Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[kragorn]

This morning I received one of the standard "Paypal Verification" scams in my e-mail.  Nothing strange with that, delete and move on, but ...

I have my own domain and whenever I register somewhere I use a unique address, eg. when I registered for this forum I used 'fromjriver@'.  This is the ONLY place I've used that address.

The Paypal scam was sent to 'fromjriver@'.  How did the scammer get this unique address?

[RhinoBanga]

Funnily enough I got one yesterday too.

I generally use my hotmail account when registering with forums but this is one of the few places where I used my real address and that is where I received the email.



P.S.  That's a good trick with the email addys.   I am going to change to that system.

[ChicoSelfs]

I received one E-Mail from Pay-pal too  ?

[gpvillamil]

Weird. I got one too. It went to my personal e-mail address, which is long and complicated, so I don't think they were just randomly generating addresses.

For those of you new to the subject, if you received an e-mail purporting to be from Paypal asking you to verify your identity, IGNORE IT. It is a scam to get your payment info. Paypal will only ever interact with you through their own website. Read their security guidelines.

If you received such an e-mail, please post to this thread.

[georgem29]

I also have my own domain and create unique addresses for individual companies I deal with.  I got the PayPal scam email to the address I used to register Media Center and register for this forum.  I've never used it for anything else.

I'd like to hear JRiver's explanation.

[sirshambling]

Add me to the list of recipients.

[JaWe]

I got one too  ?

[DJMUK]

I got 2 some hours apart - How Lucky I am!!!

They were both to my main address which I use for all software/forum registrations.

EDIT: Should have said that I did not purchase MC with PayPal - Just in case it helps JRiver get to the bottom of this.

[Marko]

I got one too.
Well actaully, I got a couple. different mail addresses for different versions.

Now, please, please, please tell me.....

I'm almost certain jriver don't sell e-mail lists. (If I'm wrong, It'll end my association with MC)
If jriver don't sell e-mail lists, then it looks quite likely they have been compromised in some way, if that's the case, is it only e-mails they got? or should I cancel my credit card?

[Jaguu]

Received 4 emails from Paypal, my jaguu email address is hardly known, just 2 or 3 very definite places such as this forum.

[zevele10]

They are still sleeping....hard time when starting the day job.

I cannot beleive that they sell email adress-I really mean it-
I did not get any ,but i did not buy MC10

So ,did all of you updated to MC10?
How is the mail?
A real PayPal ?
Or a prank?

[Stilton]

In a vain attempt to combat spam, I use special different email addresses for everything I sign up for on the 'net (my ISP allows anything@username.ips.com, so I set anything to be what I'm signing up for).

I used one email, prefixed 'jriver@', to purchase the jriver software. I use one prefixed mc@ to sign up for this forum.

I received a spam to both of these accounts this morning. This is rather worrying on both accounts.  I've got 'hide email addresses from public' ticked in my profile, so my forum email address shouldn't be available to spam bots. My jriver@ one should only be stored securely with jriver.

I'm not suggesting you're selling our email addresses, but this is rather worrying. You may want to check over your security on where you store our emails. I'm sure I haven't used these emails anywhere else - definately not outside jriver.

The spams were paypal phishing. If anyone else got the same, please post here.
--------------------------------------------------

Good to see I'm not the only one who's looking for an explanation on this one.

I have not purchased v10, so that's not it.

[RhinoBanga]

I haven't updated to v10 and I got the email.

Maybe the board was hacked?

[retrospek]

I've also received a Paypal scam message this morning using the same address as I used for JRiver  

Mark.

[zevele10]

look like good news that not only mc10 buyers got it

[kragorn]

So ,did all of you updated to MC10?
How is the mail?
A real PayPal ?
Or a prank?

The e-mail address I received it on was only ever used to register on this forum .. I am not a registered MC user, only on this forum am I 'known' to JRiver, so this forum's member record for me is the only place I know of that 'fromjriver@xxx' is recorded.

RhinoBanga has a good point.

It's a scam .. using the by-now conventional means of obscuring the real destination of the link by appending lots of 0x01s to the URL which Outlook Express and Internet Explorer don't show .. I use Poco and Firebird so saw them .


PS, I'm STILL not a llama.  

[zevele10]

ok
so calm down
all of us

[Stilton]

ok
so calm down
all of us

It's actually quite serious. Not only has my forum address been grabbed, but also the confidential one used to register to jriver.

If it was only the the forum one's it's not as serious - likely a bug in the forum software. But for the registration emails to somehow get in the hands of spammers could have compromised other data, such as CC details.

Can anyone else say for sure that it is specifically jriver registration email address that was spammed (NOT their forum one)?

