SCAM EMAIL BEING SENT

User avatar
sirhc
Employee
Employee
 
Posts: 7421
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1609 times
Been thanked: 1326 times

SCAM EMAIL BEING SENT

Wed Sep 11, 2019 9:14 am

So several of our customers have received the following email:



Hello,

Do you have a moment to chat on email? I have an obligation did I would like you to complete ASAP.

Chris Sisler
President
Netonix


This is a SCAMMER, not sure yet how they obtained some of our customer email addresses, I would assume from the forums somehow.

There is no worries other than annoyance as we do not store any credit card info on our web store and the most personal info they could get from us is:

Web store: Your shipping/billing address, email address, phone number and such but no credit card info as we do NOT store this info and CC processing is done via PayPal secure app for Magento.

Forums: Your email address

Mail Server: Your email address

At this point we are not even sure if they got this info from us through some sort of hack, or simply from harvesting info from our list of Distributors on our site and from posts on our forums, or our mail server.

We are looking into it.

If you received this email please post below and let us know.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

patagonia
Member
 
Posts: 5
Joined: Fri Mar 27, 2015 4:56 pm
Has thanked: 1 time
Been thanked: 0 time

Re: SCAM EMAIL BEING SENT

Wed Sep 11, 2019 11:12 am

Thanks for letting us know right away!

john@citylinkfiber.com
Member
 
Posts: 8
Joined: Fri Dec 18, 2015 1:48 pm
Has thanked: 0 time
Been thanked: 1 time

Re: SCAM EMAIL BEING SENT

Wed Sep 11, 2019 11:26 am

While its good to hear you aren't storing CC data, you are storing PII (Personal Identifying Information) and it seems that some or all of that data has been disclosed.

Most people fail to understand that ANY information leak / disclosure is to much.

Cyber criminals collect data, all data, and build databases of information. They correlate and cross reference this information.
The criminals then use the combined data to better target fraud.

So having your name, email address, shipping address (which many times is the Credit Card Billing address) is really valuable.
If they have your card number and email from a different data breach, now they would have your address which makes the card data more valuable.

Further, they can scrape the emails and build relationship graphs. Fill in additional details from other data breaches.

From a legal perspective any disclosure of PII information is considered a data breach. Multiple US States have specific disclosure rules and the EU / GDPR rules also have specific rules that need to be followed.

sirhc, please seek out help to sort out how and where they got the information.

John Brown, CISSP (Certified Information Systems Security Professional)
While I run a WISP, I also do cyber security as part of my $dayjob

jg0007
Member
 
Posts: 82
Joined: Wed Jan 20, 2016 2:07 am
Has thanked: 0 time
Been thanked: 7 times

Re: SCAM EMAIL BEING SENT

Wed Sep 11, 2019 12:13 pm

Thank you so much

Kingpin3
Member
 
Posts: 8
Joined: Sun Jun 05, 2016 1:37 pm
Has thanked: 1 time
Been thanked: 4 times

Re: SCAM EMAIL BEING SENT

Wed Sep 11, 2019 12:44 pm

john@citylinkfiber.com wrote:While its good to hear you aren't storing CC data, you are storing PII (Personal Identifying Information) and it seems that some or all of that data has been disclosed.

Most people fail to understand that ANY information leak / disclosure is to much.

Cyber criminals collect data, all data, and build databases of information. They correlate and cross reference this information.
The criminals then use the combined data to better target fraud.

So having your name, email address, shipping address (which many times is the Credit Card Billing address) is really valuable.
If they have your card number and email from a different data breach, now they would have your address which makes the card data more valuable.

Further, they can scrape the emails and build relationship graphs. Fill in additional details from other data breaches.

From a legal perspective any disclosure of PII information is considered a data breach. Multiple US States have specific disclosure rules and the EU / GDPR rules also have specific rules that need to be followed.

sirhc, please seek out help to sort out how and where they got the information.

John Brown, CISSP (Certified Information Systems Security Professional)
While I run a WISP, I also do cyber security as part of my $dayjob



I can't say a leaked email address is a particular concern to me, nor you I assume since you've got your Name/Email/Location displayed on a public forum..

mrmarria
Member
 
Posts: 31
Joined: Tue Oct 25, 2016 3:59 pm
Has thanked: 5 times
Been thanked: 2 times

Re: SCAM EMAIL BEING SENT

Wed Sep 11, 2019 12:49 pm

Thanks for heads up!

User avatar
wtm
Experienced Member
 
Posts: 262
Joined: Sun Jan 11, 2015 12:17 am
Location: Arizona
Has thanked: 41 times
Been thanked: 36 times

Re: SCAM EMAIL BEING SENT

Wed Sep 11, 2019 1:12 pm

Thanks for the info !

RoggenBroadBan
Member
 
Posts: 4
Joined: Fri Aug 18, 2017 1:48 pm
Has thanked: 2 times
Been thanked: 4 times

Re: SCAM EMAIL BEING SENT

Wed Sep 11, 2019 1:55 pm

HOW LONG HAS THIS BEEN GOING ON!!!

If you have not tried to cover this up and hide information, I find this sorely disappointing. I expect to not be told about a hack/information disclosure for MINIMALLY 3 months after it has happened, do you know what this is going to do to my calendar?!?!?!

Honestly, just reporting the possibility of an information disclosure is frustrating. I expect better from a company that does business internationally.

Please take a page out of Equfax's security notebook, they at least have the decency to not even report being hacked to the authorities until after their C level employees have had the chance to sell off stock.

The inability to follow standard industry practices these days is beginning to make me think these Millennials will really be the end of us all.

P.S. I have not gotten one of these emails, even more disappointing.

User avatar
jpaine619
Member
 
Posts: 82
Joined: Fri Jul 07, 2017 11:13 pm
Location: San Diego, CA
Has thanked: 26 times
Been thanked: 18 times

Re: SCAM EMAIL BEING SENT

Wed Sep 11, 2019 2:05 pm

john@citylinkfiber.com wrote:While its good to hear you aren't storing CC data, you are storing PII (Personal Identifying Information) and it seems that some or all of that data has been disclosed.

Most people fail to understand that ANY information leak / disclosure is to much.



Uh... You deliberately made YOUR email address, city, and first name available to members of this forum. None of that information is required to operate in the forums. Plenty of folks use an alias or leave the information marked private.. So...
Pot meet Kettle..

User avatar
therealboss
Member
 
Posts: 11
Joined: Wed Feb 24, 2016 7:31 am
Location: Ireland
Has thanked: 1 time
Been thanked: 1 time

Re: SCAM EMAIL BEING SENT

Wed Sep 11, 2019 2:24 pm

Thanks for heads up!

Next
Return to General Discussion

Who is online

Users browsing this forum: Google [Bot] and 115 guests