*
Welcome, Guest. Please login or register.
March 29, 2024, 06:22:19 AM

Login with username, password and session length

Donate

We Appreciate Your Support

Members
Stats
  • Total Posts: 1686613
  • Total Topics: 118113
  • Online Today: 762
  • Online Ever: 2235
  • (October 29, 2023, 12:32:45 AM)
Users Online

Recent

Author Topic: email from Hasslefree I dont understand? Possible scam?  (Read 5134 times)

Offline PhilB

  • Scientist
  • Posts: 431
    • A Dragontooth Grognard
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #15 on: September 02, 2015, 07:23:33 AM »
Y'all know the adage: "if it sounds too good to be true..."
These days hackers and phishers will go as far as mimicking targetted commercial sites, with just a slight change in the address that unsuspecting customers might not notice at first, and then use that to get bank details and make charges to your accounts. It often looks just like the site you think you're on, but it's like a movie set of a ghost town: fascades with nothing but cobwebs & nasty spiders lurking behind.

Don't prove PT Barnum right!

Offline Artemis Black

  • Bookworm
  • Posts: 72
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #16 on: September 02, 2015, 07:29:20 AM »
I received one too. Because it was badly written and had my name in the wrong order, I just flagged it as spam. I didn't click on the link because it might automatically have downloaded malware.

I've also just gone through a vigorous anti-malmare purge as a result of apparently spoofed emails from me with an iPhone signature. It turned up nothing. Because of the nature of the connectivity between some of the emails, I was wondering whether an open forum containing the email addresses of wargamers had been abused or hacked.


It is all a bit confusing at the moment. We haven't been breached, some of the email addresses who got the spam mail aren't customers of ours and arent in our database. Our newsletter company hasn't been breached. The number of people connected to HF who got the email seems very low too, more reports of not getting it than getting it.

It's going to end up as one of those annoying 'spend days trying to work out what it was, achieves nothing' things *mutter*
« Last Edit: September 02, 2015, 08:18:56 AM by Artemis Black »

Offline Momotaro

  • Mastermind
  • Posts: 1320
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #17 on: September 02, 2015, 08:28:51 AM »
It is all a bit confusing at the moment. We haven't breached, some of the email addresses who got the spam mail aren't customers of ours and arent in our database. Our newsletter company hasn't been breached. The number of people connected to HF who got the email seems very low too, more reports of not getting it than getting it.

That's the main thing - nothing has been stolen from your site or anyone related to you.

Quote
It's going to end up as one of those annoying 'spend days trying to work out what it was, achieves nothing' things *mutter*

'Fraid so - it's just one of those things, someone has picked your site and decided to spoof it and it's all done in external emails.  I get the occasional one through pretending to be from my bank and they can be far more subtle than this - they do get through spam filters.  Sometimes a suspicious email turns out to be genuine!

The email header will have reverse DNS lookups in the Received fields that can track the message's path through the "legitimate" email network, but watch out - they sometimes even fake the very first stage of the header.  If you see a line that has two Received From IP addresses in [], only the second one is legit, and is the "entry point", either the spoofer's computer or the last compromised server in the relay.  Submit the emails to the antivirus people and they'll be able to pick them apart - keep yourself off spam blacklists.

Why yes, I have been through the same process, many moons ago...

Besides, we know that a prize from Hasslefree would arrive smelling of bacon jam  :D

« Last Edit: September 02, 2015, 08:31:47 AM by Momotaro »

Offline Artemis Black

  • Bookworm
  • Posts: 72
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #18 on: September 02, 2015, 08:42:30 AM »
*grin* Possibly true.

