# Dodgy email supposedly from CraftBrewer - beware



## Bribie G (1/10/16)

Got this in my Spam Folder today (Yahoo). I posted images only, I haven't clicked any of the links of course.








They got my first name right, which could be a coincidence, but they know that I'm a brewer.

Note: their URL isn't Craftbrewer
Grammar mistake, small i
CraftBrewer wouldn't direct you to EBay
further down, a URL that resembles Craftbrewer - Craft _space_ Brewer.com.au

Anyone else getting these? Is CB hacked or is it Yahoo the trustworthy and secure system. hahahahaha. If so goodbye Yahoo, I'll transfer everything to a second Gmail account.
Just putting it out there, I've phoned Anthony urgently.


----------



## manticle (1/10/16)

Doesn't look to me like it's hacked Ross' business - no logo or anything, signed brew direct.

Craft Brewer sounds pretty generic - my guess if you've bought a product online and supplied your email.


----------



## Camo6 (1/10/16)

I get dodgy emails from Paypal all the time. I always hover over any links and check the sender's address. Then block and report. Scammers everywhere.


----------



## DU99 (1/10/16)

i got one..why would it direct people to ebay links


----------



## Bribie G (1/10/16)

Likewise the paypals, I get about two per day. However Anthony did say he'd had similar emails forwarded to him by customers who had received.
DU99 did they get your first name right? That and your interest in home brew would nail it. I'd guess the ebay links are malware.

Or as manticle suggested were you also in the market for wingtip dress brogues, organic seeds or a khaki blazer recently as well?


----------



## Ducatiboy stu (1/10/16)

I am still waiting for the Nigerian $1 million...bastards are taking there time


----------



## Ducatiboy stu (1/10/16)

DU99 said:


> i got one..why would it direct people to ebay links


So that you buy the product off eBay


----------



## LiquidGold (1/10/16)

Same here regards PaypaI, so annoying.


----------



## Ducatiboy stu (1/10/16)

LiquidGold said:


> Same here regards PaypaI, so annoying.


Thats why I have never used it


----------



## Mardoo (1/10/16)

Yahoo had a major hack two years ago that they've only just reported last month.


----------



## manticle (1/10/16)

Ducatiboy stu said:


> Thats why I have never used it


The scams don't have anything to do with whether you use paypal or not.
I get email scam shit all the time from anz bank (no account with them) facebook (don't use it) and Nigeria (never been there, don't know Mr Hajib de norobo ko or why he wants to give me 50 million pounds stirling).

It's just phishing.


----------



## peteru (1/10/16)

Most of the time it's not paypal that leaks the customer info, but one of the retailers that you used your paypal account with. They often collect data to build their own marketing databases and either sell them, rent access to them or have them stolen.

I've been receiving various spam that uses details from a number of online sellers, including Farnell and Country Brewer. They have clearly been hacked years ago and their customer databases have been stolen. It's not uncommon. You can guarantee that most online businesses are targeted for this all the time. Part of their operating cost should be maintaining all their software and have a proactive security policy. Most business don't. Some chose to deal with security issues after a breach, many don't give a toss at all. Using off-the shelf solutions and not keeping the installation up to date is asking for it. Same as running an unpatched Windows machine directly connected to the Internet.


----------



## kevinj (1/10/16)

I got the same email sent to my Hotmail account.
once i saw "bit" in the address, delete.
I get Paypal like emails from this mob all the time.
I send them all to Paypal fake emails, they just keep coming.


----------



## earle (1/10/16)

Bribie G said:


> Got this in my Spam Folder today (Yahoo). I posted images only, I haven't clicked any of the links of course.
> 
> 
> 
> ...


I got one too. Doesn't look legit but could catch the unsuspecting


----------



## Ducatiboy stu (1/10/16)

A lot of people dont realise you can spoof emails addressing, headers and links, Unless you know what your looking for, which most dont, you will get caught

I always inspect every element of a dodgy email to see where the linkls truly point

Its intersesting, I get emails from Auspost ( scams ) which are pretty good, except they getting the simple stuff wrong like a tracking number sequence, or contact number.

