Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[John Gateley]

Hi Y'all,

CCs are very safe. If there were any chance of compromise there, you would have heard from us already.

Thanks again for the patience and the calm tone!

j

[RhinoBanga]

Hi Y'all,

CCs are very safe. If there were any chance of compromise there, you would have heard from us already.

Thanks again for the patience and the calm tone!

j

What information did they get?

Names and addresses?

[graham131]

Hi Guys,

Sorry only just read all of this.  I got 1 too, immediately reported it to spoof@paypal.com.

My domain is a uk one, @btconnect.com

Cheers

Graham

[Chasoscar]

I got it also thru hotmail account. I dont use the IRC chatroom.

[John Gateley]

Hi Y'all,

Thanks for the info, we've got enough now.

I saw a few people mention they don't have paypal accounts. The fraud spam is not directed at individuals, they just blast away to whatever e-mail addresses they have, and those who happen to have paypal will sometimes respond. JRiver doesn't have ANY info on your paypal account, we don't accept paypal.

j

[RhinoBanga]

John,

As I asked before ... what information did they get?

Just our email addresses or more?

[jleerigby]

Even if they were (and I like you sincerely hope not) it's not your problem.  It's the banks problem provided you have not been reckless and have conformed with the terms and conditions of the card.

True of you have a credit card... Of course many people hav VISA (of MC / AMEX) debit cards and in the UK a debit card does not have the same protections as a credit card and the money is out of your account before you have a chance to correct it.. Instead of the security of VISA witholding the merchants money (usually 90 days with VISA merchants) the bank faces an actual money loss and is therefore MUCH tougher about paying back funds.  Moral is use a credit card instead of a debit card every time...

For those with SPAM issues I strongly recomend Cloudmarks Spamnet... I have my email public all over forums and get a >10:1 spam ratio but its not a problem as spamnet gets 99% of it and cleans it all out for me to a SPAM folder... The community reporting method works great.

The principle remains the same whether it's credit or debit card.  If the retailer cannot provide your signature or other proof that you initiated the transaction for a purchase of goods/service and you have not done anything silly or fraudulent then you will get a refund.  I take your point though that the ease with which you get your refund will vary depending on the attitude of the representative of your bank.

(I work for a very large global bank based in the UK.)

[JimH]

email addresses were the only problem.

This was reported above.

[sraymond]

email addresses were the only problem.

This was reported above.

Is it possible to change the e-mail address associated with INTERACT?

I'm sure it'll never happen again, but I'd really like to keep my "e-mail for life" account safe-as-can-be.

Scott-

[JimH]

You can modify your profile.

[RhinoBanga]

email addresses were the only problem.

This was reported above.

Where?

On this page or on pages 1 or two?

I couldn't see it hence the question.

[JimH]

Jamie,
For security reasons, I would prefer to minimize discussion of any detail.  I hope you'll understand.

Jim

We now believe that the database was accessed from the outside.  It exists on a machine that is outside our firewall  (it has to be).  The only thing on it that would affect you is the e-mail address database.

[dpbeatley]

Got 2 emails from the fake PayPal scam. Headers were identical for both so I'm including only one: (personal info x'ed out)
========================

Status:  U
Return-Path: <verification@paypal.com>
Received: from mail.epost.de ([193.28.100.164])
   by james.mail.atl.earthlink.net (EarthLink SMTP Server) with ESMTP id 1aEEq4J83Nl3r10
   for <xxxxxxx@mindspring.com>; Thu, 8 Jan 2004 12:58:07 -0500 (EST)
Received: from [62.111.240.130] (62.111.240.130) by mail.epost.de (6.7.015) (authenticated as nathaly@epost.de)
        id 3FFBD47C0003A462 for xxxxxxxx@mindspring.com; Thu, 8 Jan 2004 18:58:07 +0100
Date: Thu, 8 Jan 2004 18:58:07 +0100 (added by postmaster@mail.epost.de)
Message-ID: <3FFBD47C0003A462@PPD27101.x.de> (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>
X-Mailer: PayPal Mailer
Reply-To: "PayPal" <verification@paypal.com>
To: xxxxxxx@mindspring.com
Subject: Verify your identity
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit<html>
=============================================

BTW all- prior to knowing that JRiver may be the source, I notified PayPal and sent them the headers as well.

Hang the bastard!
Dennis

[Sam]

After the PayPal email, I changed the email address in my profile and my megaskin (I think they're separate) to a new "temporary" address that I just created.  I just got a new PayPal email to that address today!

[Griff]

Well when this stuff happen , I sent it to Ebay.

They were out of two people who had the private addr., the only other one  that I could assume their database was compromised.

[pbreet]

I've received two of the paypal emails, I was not sure till now they were spam, but I always delete stuff like that, so I simply deleted them.  My mother says I'm too paranoid....

[antolod]

I got one too.  But my email is used for several forums friends/family.  @insightbb.com and I've had relatively little spam, mostly junk email from manufacturers or vendors I have done business with.  I won't bother posting the header, since John said he has enought info, but it was the epost.de one.

[paulr]

I received one of these "paypal" scam emails as well just today.  In Outlook/IE it was almost impossible to tell it was faked.

I *just* paid for MC10 as well.

