Dodgy email supposedly from CraftBrewer - beware

Australia & New Zealand Homebrewing Forum

Help Support Australia & New Zealand Homebrewing Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
I have my own domain for email and use a unique email address per site. Since ordering from Craftbrewer.com.au august last year my craftbrewer@****.com email address gets a lot phishing and spam emails. I sent Ross some feedback about it by the contact form as something on his end seems compromised as that address has only ever been used there, never had any feed back but its disappointing to see that it's still ongoing.

examples http://imgur.com/a/QTF4R
 
my email on AHB is a yahoo account, not spammed, not this one anyway.
my main hotmail account used on pay pal and ebay, not AHB got this one and gets lots of other spam.
short of having a different email address for every retailer you give your details to when dealing with?
Maybe this is a job for the nanny state, they could read every email, and track every site we go to.
For the good of the nation.
Sounds like a job the family court, one more nail in the coffins of those single dad bastards that don't do what woman tell them to do and so must be punished.
 
Nice to know I'm due a £ sterling refund after at least 3 recalculations on their part. I'd totally forgotten I'd ever paid tax in the UK, having never lived there, and not visited since 1997 and 1999 !

I'm excitedly looking forward to getting some Brexit currency into my account.

Whoopee, living it up soon in style.

HM Tax.JPG
 
Storeyv34 said:
I have my own domain for email and use a unique email address per site. Since ordering from Craftbrewer.com.au august last year my craftbrewer@****.com email address gets a lot phishing and spam emails.
You can also do this with Gmail, just add +whatever to your username, for example, [email protected]. Log in to Gmail as cool_guy69 and you'll receive email addressed to cool_guy69+ahb.
 
These things sometimes have a bad result. An elderly neighbor got taken down by some pricks claiming to be ATO. He was dying from cancer, fearful for his widow and paid several thousands via western union to some scum. What sort of people do this? I wish he had asked me about it but alas he has passed on. I hate to say it but I think I could pull the trigger on those filth.
 
Heads up: I got a new Craftbrewer related scam email today - was a message saying my PC had been hacked, that a trojan has been placed on my computer and the hacker had pwned all of my socials, etc. The hacker claims to have taken 'screengrabs' of my PC "using the camera built into my PC" (I have none), has been monitoring me for 6 months, that I have 48 hours to meet his demands by transferring $money into his bitcoin, etc. The From address was simply spoofed to be my email address used at Craftbrewer and his "proof" that he had my full password list was an example password and as turns out, was my password to Craftbrewer (when I had an account with them). Craftbrewer was never mentioned in his email - but clearly, the hacker has used a dump of usernames (email address) and login passwords - and is taking the time to target users by going to the trouble of spoofing the from address (not hard to do) and send demand for cash.

As this is somewhat targeted, I didn't want anyone here to fall for it. The full headers do not originate from my proper email account - no my email wasn't hacked, nor my PC, etc.

This is the third time over the years, that I've received true hacked account related stuff from Craftbrewer. It's disheartening.
 
It's continuing fallout of the hack which occurred some time ago. The user details which were stolen are out there in the WWW, no getting them back. Rest assured however that their new website will have resolved these security issues moving forward.

The take home messages are:
- Craftbrewer is a secure site now.
- Don't use the same password across multiple websites.
 
Yes, basic security folks, don't use the same password anywhere you really care about.
( I use one username and pass for all the junk sites where you need to "sign up" to but if they get hacked - care factor zero)
And change your passwords on a regular basis.
 
And it you find it too hard to track multiple passwords for multiple sites, use something like "KeePass" which is a free password safe, securely keeps all your passwords in one safe. Has a built in password generator. You just double click on the hidden password in the safe and it copies it into your clipboard so you can paste it when it's time to logon somewhere.
 
Got this email also. It contained the password itself in the email, but was not written very well.
I just went to Craftbrewer to change my password, but it looks like my account may have been removed completely.
 
Got this email also. It contained the password itself in the email, but was not written very well.
I just went to Craftbrewer to change my password, but it looks like my account may have been removed completely.
Is it some time since you used your account?
The new Craftbrewer site requires you to sign up again if so.

Maybe as a way of getting better security or just too hard to migrate customer accounts - idk.
 
I just went to Craftbrewer to change my password, but it looks like my account may have been removed completely.

As had mine. The account had been completely removed. I was actually going there to close my account permanently. I did a forgot password using my email address and thankfully, I was not in their new system.

Maybe as a way of getting better security or just too hard to migrate customer accounts - idk.

Definitely not hard to migrate customer accounts - it's a simple db import. They would've most certainly not included any of the hacked accounts in the new system for security purposes.

As much as I hate to say that I'm glad another person got the same email that I did (and I'm not) it at least confirms I was not directly and singularly targeted. The headers in email show the mail server origin as Italy, although the person who sent it could be anywhere and likely used a rogue mail server over VPN, etc.
 
Our old site was hacked & passwords compromised. Every customer was emailed & warned plus we had a permanent warning in large red text on the front page of our website.
With the new website & platform, we did not migrate any customers over, to make sure there was a completely fresh start.
We have spent a lot of time & money on the new site, to bring the best online purchasing platform & security possible for our customers. It has the latest security technology & has not been compromised in anyway to date. We are confident (as anyone can be) that it will remain one of the best & most secure homebrew sites on the net.
Please feel free to contact me on [email protected] with feedback or with any questions, as I don't frequent this site as often these days.
Cheers Ross Kenrick
 
Our old site was hacked & passwords compromised. Every customer was emailed & warned plus we had a permanent warning in large red text on the front page of our website.
With the new website & platform, we did not migrate any customers over, to make sure there was a completely fresh start.
We have spent a lot of time & money on the new site, to bring the best online purchasing platform & security possible for our customers. It has the latest security technology & has not been compromised in anyway to date. We are confident (as anyone can be) that it will remain one of the best & most secure homebrew sites on the net.
Please feel free to contact me on [email protected] with feedback or with any questions, as I don't frequent this site as often these days.
Cheers Ross Kenrick
Good on you Ross, I thought there might be some customer protection in the decision.
 
I believe there are a lot more hacked sites involved than have been mentioned here. I do small business computer support and some of my clients have also received this email with their password. None of them would ever have been on any of the sites mentioned here. I see no evidence of incursions on my clients machines. All of them use the same password for gmail etc. We traced the originating emails to a mail server in Thailand. I've since been told it's so wide spread it made channel 7 news. Leave it to the experts.

Just another blackmail scam. Don't sweat it. If they indeed had access to your machine, it would be encrypted by now. Backup Backup Backup.
 

Latest posts

Back
Top