But the guys are getting pretty good these days


----------



## earle (1/10/16)

The latest Aust post email I got gave me over 700 days to pick up my parcel before they returned it to sender. Very generous I thought. h34r:


----------



## evoo4u (1/10/16)

I just got this one yesterday. Hovered over the link, but nothing showed up in the task bar. The sender got my email correct, but a generic salutation.


----------



## warra48 (1/10/16)

Got one too. Deleted as soon as I took a cursory glance at it, as it was obviously a scam email.

Get them all the time from Paypal, ANZ and others.
Have not banked with ANZ for over 40 years, but I'm impressed with their historic archival customer record keeping.
The bulk of these emails have clearly recognisable spelling and grammatical errors in their text, chenglish or woglish stands out like the proverbial.


----------



## Bribie G (1/10/16)

Why are we block you account? Please enter infomations:


----------



## SBOB (1/10/16)

if you get away from yahoo, you will definitely reduce your spam emails considerably..

google/gmail has one of the best spam filters and happily trashes all those kind of emails for me 99% of the time

I use my gmail account as my primary, but it also 'pulls' emails from my yahoo account so I only have to check one place.


----------



## browndog (1/10/16)

I got one too, though as I just ordered a bit of brewery kit from Hong Kong, thought it was from them. Never the less the links looked dodgy and I deleted it. Dodgy bastids.


----------



## Aus_Rider_22 (1/10/16)

manticle said:


> It's just phishing.


Yep, some of them seem very legit/official. I get a chuckle out of them but feel bad for the many unwitting users who click along with them


----------



## evoo4u (1/10/16)

I am always amazed at the numbers of presumably intelligent white collar workers (lawyers etc) who get sucked in to the Nigerian scams and then have the balls to whinge to anyone who'll listen how they were duped!. Greed I guess, and the well-honed ability to suspend rational thought!


----------



## GABBA110360 (1/10/16)

yeah i got the same email junk


----------



## madpierre06 (1/10/16)

Ducatiboy stu said:


> I am still waiting for the Nigerian $1 million...bastards are taking there time


Not all it's cracked up to be...after taxes, I barely ended up with enough for a 6-pack.


----------



## Toper (2/10/16)

A handy site,it's run by a gent I know in the States,use the email parser to trace the full headers and see if an IP or addy is on their database as a known scammer.
http://www.nextwebsecurity.com/LocationTools.asp


----------



## Kev R (2/10/16)

I got one to, my email address is only 3 weeks old as i changed provider.
In that time the only shopping Ive done is ebay via pay pal. Have not shopped at Craft Brewer in that time.


----------



## A.B. (3/10/16)

Yep got same email in my bigplop account


----------



## pnorkle (3/10/16)

Kev R said:


> I got one to, my email address is only 3 weeks old as i changed provider.
> In that time the only shopping Ive done is ebay via pay pal. Have not shopped at Craft Brewer in that time.


This is a bit of a worry.. email address is only 3 weeks old.. Did you change your email address in aussiehomebrewer.com? I'm just wondering if the site has been hacked & someone has managed to get all the registered email addresses therein.


----------



## earle (3/10/16)

pnorkle said:


> This is a bit of a worry.. email address is only 3 weeks old.. Did you change your email address in aussiehomebrewer.com? I'm just wondering if the site has been hacked & someone has managed to get all the registered email addresses therein.


Yep, it seems like too much of a coincidence that we have all been getting the same quite specific spam.


----------



## Alchomist (3/10/16)

I got scammed a few days after ordering some camlocks via eBay/PayPal. It was for 2 uber fares in Hong Kong (which ANZ refunded.) Probably some chow going for a rub & tug


----------



## Toper (3/10/16)

nadcamail traces to the US http://www.urlvoid.com/scan/nadcamail.com/ .IP shows reports of fraud email activity https://www.abuseipdb.com/check/74.208.236.200


----------



## Maheel (3/10/16)

yep i got the craf brewer on

weird ebay link when hover over ebay.to


----------



## Rocker1986 (3/10/16)

Just checked my spam folder and I've got the same one too.


----------



## Cerveja (3/10/16)

I don't use Paypal/Ebay or Craftbrewer so I'm thinking the email addresses have come from AHB.


----------



## peteru (3/10/16)

I don't think it's AHB related. I've had an AHB account for about 3 years and so far no spam that could be traced back to AHB has been delivered to my domain. Given that this is fairly well targeted, it can all be probably traced back to a source related to brewing. Most likely another forum or an online retailer. Perhaps even a particular software package that you may have registered.