Email domain is sbcglobal.net

Header:

X-Apparently-To: xxxxx@sbcglobal.net via web80407.mail.yahoo.com; Sat, 10 Jan 2004 15:54:56 -0800
X-YahooFilteredBulk: 193.28.100.167
Return-Path: <verification@paypal.com>
Received: from vmb-ext.prodigy.net (207.115.63.87)
  by mta820.mail.sc5.yahoo.com with SMTP; Sat, 10 Jan 2004 15:54:55 -0800
X-Header-Overseas: Mail.from.Overseas.source.193.28.100.167
X-Originating-IP: [193.28.100.167]
Received: from mail.epost.de (mail.epost.de [193.28.100.167] (may be forged))
   by vmb-ext.prodigy.net (8.12.10/8.12.10) with ESMTP id i0ANssCE484674
   for <xxxxx@sbcglobal.net>; Sat, 10 Jan 2004 18:54:54 -0500
Received: from [62.111.240.130] (62.111.240.130) by mail.epost.de (6.7.015) (authenticated as nathaly@epost.de)
        id 40007E6E0000310A for xxxxx@sbcglobal.net; Sun, 11 Jan 2004 00:54:52 +0100
Date: Sun, 11 Jan 2004 00:54:52 +0100 (added by postmaster@mail.epost.de)
Message-ID: <40007E6E0000310A@PPD27104.x.de> (added by postmaster@mail.epost.de)
From: "PayPal" <verification@paypal.com>
X-Mailer: PayPal Mailer
Reply-To: "PayPal" <verification@paypal.com>
To: xxxxx@sbcglobal.net
Subject: Verify your identity
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit<html>
X-Text-Classification: personal

[John Gateley]

I *just* paid for MC10 as well.

It was sent to your forum address, not to the address you used for payment (even though they may be the same).

Again: purchase data is secure. It's not the same machine, it's not the same location, it's not the same data, and security is a lot tighter on that machine.

On a side note, one of the things that confused me was I had a couple of e-mail addresses in the forum that were unique, and I didn't receive the spam. It arrived today

j

[Charlemagne 8]

It's not just Interact. I have several of those fake's on several different addresses, some of which are on neither Interact or Ebay.

[Griff]

On a side note, one of the things that confused me was I had a couple of e-mail addresses in the forum that were unique, and I didn't receive the spam. It arrived today

It's not just Interact. I have several of those fake's on several different addresses, some of which are on neither Interact or Ebay.

So whats in common here?

[John Gateley]

It's not just Interact. I have several of those fake's on several different addresses, some of which are on neither Interact or Ebay.

Thanks for reminding me, I've been meaning to say this.

I've been getting the paypal fraud for over a month now, they will use whatever addresses they can find, attained in whatever way they can.

I'm sure they purchase e-mail addresses from other spammers, and now I know they resort to illicit means to get addresses as well. This is probably the "logical next step" to the recent news that spammers and hackers were joining forces to create viruses/trojans that invade computers and then use them to send spam.

If you get the paypal scam, it may or may not be from Interact.

j

[scott_r]

YAY! I finally got TWO PayPal emails! I was beginning to feel left out there!

The header is identical to all the others, so I won't bother posting it.

One of the addresses I used to sign up on Interact and purchase MC9, and the other I used to purchase MC10.

EDIT - Deleted a, on second thoughts, foolish comment.

Scott.

[John Gateley]

On a side note, one of the things that confused me was I had a couple of e-mail addresses in the forum that were unique, and I didn't receive the spam. It arrived today

It's not just Interact. I have several of those fake's on several different addresses, some of which are on neither Interact or Ebay.

So whats in common here?

Nothing, really. I have been receiving the paypal scam for a while. But I didn't receive it at the addresses on the forum until today.

j

[Griff]

But I didn't receive it at the addresses on the forum until today.

Thats what bugs me.

i dont think its this place.

But it might be some place we all frequent.

Thats what I meant by in common.

[John Gateley]

Hi Griff,

They are pulling addresses from multiple places using multiple techniques. They are sending millions of e-mails, not a few hundred or even a few thousand.

j

[Omni]

Yeah, I finally got hit today as well.    It's a good thing, too, because after three pages of this thread, I was starting to feel a little left out.  

[Zoner]

Shouldn't J River send out an email to all email addresses used to register for this forum, warning people about this scam?  I almost clicked on the link, and I'm far from a newbie.  Some forum users *will* lose money because of this scam, and they won't be happy to learn that J River knew about the problem but didn't inform them.

[sraymond]

Shouldn't J River send out an email to all email addresses used to register for this forum, warning people about this scam?  I almost clicked on the link, and I'm far from a newbie.  Some forum users *will* lose money because of this scam, and they won't be happy to learn that J River knew about the problem but didn't inform them.

Agreed.  Though Darwin might not share our viewpoint!

Scott-

[Uwe]

Ok, got two Spam Mails too. Just wondering why they wait so long ?
Uwe

[ph_bradley]

i very much hope that jriver has reported this (as far as I'm concerned) MASSIVE security flaw to YaBB since from readiong this forum it seems clear that somehow they have pooled our adresses for the board's database. I very much hope then, if they can get our addy's, they can't / haven't already got our passwords. I'm sure several less paranoid users than myself will use the same password for more critical services than a message board.

[JimH]

i very much hope that jriver has reported this (as far as I'm concerned) MASSIVE security flaw to YaBB since from reading this forum it seems clear that somehow they have pooled our adresses for the board's database. I very much hope then, if they can get our addy's, they can't / haven't already got our passwords. I'm sure several less paranoid users than myself will use the same password for more critical services than a message board.

For security reasons, we are not yet saying much about what we know.  Please don't assume that you know.  It only adds to the confusion.

Changing passwords is always a good idea.

[salsbst1]

Please reconsider the reasons that you have your database outside the firewall.  If there are app servers outside your firewall that need access to it, give them static IPs and poke a hole in the firewall.

[LisaRCT]

Hi Griff,

They are pulling addresses from multiple places using multiple techniques. They are sending millions of e-mails, not a few hundred or even a few thousand.

j

This scam is not new . . .  this has happened several times in the past, but with eBay letters instead of PayPal.

[JimH]

I'm closing this thread now.  I think everything that can be said has been said several times.

As I've said above, we won't say more right now.