The spams are called 'phishing' - pretending to be an official email and sending the user off to collect their information (such as passwords, or CC details) (see http://www.urbandictionary.com/define.php?term=phishing). The URL in the email uses the classic 'username' method - the URL looks like it's going to paypal.com, but actually it's going to another domain, logging in with the username 'www.paypal.com'. The actual domain you'll see at the end of the long URL, not usually in sight because of all the 0s obscuring it out of view.

[TimB]

I have my own domain and whenever I register somewhere I use a unique address, eg. when I registered for this forum I used 'fromjriver@'.  This is the ONLY place I've used that address.

VERY cool idea!

No spam of this type received here.

-=Tim=-

[JimH]

We don't sell or otherwise provide your e-mail address to anyone.  

Many of these schemes are based on worms that can read an e-mail address book and then use the addresses to send more and also use the addresses as the sender name.  So if the address was in an e-mail address book anywhere, it's possible for the worm to find it.

A second possibility is that someone's e-mail server is being used to capture addresses.

Another possibility is that the addresses are publicly visible here on Interact.  Can you see each other's addresses?  If so, a robot can collect them.

Still another is that addresses are being randomly generated.  fromjriver would be a logical one.

There are other possibilities, but WE DO NOT PROVIDE YOUR ADDRESS TO ANYONE ELSE.

[kragorn]

Many of these schemes are based on worms that can read an e-mail address book and then use the addresses to send more and also use the addresses as the sender name.  So if the address was in an e-mail address book anywhere, it's possible for the worm to find it.

A second possibility is that someone's e-mail server is being used to capture addresses.

Another possibility is that the addresses are publicly visible here on Interact.  Can you see each other's addresses?  If so, a robot can collect them.

Still another is that addresses are being randomly generated.  fromjriver would be a logical one.

There are other possibilities, but WE DO NOT PROVIDE YOUR ADDRESS TO ANYONE ELSE.

1. My e-mail address would not be in ANY address book, I have never had e-mail contact with anyone else here, only your board's database knows it AFAICS.

2. Unlikely since I've never sent an e-mail from that address and only 1 has ever been delivered to me when I registered some time ago.

3. My e-mail address is marked "Hidden" in my member record.

4. 'fromjriver' is extremely UNLIKELY IMO.

MANY MEMBERS ARE REPORTING THIS.  If you say you don't pass on e-mail addresses given to you then I'll accept that, however it seems highly suspicious that the recipt of this scam by so many members means the source of the e-mail addresses IS YOUR BOARD.  

If you refuse to accept that as a possibility, as you are doing by invoking that list of possibilities which I have easily demolished, then clearly customers and potential users of this board need to be wary, because your systems could have been compromised and you appear to be doing nothing to look into it.

[JimH]

Did I say that we would not investigate it?  Sorry for the omission.  It's 7:00AM here.

fromjriver is extremely likely, IMO.  from + domain name.

It would be nice if you would not make sinister assumptions about what has happened.

[JimH]

Can everyone add a reply here that tells us the domain name of your mail server?  hotmail.com or aol.com, for example.

[jleerigby]

Just to add to the list of recipients I got one too.  I was amazed as this is the first spam I've seen since I changed the e-mail address about 3 months ago.  I too only use this address for MC so I was immediately worried about how on earth someone got hold of this address.  

I can't imagine that any worm invaded my PC as I am very careful as to which sites I visit (mostly it's just interact) and NAV 2003 is constantly up to date.  My wife uses the PC regularly and she has had no such e-mail - neither has anyone else I've spoken to at work or freinds or family.

[zevele10]

OK

Please.let try to have the most indications  ready for when they start to look at.

ME: email adress visible on interact==NO email sent to me-
adress yahooFR [ not COM]
NEXT!

[jleerigby]

I'm going to keep a creaful eye on my CC statement.  I hope Jim confirms they'll look into this.

[RhinoBanga]

I have my own domain jdnet.co.uk.

They got my personal name too, jamie.

I can't see how both of these could have been randomly generated.   Also my mail server did not pick up any non-deliverable messages.

Now my email address is only registered on 2 boards (this and another one).   No-one on the other board has reported this situation whereas others have reported it here.   The facts are pointing this way.



P.S.  My email is hidden from public view on both boards.

[JollyJim]

I got two this morning from paypal to xxxx.freeserve.co.uk

[bob]

It sounds to me like someone found a way to pull the database but doing a quick check, I haven't found any notifications of holes in this version of the software. I also tried a few tricks that would lead me to be able to pull the database but they didn't work.

I'll keep looking...

[kragorn]

It's clearly not a dictionary attack, I've received no others.

[gpvillamil]

Better post a sticky and an urgent announcement on the board, warning users about the fake mail. Most of us are pretty aware and won't fall for it, but others might not be so careful. Might also want to e-mail all users of the board and warn them of the compromise.

