Main > Forum/Website Discussion
Possible compromise of member list data: phishing attempt after buy/sell post
Rockstead:
I recently posted on the buy and sell sub and I just had a pretty good phishing attempt on my personal email.
The send email was from saint@arcadecontrols.com and what made me realize that it was a phishing attempt was that 1. The reply to address was different, it was bally00life@gmail.com 2. It was weird that Saint wouldn’t have message me through a pm on the board.
The fake saint wanted me to email Regis at freedomwayxx@outlook.com for the Time Crisis Red Pedal I was looking for.
I have to think that it’s very likely the user database on arcadecontrols is compromised as the phisher was able to retrieve the email account that I have on my profile here.
I have already reached out to Saint to let him know, and he did confirm it wasn’t him.
saint:
I'll certainly take a look but it'd be a fairly odd way of going about things. I've asked for the message header from the email he received so I can look at the sending server's info.
Rockstead:
Thanks for taking it seriously and looking at it so promptly, I sent you the info.
I posted this in case someone else had something similar happen, it wasn’t like those normal phishing attempts people get on a daily basis, it was very targeted using credible information and someone that took their time to personally target my ad along with having my personal email.
saint:
OK I'm leaving this up because it was a clever but annoying non-hack by a new and now banned forum member and people will want to know what he did and how.
When someone sends you a PM here on the forum, the forum will send you an email with the contents of the PM. It comes from the arcadecontrols.com server, sent to the email you have on file here on the server. The person who sent you the PM doesn't have your email info.
What this guy did was immediately after sending the PM, and then waiting for a moment, he deletes the PM. You log on to the forum, no PM. However, you did get an email to your private email address with the contents of the message he sent you.
He sent the same PM to 6 additional people, all telling them to email a specific email address to get an arcade part they mentioned they were looking for here on the forum.
Clever and annoying bit of marketing spam.
If you got a PM or an email from the forum with the contents of a PM telling you to email "Regis" at "fredomwayxx@outlook...." it's SPAM from user bally00life, who is now banned.
A snippet of the raw database showing what he's done is attached:
Note, the forum database was not compromised. He's abusing the functionality of the forum software that sends email notifications.
PL1:
. . . and the one post for that account is now in Post Hell. :police:
Scott
Navigation
[0] Message Index
[#] Next page
Go to full version