Lead Adventure Forum
Other Stuff => General Wargames and Hobby Discussion => Topic started by: Gunbird on September 01, 2015, 11:08:58 PM
-
I don't know what to make of it, I just received 2 emails from Hasslefree within 10 minutes, telling me something about coupon validation and being a monthly winner, then linking me to their webpage. Problem is, first email is adressed to me but the coupon is made out to a riseinggamesAT some or other emailadress, and the second email does have my correct emailadress.
It then tells me I won a 75 Pound purchase but have to spend 5 pounds system fee first?
Is this legit? I can't remember entering any sweepstakes and I've registerd my account years ago?
A bit worried now.....ányone can enlighten me?
-
You could send them a message on Facebook? If you aren't on Facebook I can do it for you.
-
Sounds like a scam to me.
-
Contact Kev and Sal direct through the website.
-
Contacted them on FB but got no reply, will send them a email on their website now
-
I'm going over both emails with a fine tooth comb now. 1 says Hasslefree Miniatures Cheap Coupon and the other Hasslfree Miniatures 2D Coupon. Both have a link to the website, but it is listed as
http://hfminis-co-uk.thepromo.link/?email=CENSORED
Mod Edit: Do not follow the above link. Left for reference, note the difference to the regular HF website URL.
It takes me to their webpage with a pop up over it:
(http://i1373.photobucket.com/albums/ag363/gunbird20mmunbird20mm/scam_zpstylncya4.jpg) (http://s1373.photobucket.com/user/gunbird20mmunbird20mm/media/scam_zpstylncya4.jpg.html)
Scam?
-
Probably.
HF's site is "hfminis.co.uk" Dots, not hyphens.
-
Well i clicked the link and it told me the same thing, so something tells me it's just a scam, afterall if hasslefree gave everyone a £75 voucher they'd go under damned fast.
-
That is worrying! How did they know to target me?
-
Don't reply to anything on it. Definitely spam. Kev and his team will take care of it .
-
The website you're being sent to is promo.link - the first part of the address is merely a server name , which is why they have to use hyphens.
Definitely a scam. Don't give them that £5 !
Geting your email address and the type of sites you visit is probably done in a tracker script or cookie - adverts these days are more active than just a simple picture with a link on it. Many adverts on e.g eBay are very dodgy.
Us the Ghostery and AdBlock browser extensions to stop rubbish like that running on your computer.
Or user data was taken in the last breach.
-
I would never click on a link in a suspicious email.
-
You have something in your computer mate.
Download and run this program:
https://www.malwarebytes.org/antimalware/
Highly recommended for cleaning up any malware on your machine.
-
Yeah that is 'not' from us, do not click on anything or give any details etc.
We're looking into it right now, but as it happened overnight it's unlikely we can do anything until 9am GMT when our tech guys log in etc.
The one thing I have been able to work out by myself this morning is it is not due to a database breach. Because the spam mail has spoofed our email address then we get bounced emails or out of office replies and some of the email addresses bouncing to us are not customers of ours, therefore are not email addresses that are in our database.
It's also only a handful, less than we get if we send out a newsletter. So at the moment, I have very little idea what's happened other than that is definitely not from us and we haven't been breached.
We have emails in with the newsletter company we use to see if 'they' have had a breach and are awaiting our tech guys logging in to look into it.
-
I received one too. Because it was badly written and had my name in the wrong order, I just flagged it as spam. I didn't click on the link because it might automatically have downloaded malware.
I've also just gone through a vigorous anti-malware purge as a result of apparently spoofed emails from me with an iPhone signature. It turned up nothing. Because of the nature of the connectivity between some of the emails, I was wondering whether an open forum containing the email addresses of wargamers had been abused or hacked.
-
Y'all know the adage: "if it sounds too good to be true..."
These days hackers and phishers will go as far as mimicking targetted commercial sites, with just a slight change in the address that unsuspecting customers might not notice at first, and then use that to get bank details and make charges to your accounts. It often looks just like the site you think you're on, but it's like a movie set of a ghost town: fascades with nothing but cobwebs & nasty spiders lurking behind.
Don't prove PT Barnum right!
-
I received one too. Because it was badly written and had my name in the wrong order, I just flagged it as spam. I didn't click on the link because it might automatically have downloaded malware.
I've also just gone through a vigorous anti-malmare purge as a result of apparently spoofed emails from me with an iPhone signature. It turned up nothing. Because of the nature of the connectivity between some of the emails, I was wondering whether an open forum containing the email addresses of wargamers had been abused or hacked.
