Dodgy email supposedly from CraftBrewer - beware
- Thread starter Bribie G
- Start date
Help Support Australia & New Zealand Homebrewing Forum:
Storeyv34
Member
- Joined
- 18/8/15
- Messages
- 12
- Reaction score
- 3
I have my own domain for email and use a unique email address per site. Since ordering from Craftbrewer.com.au august last year my craftbrewer@****.com email address gets a lot phishing and spam emails. I sent Ross some feedback about it by the contact form as something on his end seems compromised as that address has only ever been used there, never had any feed back but its disappointing to see that it's still ongoing.
examples http://imgur.com/a/QTF4R
examples http://imgur.com/a/QTF4R
kevinj
Well-Known Member
my email on AHB is a yahoo account, not spammed, not this one anyway.
my main hotmail account used on pay pal and ebay, not AHB got this one and gets lots of other spam.
short of having a different email address for every retailer you give your details to when dealing with?
Maybe this is a job for the nanny state, they could read every email, and track every site we go to.
For the good of the nation.
Sounds like a job the family court, one more nail in the coffins of those single dad *******s that don't do what woman tell them to do and so must be punished.
my main hotmail account used on pay pal and ebay, not AHB got this one and gets lots of other spam.
short of having a different email address for every retailer you give your details to when dealing with?
Maybe this is a job for the nanny state, they could read every email, and track every site we go to.
For the good of the nation.
Sounds like a job the family court, one more nail in the coffins of those single dad *******s that don't do what woman tell them to do and so must be punished.
gaijin
Well-Known Member
- Joined
- 19/9/13
- Messages
- 113
- Reaction score
- 52
Not sure if this has anything to do with it, but yahoo's security seems about as good as a flyscreen lid on your fermenter.
https://www.theguardian.com/technology/2016/sep/22/yahoo-hack-data-state-sponsored
https://www.theguardian.com/technology/2016/sep/22/yahoo-hack-data-state-sponsored
warra48
I've drunk all my homebrew and I'm still worried.
Nice to know I'm due a £ sterling refund after at least 3 recalculations on their part. I'd totally forgotten I'd ever paid tax in the UK, having never lived there, and not visited since 1997 and 1999 !
I'm excitedly looking forward to getting some Brexit currency into my account.
Whoopee, living it up soon in style.
I'm excitedly looking forward to getting some Brexit currency into my account.
Whoopee, living it up soon in style.
manticle
Standing up for the Aussie Bottler
I can't work out why you think that's not legit.
mstrelan
Well-Known Member
- Joined
- 9/8/15
- Messages
- 431
- Reaction score
- 228
You can also do this with Gmail, just add +whatever to your username, for example, [email protected]. Log in to Gmail as cool_guy69 and you'll receive email addressed to cool_guy69+ahb.Storeyv34 said:
- Joined
- 30/4/14
- Messages
- 628
- Reaction score
- 254
These things sometimes have a bad result. An elderly neighbor got taken down by some pricks claiming to be ATO. He was dying from cancer, fearful for his widow and paid several thousands via western union to some scum. What sort of people do this? I wish he had asked me about it but alas he has passed on. I hate to say it but I think I could pull the trigger on those filth.
reVoxAHB
Well-Known Member
- Joined
- 3/3/07
- Messages
- 1,112
- Reaction score
- 17
Heads up: I got a new Craftbrewer related scam email today - was a message saying my PC had been hacked, that a trojan has been placed on my computer and the hacker had pwned all of my socials, etc. The hacker claims to have taken 'screengrabs' of my PC "using the camera built into my PC" (I have none), has been monitoring me for 6 months, that I have 48 hours to meet his demands by transferring $money into his bitcoin, etc. The From address was simply spoofed to be my email address used at Craftbrewer and his "proof" that he had my full password list was an example password and as turns out, was my password to Craftbrewer (when I had an account with them). Craftbrewer was never mentioned in his email - but clearly, the hacker has used a dump of usernames (email address) and login passwords - and is taking the time to target users by going to the trouble of spoofing the from address (not hard to do) and send demand for cash.
As this is somewhat targeted, I didn't want anyone here to fall for it. The full headers do not originate from my proper email account - no my email wasn't hacked, nor my PC, etc.