----------



## Kev R (3/10/16)

pnorkle said:


> This is a bit of a worry.. email address is only 3 weeks old.. Did you change your email address in aussiehomebrewer.com? I'm just wondering if the site has been hacked & someone has managed to get all the registered email addresses therein.


Yes did change my email at AHB


----------



## justatad (4/10/16)

Yep I got exactly the same one as Bribie except with my name on it.


----------



## manticle (4/10/16)

Reported for admin to check.
There has been a massive spate of spambots recently.


----------



## kevo (4/10/16)

I got a similar one this morning (received the Craft Brew one too on the weekend) to my email that isn't linked to AHB, but using my AHB username, kevo... this one apparently from Australia Post.


----------



## yankinoz (4/10/16)

Ducatiboy stu said:


> I am still waiting for the Nigerian $1 million...bastards are taking there time


I got mine with interest, and the mail-order organic Viagra turned me into the monster that can't die, which is handy because that 19-year old Ukrainian beauty is on her way to meet me.


----------



## Storeyv34 (4/10/16)

I have my own domain for email and use a unique email address per site. Since ordering from Craftbrewer.com.au august last year my [email protected]****.com email address gets a lot phishing and spam emails. I sent Ross some feedback about it by the contact form as something on his end seems compromised as that address has only ever been used there, never had any feed back but its disappointing to see that it's still ongoing.

examples http://imgur.com/a/QTF4R


----------



## kevinj (4/10/16)

my email on AHB is a yahoo account, not spammed, not this one anyway.
my main hotmail account used on pay pal and ebay, not AHB got this one and gets lots of other spam.
short of having a different email address for every retailer you give your details to when dealing with?
Maybe this is a job for the nanny state, they could read every email, and track every site we go to.
For the good of the nation.
Sounds like a job the family court, one more nail in the coffins of those single dad bastards that don't do what woman tell them to do and so must be punished.


----------



## gaijin (4/10/16)

Not sure if this has anything to do with it, but yahoo's security seems about as good as a flyscreen lid on your fermenter.

https://www.theguardian.com/technology/2016/sep/22/yahoo-hack-data-state-sponsored


----------



## warra48 (12/10/16)

Nice to know I'm due a £ sterling refund after at least 3 recalculations on their part. I'd totally forgotten I'd ever paid tax in the UK, having never lived there, and not visited since 1997 and 1999 !

I'm excitedly looking forward to getting some Brexit currency into my account.

Whoopee, living it up soon in style.


----------



## manticle (12/10/16)

I can't work out why you think that's not legit.


----------



## mstrelan (12/10/16)

Storeyv34 said:


> I have my own domain for email and use a unique email address per site. Since ordering from Craftbrewer.com.au august last year my [email protected]****.com email address gets a lot phishing and spam emails.


You can also do this with Gmail, just add +whatever to your username, for example, [email protected] Log in to Gmail as cool_guy69 and you'll receive email addressed to cool_guy69+ahb.


----------



## Vini2ton (12/10/16)

These things sometimes have a bad result. An elderly neighbor got taken down by some pricks claiming to be ATO. He was dying from cancer, fearful for his widow and paid several thousands via western union to some scum. What sort of people do this? I wish he had asked me about it but alas he has passed on. I hate to say it but I think I could pull the trigger on those filth.


----------



## reVoxAHB (20/10/18)

Heads up: I got a new Craftbrewer related scam email today - was a message saying my PC had been hacked, that a trojan has been placed on my computer and the hacker had pwned all of my socials, etc. The hacker claims to have taken 'screengrabs' of my PC "using the camera built into my PC" (I have none), has been monitoring me for 6 months, that I have 48 hours to meet his demands by transferring $money into his bitcoin, etc. The From address was simply spoofed to be my email address used at Craftbrewer and his "proof" that he had my full password list was an example password and as turns out, was my password to Craftbrewer (when I had an account with them). Craftbrewer was never mentioned in his email - but clearly, the hacker has used a dump of usernames (email address) and login passwords - and is taking the time to target users by going to the trouble of spoofing the from address (not hard to do) and send demand for cash. 