It is all a bit confusing at the moment. We haven't been breached, some of the email addresses who got the spam mail aren't customers of ours and arent in our database. Our newsletter company hasn't been breached. The number of people connected to HF who got the email seems very low too, more reports of not getting it than getting it.
It's going to end up as one of those annoying 'spend days trying to work out what it was, achieves nothing' things *mutter*
-
It is all a bit confusing at the moment. We haven't breached, some of the email addresses who got the spam mail aren't customers of ours and arent in our database. Our newsletter company hasn't been breached. The number of people connected to HF who got the email seems very low too, more reports of not getting it than getting it.
That's the main thing - nothing has been stolen from your site or anyone related to you.
It's going to end up as one of those annoying 'spend days trying to work out what it was, achieves nothing' things *mutter*
'Fraid so - it's just one of those things, someone has picked your site and decided to spoof it and it's all done in external emails. I get the occasional one through pretending to be from my bank and they can be far more subtle than this - they do get through spam filters. Sometimes a suspicious email turns out to be genuine!
The email header will have reverse DNS lookups in the Received fields that can track the message's path through the "legitimate" email network, but watch out - they sometimes even fake the very first stage of the header. If you see a line that has two Received From IP addresses in [], only the second one is legit, and is the "entry point", either the spoofer's computer or the last compromised server in the relay. Submit the emails to the antivirus people and they'll be able to pick them apart - keep yourself off spam blacklists.
Why yes, I have been through the same process, many moons ago...
Besides, we know that a prize from Hasslefree would arrive smelling of bacon jam :D
-
*grin* Possibly true.
I was up at 5 thanks to this so had plenty of time to go digging. The fake site thepromo.link was registered yesterday and seem to use a combination of german/swiss and us details. The website you see if you clicked on the email 'is' ours, but it's just being redirected as a pop-under kind of thing. So currently, and sort of darkly amusngly, if you click the link in the email (not recommended at all!) you see a pop-up saying you have won a voucher and in the background our website with 'YOU HAVE NOT WON A VOUCHER!' in large letters on the front page :)
-
Subtle
like it
very annoying though that they have found a service to enable them to not even bother going through the effort of copying your website, for the scam, and simply overlaying on the real website.
Its DNS ip reference has gone now thepromo.link that is, still hosted name, but no longer connection to an address.
I stand corrected, someone messing with me tools :(
have you raised an issue with the service provider thepromo?
So they are quite quick at noticing.
-
The worst thing is that someone has taken it upon themselves to fake an email from a comparatively small wargames company that includes genuine graphics (the Hasslefree website logo in yellow) and such to help convince recipients that it is legit. It's quite a change down in gear from fake emails from BT, DHL and other couriers, banks and PayPal.
-
I received the email from HF saying some scam mail has gone out. So that was definitely a scam.
-
They may even be using someones legit services to do so.
Which is annoying for both parties - the service provider for the promo link and the affected company
If its legit service provision, demonstrates how easy it is for some to abuse it
-
The worst thing is that someone has taken it upon themselves to fake an email from a comparatively small wargames company that includes genuine graphics (the Hasslefree website logo in yellow) and such to help convince recipients that it is legit. It's quite a change down in gear from fake emails from BT, DHL and other couriers, banks and PayPal.
The email thing is pretty easy to set up a bot for I would think, just send us an email either through registration or forgot your password or one of the other form ways o do so and clone what you get back.
We don't think we've been specifically targeted as the setup is way too slick. thepromo.link is 'very' convincing until you check it's whois and ip details etc.
Basically as the target list was small, we havent had any reports of anyone falling for the spam yet (and lots saying it was obvious or it already went to their spam folder), then unless someting similar happens again there's not a great deal we can do about it. Our tech guys are submitting reports to whoever you do that to :) (googles spam filter, any legit details on whois etc)
-
Yeah, slick website, with very little content, everything only just registered the first of this month..
disposable email address/account.
the whois record is basically fully of fake info :(
well dodgy
-
The email thing is pretty easy to set up a bot for I would think, just send us an email either through registration or forgot your password or one of the other form ways o do so and clone what you get back.
We don't think we've been specifically targeted as the setup is way too slick. thepromo.link is 'very' convincing until you check it's whois and ip details etc.
Basically as the target list was small, we havent had any reports of anyone falling for the spam yet (and lots saying it was obvious or it already went to their spam folder), then unless someting similar happens again there's not a great deal we can do about it. Our tech guys are submitting reports to whoever you do that to :) (googles spam filter, any legit details on whois etc)
I thought it would be easy enough to set up - I mean, you don't even have to be literate to write the text that the email contains.