I was up at 5 thanks to this so had plenty of time to go digging. The fake site thepromo.link was registered yesterday and seem to use a combination of german/swiss and us details. The website you see if you clicked on the email 'is' ours, but it's just being redirected as a pop-under kind of thing. So currently, and sort of darkly amusngly, if you click the link in the email (not recommended at all!) you see a pop-up saying you have won a voucher and in the background our website with 'YOU HAVE NOT WON A VOUCHER!' in large letters on the front page :)
« Last Edit: September 02, 2015, 08:51:11 AM by Artemis Black »

Offline Tactalvanic

  • Mastermind
  • Posts: 1566
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #19 on: September 02, 2015, 09:11:28 AM »
Subtle

like it

very annoying though that they have found a service to enable them to not even bother going through the effort of copying your website, for the scam, and simply overlaying on the real website.

Its DNS ip reference has gone now thepromo.link that is, still hosted name, but no longer connection to an address.

I stand corrected, someone messing with me tools :(

have you raised an issue with the service provider thepromo?

So they are quite quick at noticing.
« Last Edit: September 02, 2015, 09:20:10 AM by Tactalvanic »

Offline Fighting15s

  • Scientist
  • Posts: 226
    • Fighting 15s
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #20 on: September 02, 2015, 09:18:49 AM »
The worst thing is that someone has taken it upon themselves to fake an email from a comparatively small wargames company that includes genuine graphics (the Hasslefree website logo in yellow) and such to help convince recipients that it is legit. It's quite a change down in gear from fake emails from BT, DHL and other couriers, banks and PayPal.
Ian
Fighting 15s
Gladiator Miniatures, Fighting 15s Flags, Martian Empires and Flashing Blade Miniatures
https://www.fighting15s.com

Offline beefcake

  • Galactic Brain
  • Posts: 7413
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #21 on: September 02, 2015, 09:21:41 AM »
I received the email from HF saying some scam mail has gone out. So that was definitely a scam.


Offline Tactalvanic

  • Mastermind
  • Posts: 1566
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #22 on: September 02, 2015, 09:22:37 AM »
They may even be using someones legit services to do so.

Which is annoying for both parties - the service provider for the promo link and the affected company

If its legit service provision, demonstrates how easy it is for some to abuse it

Offline Artemis Black

  • Bookworm
  • Posts: 72
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #23 on: September 02, 2015, 09:30:57 AM »
The worst thing is that someone has taken it upon themselves to fake an email from a comparatively small wargames company that includes genuine graphics (the Hasslefree website logo in yellow) and such to help convince recipients that it is legit. It's quite a change down in gear from fake emails from BT, DHL and other couriers, banks and PayPal.

The email thing is pretty easy to set up a bot for I would think, just send us an email either through registration or forgot your password or one of the other form ways o do so and clone what you get back.

We don't think we've been specifically targeted as the setup is way too slick. thepromo.link is 'very' convincing until you check it's whois and ip details etc.

Basically as the target list was small, we havent had any reports of anyone falling for the spam yet (and lots saying it was obvious or it already went to their spam folder), then unless someting similar happens again there's not a great deal we can do about it. Our tech guys are submitting reports to whoever you do that to :) (googles spam filter, any legit details on whois  etc)

Offline Tactalvanic

  • Mastermind
  • Posts: 1566
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #24 on: September 02, 2015, 09:50:26 AM »
Yeah, slick website, with very little content, everything only just registered the first of this month..

disposable email address/account.

the whois record is basically fully of fake info :(

well dodgy

Offline Fighting15s

  • Scientist
  • Posts: 226
    • Fighting 15s
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #25 on: September 02, 2015, 10:10:54 AM »
The email thing is pretty easy to set up a bot for I would think, just send us an email either through registration or forgot your password or one of the other form ways o do so and clone what you get back.

We don't think we've been specifically targeted as the setup is way too slick. thepromo.link is 'very' convincing until you check it's whois and ip details etc.

Basically as the target list was small, we havent had any reports of anyone falling for the spam yet (and lots saying it was obvious or it already went to their spam folder), then unless someting similar happens again there's not a great deal we can do about it. Our tech guys are submitting reports to whoever you do that to :) (googles spam filter, any legit details on whois  etc)

I thought it would be easy enough to set up - I mean, you don't even have to be literate to write the text that the email contains.