As this is somewhat targeted, I didn't want anyone here to fall for it. The full headers do not originate from my proper email account - no my email wasn't hacked, nor my PC, etc. 

This is the third time over the years, that I've received true hacked account related stuff from Craftbrewer. It's disheartening.


----------



## EmptyB (20/10/18)

It's continuing fallout of the hack which occurred some time ago. The user details which were stolen are out there in the WWW, no getting them back. Rest assured however that their new website will have resolved these security issues moving forward.

The take home messages are:
- Craftbrewer is a secure site now.
- Don't use the same password across multiple websites.


----------



## altone (20/10/18)

Yes, basic security folks, don't use the same password anywhere you really care about. 
( I use one username and pass for all the junk sites where you need to "sign up" to but if they get hacked - care factor zero)
And change your passwords on a regular basis.


----------



## pnorkle (20/10/18)

And it you find it too hard to track multiple passwords for multiple sites, use something like "KeePass" which is a free password safe, securely keeps all your passwords in one safe. Has a built in password generator. You just double click on the hidden password in the safe and it copies it into your clipboard so you can paste it when it's time to logon somewhere.


----------



## Brew Matt (24/10/18)

Got this email also. It contained the password itself in the email, but was not written very well.
I just went to Craftbrewer to change my password, but it looks like my account may have been removed completely.


----------



## altone (24/10/18)

Brew Matt said:


> Got this email also. It contained the password itself in the email, but was not written very well.
> I just went to Craftbrewer to change my password, but it looks like my account may have been removed completely.


Is it some time since you used your account?
The new Craftbrewer site requires you to sign up again if so.

Maybe as a way of getting better security or just too hard to migrate customer accounts - idk.


----------



## reVoxAHB (26/10/18)

Brew Matt said:


> I just went to Craftbrewer to change my password, but it looks like my account may have been removed completely.



As had mine. The account had been completely removed. I was actually going there to close my account permanently. I did a forgot password using my email address and thankfully, I was not in their new system. 



altone said:


> Maybe as a way of getting better security or just too hard to migrate customer accounts - idk.



Definitely not hard to migrate customer accounts - it's a simple db import. They would've most certainly not included any of the hacked accounts in the new system for security purposes. 

As much as I hate to say that I'm glad another person got the same email that I did (and I'm not) it at least confirms I was not directly and singularly targeted. The headers in email show the mail server origin as Italy, although the person who sent it could be anywhere and likely used a rogue mail server over VPN, etc.


----------



## Ross (27/10/18)

Our old site was hacked & passwords compromised. Every customer was emailed & warned plus we had a permanent warning in large red text on the front page of our website.
With the new website & platform, we did not migrate any customers over, to make sure there was a completely fresh start.
We have spent a lot of time & money on the new site, to bring the best online purchasing platform & security possible for our customers. It has the latest security technology & has not been compromised in anyway to date. We are confident (as anyone can be) that it will remain one of the best & most secure homebrew sites on the net. 
Please feel free to contact me on [email protected] with feedback or with any questions, as I don't frequent this site as often these days.
Cheers Ross Kenrick


----------



## altone (27/10/18)

Ross said:


> Our old site was hacked & passwords compromised. Every customer was emailed & warned plus we had a permanent warning in large red text on the front page of our website.
> With the new website & platform, we did not migrate any customers over, to make sure there was a completely fresh start.
> We have spent a lot of time & money on the new site, to bring the best online purchasing platform & security possible for our customers. It has the latest security technology & has not been compromised in anyway to date. We are confident (as anyone can be) that it will remain one of the best & most secure homebrew sites on the net.
> Please feel free to contact me on [email protected] with feedback or with any questions, as I don't frequent this site as often these days.
> Cheers Ross Kenrick


Good on you Ross, I thought there might be some customer protection in the decision.


----------



## RobinW (27/10/18)

I believe there are a lot more hacked sites involved than have been mentioned here. I do small business computer support and some of my clients have also received this email with their password. None of them would ever have been on any of the sites mentioned here. I see no evidence of incursions on my clients machines. All of them use the same password for gmail etc. We traced the originating emails to a mail server in Thailand. I've since been told it's so wide spread it made channel 7 news. Leave it to the experts.

Just another blackmail scam. Don't sweat it. If they indeed had access to your machine, it would be encrypted by now. Backup Backup Backup.


----------