My concern is more that such a comparatively small business in the world is the subject of the scam, even if it is not the specific target. Though I am guessing at "small" - I'm assuming you lot aren't yet all turning up in shiny new Jaguar F-types for work. :D
Anyway some of us are perfectly able to sabotage our own businesses without the help of scammers and viruses: I am just reprinting all the paperwork for the weekend's orders after catching my coffee cup on the sticky end of the tape dispenser...
-
Well, happy to have signalled my concerns, and to have sent them straight to Hasslefree as well. Just gone over my pc with several fine tooth combs and no malware or anything has been detected.
-
I thought it would be easy enough to set up - I mean, you don't even have to be literate to write the text that the email contains.
My concern is more that such a comparatively small business in the world is the subject of the scam, even if it is not the specific target. Though I am guessing at "small" - I'm assuming you lot aren't yet all turning up in shiny new Jaguar F-types for work. :D
Anyway some of us are perfectly able to sabotage our own businesses without the help of scammers and viruses: I am just reprinting all the paperwork for the weekend's orders after catching my coffee cup on the sticky end of the tape dispenser...
My guess is we weren't a target so to speak. We had an incident a few weeks ago where a bot attacked and took down our site using some library code. My guess is that the library code was on 'lots' of sites. Now somethign similar has happened again, there's probably dozens of business around the world in all industries dealing with the exact same thing as us this morning. Some bit of code or whatever will connect us all. I pay people to sort that bit out, as you say, we have enough probellms sorting our own messes out!
And while we are probably bigger than most people think, there's not a Jag in my future just yet :D
(I am off to South Beach in a few weeks though, but I can assure you it's not on the £5s of many unsuspecting customers ;) )
-
Well, happy to have signalled my concerns, and to have sent them straight to Hasslefree as well. Just gone over my pc with several fine tooth combs and no malware or anything has been detected.
A check is always a good idea, and glad yours came up empty, but as far as any of our tech guys can see the scam is passive and looking for payment details. We've all been messing about with the link/email/their home site all morning and none of our scans have registered anything.
-
Hate to say it, but this sounds like it's done by someone connected to the hobby.
They reason they usually go after CitiBank customers or the like is that you can send the email to 1 million random people, many of them will be real customers and some will bite. Scams like this are a numbers game -- returns are extremely low, so you need tons of volume (and zero costs using hijacked computers to send out emails).
With HF the target audience is just too small. Your average person probably wouldn't spend a 75 quid voucher at HF even if he got it for free, so the incentive to pay is virtually nil.
-
Everything else aside, anytime someone tells you you won a prize without entering anything, it's bullshit. Any time someone tells you you need to pay something to claim a prize, it's bullshit.
-
Everything else aside, anytime someone tells you you won a prize without entering anything, it's bullshit. Any time someone tells you you need to pay something to claim a prize, it's bullshit.
I'm no cowboy, far less a cattle baron or veterinarian, BUT...
What Fram says just smells right.
That e-mail, don't, it just reeks of mendacity.
Valerik
"I plead the Fifth Commandment"
-
Hate to say it, but this sounds like it's done by someone connected to the hobby.
Depends, Artemis mentioned that this was probably done with a library code hitting HF and others, now if all those others are hobby related it's somebody with an interest. But I would assume its more likely its all smaller E-commerce websites.
-
Depends, Artemis mentioned that this was probably done with a library code hitting HF and others, now if all those others are hobby related it's somebody with an interest. But I would assume its more likely its all smaller E-commerce websites.
No, this doesn't have to do anything with the real HF site being hacked. You can create a spoof site without ever compromising the real one.
They may have got the email addresses from the hack, but non-customers receiving the emails suggests some other source.
The biggest issue is creating the emails so that they contain all the right names and logos. Note how the PayPal scam emails always address you as "Dear Customer" instead of by your name like the real ones?
It takes at least some effort to create site-specific scam emails. Someone usually going after CitiBank and PayPal customers wouldn't find HF worth their while.
Hmmm... it might be possible to exploit a hole in a popular eCommerce software to extract enough accurate information to automatically create the scams (correct names, company logos etc.) But then you should see multiple scam sites hosted under thepromo.link -- I can't find any. That would mean that either they rotate the scams in and out (slow for small gains) or actually register multiple domains for scamming (expensive).
The entire point behind these scams is that they are virtually free to run. The returns are low, but it doesn't cost anything to try and with enough volume you can earn something. Actually sinking money or effort into them makes them non-profitable.