[kragorn]

It just occurred to me there may have been one other place I entered my e-mail address .. when you download a trial version there's an optional registration page, I now can't recall if I entered it there or not, I usually don't offer my details unless I'm forced to but it is possible I may have done.

Clearly many of your members and customers would also have entered details on that page.

[KingSparta]

Funnily enough I got one yesterday too.

I generally use my hotmail account when registering with forums but this is one of the few places where I used my real address and that is where I received the email.



P.S.  That's a good trick with the email addys.   I am going to change to that system.

I already talked to paypal yesterday, and submitted the info from the orginal message.

it seems this is going around, per their message back to me

they are working on shutting down the spammer

the one i got also had a Virus attached to it that was stripped out by Road Runner (My Provider)

[kragorn]

It could be just the time difference, but I notice that there are a lot of UK users here.  Mail server hack in the UK?

I don't see where the e-mail address used to target me would ever have been present on any mail server other than yours.  My domain is virtually hosted by mail is received using normal MX record resolution AFAIK and is not forwarded, hence anything sent from you to me would not be staged elsewhere.

Also it's hosted on a small local web hoster, the chances of 2 of their customers also being present here is very, very small IMHO.

[JimH]

Correct me if I'm wrong, but I believe that the e-mail address is visible in the packets forwarded from machine to machine across the Internet, so if any machine in between is compromised, they could be collected there.

[ChicoSelfs]

my email is from my provider netvisao.pt

[JimH]

Here's a good summary of the growing "phishing" problem:
http://news.netcraft.com/archives/2004/01/07/jump_in_phishing_attacks_in_december.html

[LisaRCT]

I got it too . . .
Yahoo.com

[DJMUK]

Can everyone add a reply here that tells us the domain name of your mail server?  hotmail.com or aol.com, for example.

JimH, In case it helps mine is: dial.pipex.com

My email address is not used exclusively for this forum and/or registration of MC.  I only opened a PayPal account on 20/09/2003 to purchase a shareware program that had no other payment options.  I bought MC by CC.

If my memory serves me I also got one of these PayPal spoofs about 6-8 weeks ago.

Hope this helps.

David

[RhinoBanga]

Correct me if I'm wrong, but I believe that the e-mail address is visible in the packets forwarded from machine to machine across the Internet, so if any machine in between is compromised, they could be collected there.

But the suspicious fact here is that it's a high number of interact users that have been spammed.

I don't know of anyone else who has got it who isn't an interact user.

[John Gateley]

Hi Y'all,

A couple of things:

JLee, cc info is never on the machine that supports interact, though keeping a close eye on your statement is always a good thing.

Those of you who are SURE that you got the spam because of this board, did you use the chat room? Is that a possible source of the spam?

j

[RhinoBanga]

Hi Y'all,

Those of you who are SURE that you got the spam because of this board, did you use the chat room? Is that a possible source of the spam?

j

No as I have a fake email addy on irc, usually me@you.com.

[JimH]

But the question was "did you use the chat room?"

Sounds like you did.

[ChicoSelfs]

By the way i don't have an paypal account

[RhinoBanga]

But the question was "did you use the chat room?"

Sounds like you did.

Correct but I am pointing out that my IRC email address is fake so a whois on me would have resulted in a fake address.

[retrospek]

I don't believe I've ever used the Chat Room - In fact I didn't even know we had one available...

I'm wondering if maybe a 'plugin' has required us to provide our email address somewhere along the line - and maybe that person has been hacked somehow...

I can't remember though if I've had to provide my email details for any plug-ins.

My email address is hosted by plus.net in the UK

Cheers,

Mark

P.S. Good job I was running Mailwasher - which highlighted that this was a dodgy email from Paypal..

[crowfan]

I have two email addresses: optonline.net and yahoo.com. Both emails received the PayPal spoof.

I use my Yahoo account for anything that I think will generate spam.

I use my optonline account here at Interact, and I *never* get spam in that account.

I am located in NY.

Hope this helps,

crow

[John Gateley]

If you got the spam, could you please post the header info (minus personal details) here please? I need to know if they all came from the same mailer.

Rhino - did you use a real e-mail address when registering, and was it the same one as here? I know the public one wasn't, but it is possible the chat room was hacked.

j

[Deivit]

Got two emails... one yesterday the other one today. Reported the first one to paypal.

The address is the one I use with this forum and to register Media Center, but I use it for other purposes too, so I cannot be sure of the origin.

The address is xxxx @ yahoo (not .com but .es)

Edit: Never used the chat room. My email is hidden here on my Interact profile.

[markp99]

got one on my xxx@comcast.net account...


Actually...looking at header, it was my attbi.com account, forwarded to comcast.