My concern is more that such a comparatively small business in the world is the subject of the scam, even if it is not the specific target. Though I am guessing at "small" - I'm assuming you lot aren't yet all turning up in shiny new Jaguar F-types for work.  :D

Anyway some of us are perfectly able to sabotage our own businesses without the help of scammers and viruses: I am just reprinting all the paperwork for the weekend's orders after catching my coffee cup on the sticky end of the tape dispenser...
« Last Edit: September 02, 2015, 10:15:53 AM by Fighting15s »

Offline Gunbird

  • Scatterbrained Genius
  • Posts: 2297
  • With miniatures, anything is possible!
    • 20mm and then some
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #26 on: September 02, 2015, 10:18:42 AM »
Well, happy to have signalled my concerns, and to have sent them straight to Hasslefree as well. Just gone over my pc with several fine tooth combs and no malware or anything has been detected.
Who is Gunbird? Johan van Ooij, Dutch, Mercenary Gamer, no longer mobile and happy to live life while it lasts >> http://20mmandthensome.blogspot.com/

Offline Artemis Black

  • Bookworm
  • Posts: 72
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #27 on: September 02, 2015, 10:21:52 AM »
I thought it would be easy enough to set up - I mean, you don't even have to be literate to write the text that the email contains.

My concern is more that such a comparatively small business in the world is the subject of the scam, even if it is not the specific target. Though I am guessing at "small" - I'm assuming you lot aren't yet all turning up in shiny new Jaguar F-types for work.  :D

Anyway some of us are perfectly able to sabotage our own businesses without the help of scammers and viruses: I am just reprinting all the paperwork for the weekend's orders after catching my coffee cup on the sticky end of the tape dispenser...


My guess is we weren't a target so to speak. We had an incident a few weeks ago where a bot attacked and took down our site using some library code. My guess is that the library code was on 'lots' of sites. Now somethign similar has happened again, there's probably dozens of business around the world in all industries dealing with the exact same thing as us this morning. Some bit of code or whatever will connect us all. I pay people to sort that bit out, as you say, we have enough probellms sorting our own messes out!

And while we are probably bigger than most people think, there's not a Jag in my future just yet :D

(I am off to South Beach in a few weeks though, but I can assure you it's not on the £5s of many unsuspecting customers ;) )

Offline Artemis Black

  • Bookworm
  • Posts: 72
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #28 on: September 02, 2015, 10:23:13 AM »
Well, happy to have signalled my concerns, and to have sent them straight to Hasslefree as well. Just gone over my pc with several fine tooth combs and no malware or anything has been detected.

A check is always a good idea, and glad yours came up empty, but as far as any of our tech guys can see the scam is passive and looking for payment details. We've all been messing about with the link/email/their home site all morning and none of our scans have registered anything.

Offline maxxon

  • Mad Scientist
  • Posts: 672
    • Small Cuts
Re: email from Hasslefree I dont understand? Possible scam?
« Reply #29 on: September 02, 2015, 11:35:50 AM »
Hate to say it, but this sounds like it's done by someone connected to the hobby.

They reason they usually go after CitiBank customers or the like is that you can send the email to 1 million random people, many of them will be real customers and some will bite. Scams like this are a numbers game -- returns are extremely low, so you need tons of volume (and zero costs using hijacked computers to send out emails).

With HF the target audience is just too small. Your average person probably wouldn't spend a 75 quid voucher at HF even if he got it for free, so the incentive to pay is virtually nil.

Small Cuts - a miniatures webzine - www.smallcuts.net

 

Related Topics

  Subject / Started by Replies Last post
31 Replies
7336 Views
Last post October 02, 2009, 11:25:45 PM
by Wirelizard
13 Replies
3712 Views
Last post August 07, 2011, 03:28:42 PM
by Dr Mathias
13 Replies
3257 Views
Last post August 02, 2013, 10:12:50 AM
by Artemis Black
39 Replies
6494 Views
Last post January 23, 2014, 10:37:37 PM
by ErikB
6 Replies
1436 Views
Last post November 16, 2016, 04:57:03 AM
by grant