of page just under the Header, you will see a column headed
'Email' .... those who have listed an email will have an envelope in the space.......

So very easy for a 'spammer' to spam us all with spam-mail .....

Perhaps it may be an idea that only the registered members can see the member list.

No it wont stop it, but puts a hurdle in the way.

Please be aware that if you do remove your email addy .... you wont get thread updates and it is harder
to reset your password if things go wrong.....

I have my email showing, just in case any of you need to contact me 'off site' .... and as yet I have not had any, but....
I do have spam/phishing filters ...

I will have a word with ChrisW ... to see if he has suggestions .....

Fozzie

edited for typos!

[Edited on 14-6-11 by Fozzie]


craig1410 - 15/6/11 at 12:24 AM

I've also got my own domain and use a specific email address for each forum I use, including this one. I started off with locostbuilders@my.domain.name and am currently on locostbuilders4@my.domain.name. As Fozzie says, it's not difficult to harvest email addresses from forums and isn't really hacking per se.

Note my domain name isn't actually my.domain.name in case anyone was wondering but you can easily find out what it is by clicking the Email button on my post or on the member list.

Cheers,
Craig.


GreigM - 15/6/11 at 08:04 AM

Unfortunately my email is not listed in the member list, neither (unless he changed it since the event) is se7en's...indicating it may be something more serious than simple email harvesting.

quote:
Originally posted by Fozzie
I don't think its 'hacking' as such.....

If you click on the Member list at top left of page just under the Header, you will see a column headed
'Email' .... those who have listed an email will have an envelope in the space.......

So very easy for a 'spammer' to spam us all with spam-mail .....

Perhaps it may be an idea that only the registered members can see the member list.

No it wont stop it, but puts a hurdle in the way.

Please be aware that if you do remove your email addy .... you wont get thread updates and it is harder
to reset your password if things go wrong.....

I have my email showing, just in case any of you need to contact me 'off site' .... and as yet I have not had any, but....
I do have spam/phishing filters ...

I will have a word with ChrisW ... to see if he has suggestions .....

Fozzie

edited for typos!

[Edited on 14-6-11 by Fozzie]


se7en - 15/6/11 at 09:45 AM

quote:
Originally posted by GreigM
Unfortunately my email is not listed in the member list, neither (unless he changed it since the event) is se7en's...indicating it may be something more serious than simple email harvesting.


You are correct, Craig. I did remove my email address since this incident.

I do not feel that it is safe here until the software is changed to allow only moderators access to that part of the profile information.

The only peeps needing to see the profile are the 'management' when they need to contact you, as Fozzie has stated, the email address is only used to notify members about updates to threads, etc.

I appreciate all your comments on this matter.

Tom


Fozzie - 15/6/11 at 09:57 AM

I have just had a word with The Boss, he is in a meeting at the mo so I am posting on his behalf.

'This happened a while back, about 8 months ago and was fixed.
Unfortunately it seems as though a few email addies were compromised before then'......


I will be speaking with Chris later when he is back from his meetings with regard to 'hiding'
the member base email details ...

Fozzie


andyd - 15/6/11 at 11:34 AM

To my knowledge I have never shown my email address on the Member List and don't have the "email me" thing on my posts however I have also had the Halifax spam to the address I only use for this site. Like many I use my domain name as a filter so I know exactly where my email addresses are coming from to see if I've made it on a spam list I don't want to be on.

I would say that the site has been compromised in some way as I don't see another way for someone to know the address I currently use.

I hear what Chris is saying but I'm pretty sure my address wasn't shown 8 months ago so unless someone is a very good guesser, someone has been a naughty boy/girl/man/woman/dog/cat/other.

Just to add, I've just looked back in my spam folder and I had two such similar Halifax emails to my Locost address at the end of May.

[Edited on 15/6/2011 by andyd]


T66 - 15/6/11 at 12:54 PM

Point taken - but if you choose to leave an email address next to your profile, its hardly getting hacked ? Or do I still have the shitty end of the stick (still) ?


I have just checked my profile, and Ive never had any spam emails as I havent added an email address.



Surely thats the best way to prevent spam....



Bit like nobody ever rings my mobile, as the only people with the correct number is my service provider and those in my phonebook. I never give the correct mobil/landline number unless absolutely essential. Had the same number four years.



This is one of the problems with personal information and the tinterweb, we are all relatively easy to find, car reg Nos and a good old google search.



Less is definitely more......


stevebubs - 15/6/11 at 03:04 PM

I think Chris was actually admitting there was a weakness and it was compromised 8 months ago, but should be Ok now..


Fozzie - 15/6/11 at 04:33 PM

quote:
Originally posted by stevebubs
I think Chris was actually admitting there was a weakness and it was compromised 8 months ago, but should be Ok now..


Spot on....