This is the third time over the years, that I've received true hacked account related stuff from Craftbrewer. It's disheartening.
As this is somewhat targeted, I didn't want anyone here to fall for it. The full headers do not originate from my proper email account - no my email wasn't hacked, nor my PC, etc.
This is the third time over the years, that I've received true hacked account related stuff from Craftbrewer. It's disheartening.
It's continuing fallout of the hack which occurred some time ago. The user details which were stolen are out there in the WWW, no getting them back. Rest assured however that their new website will have resolved these security issues moving forward.
The take home messages are:
- Craftbrewer is a secure site now.
- Don't use the same password across multiple websites.
The take home messages are:
- Craftbrewer is a secure site now.
- Don't use the same password across multiple websites.
altone
Well-Known Member
Yes, basic security folks, don't use the same password anywhere you really care about.
( I use one username and pass for all the junk sites where you need to "sign up" to but if they get hacked - care factor zero)
And change your passwords on a regular basis.
( I use one username and pass for all the junk sites where you need to "sign up" to but if they get hacked - care factor zero)
And change your passwords on a regular basis.
And it you find it too hard to track multiple passwords for multiple sites, use something like "KeePass" which is a free password safe, securely keeps all your passwords in one safe. Has a built in password generator. You just double click on the hidden password in the safe and it copies it into your clipboard so you can paste it when it's time to logon somewhere.
altone
Well-Known Member
Is it some time since you used your account?
The new Craftbrewer site requires you to sign up again if so.
Maybe as a way of getting better security or just too hard to migrate customer accounts - idk.
reVoxAHB
Well-Known Member
- Joined
- 3/3/07
- Messages
- 1,112
- Reaction score
- 17
As had mine. The account had been completely removed. I was actually going there to close my account permanently. I did a forgot password using my email address and thankfully, I was not in their new system.
Definitely not hard to migrate customer accounts - it's a simple db import. They would've most certainly not included any of the hacked accounts in the new system for security purposes.
As much as I hate to say that I'm glad another person got the same email that I did (and I'm not) it at least confirms I was not directly and singularly targeted. The headers in email show the mail server origin as Italy, although the person who sent it could be anywhere and likely used a rogue mail server over VPN, etc.
Ross
CraftBrewer
- Joined
- 14/1/05
- Messages
- 9,262
- Reaction score
- 373
Our old site was hacked & passwords compromised. Every customer was emailed & warned plus we had a permanent warning in large red text on the front page of our website.
With the new website & platform, we did not migrate any customers over, to make sure there was a completely fresh start.
We have spent a lot of time & money on the new site, to bring the best online purchasing platform & security possible for our customers. It has the latest security technology & has not been compromised in anyway to date. We are confident (as anyone can be) that it will remain one of the best & most secure homebrew sites on the net.
Please feel free to contact me on [email protected] with feedback or with any questions, as I don't frequent this site as often these days.
Cheers Ross Kenrick
With the new website & platform, we did not migrate any customers over, to make sure there was a completely fresh start.
We have spent a lot of time & money on the new site, to bring the best online purchasing platform & security possible for our customers. It has the latest security technology & has not been compromised in anyway to date. We are confident (as anyone can be) that it will remain one of the best & most secure homebrew sites on the net.
Please feel free to contact me on [email protected] with feedback or with any questions, as I don't frequent this site as often these days.
Cheers Ross Kenrick
altone
Well-Known Member
Good on you Ross, I thought there might be some customer protection in the decision.
I believe there are a lot more hacked sites involved than have been mentioned here. I do small business computer support and some of my clients have also received this email with their password. None of them would ever have been on any of the sites mentioned here. I see no evidence of incursions on my clients machines. All of them use the same password for gmail etc. We traced the originating emails to a mail server in Thailand. I've since been told it's so wide spread it made channel 7 news. Leave it to the experts.
Just another blackmail scam. Don't sweat it. If they indeed had access to your machine, it would be encrypted by now. Backup Backup Backup.
Just another blackmail scam. Don't sweat it. If they indeed had access to your machine, it would be encrypted by now. Backup Backup Backup.
