Email sent today stating your account will be upgraded is not from us

There was an email sent today that was not sent from us. All we see from our transactional email platform is a bunch of "reset email password" emails sent this morning. We do not store credit card numbers in our database as both platforms we use (PayPal and Stripe) give us encrypted tokens - so again no credit card information is stored. We are still investigating - will have more soon. Edited September 21, 2017 by G-P

I suspect, these 'reset email password' transactions you are seeing are people like me who received the Spam email this morning and went 'Omg I forgot I had a Photo.net account, I wonder what the password is o_O'. I've not been here for many years so had to reset it just to post a 'you've had your details scraped' post.

I did not get any such email (yes, I checked the Spam folder). I'm curious: did any currently active photo.net members get it? (Because I don't recognize the names of anybody posting about the email.)

still investigaging

Just posted separately - I received the notice notice from from photo@sudjam dot com.2 years yet to run on my subscription.

Hi GPalm, as puz has posted elsewhere you should urgently send an email to all regsitered accounts infoirming them to disregard an unofficial phishing email sent out, confirming that no change has been made to account status and no automated billing transactions will take place. I can forward you the one I recieved if it will help.

 

As I also posted elsewhere, I suspect that account login names and email addresses have either been leaked or were part of the mass event "Onliner Spambot" as recently added to the list of breaches at:-

 

Have I been pwned? Check if your email has been compromised in a data breach.

I just got one and here’s how it looks like:

 

This is a highly targeted phishing attack. The links in the email point to udeth.com The data that they use in the email suggests that they have already hacked the data at this sight. I would not click any links in the email. I would also warn my users. I have forwarded the email to a malware annalist that I know. We will see...

I clicked on the link and it downloads a javascript file...almost certainly malware. I, too, have not visited Photo.net in years, but discovering that there is no obvious way to cancel my subscription.account is very disturbing. I refuse to have an account anywhere that I don't have control of it. Please do cancel my account or let me know how to do so.

Do not execute that file. Targeted attacks like this are likely ransomware. Given what a photographer has to lose I expect they are going to make some money today.

I too just reset my password due to getting this exact email. Looking it over, all the links were to a .zip so I was fairly sure it was a scam. How easily folks could be hoodwinked with the legit looking email.

still investigating- the phishing attack has been reported, but udeth.com is a URL registered in China - Whois udeth.com and [photo @ sudjam . com] is a hosting company in Glendale, CA - again still investigating

I suspect that account login names and email addresses have either been leaked or were part of the mass event "Onliner Spambot" as recently added to the list of breaches at:-

 

Have I been pwned? Check if your email has been compromised in a data breach.

And I suspect that any email address I enter in a site like the one above will certainly be compromised afterward, even if it wasn't before.

 

What I want to know with regard to this phishing attack is how did they get the email address I have on file here at PN? I was under the impression that it is not publicly accessible.

I just got this email as well and while looking through the photo.net site I was unable to find a way to cancel. I tried using the form on the contact page and I received an error so i ended up clicking the link in the email. I realized once it downloaded a file that it was a scam. I deleted the downloaded file but now i'm worried my computer is compromised. Does anyone know what can happen from clicking the link?

And I suspect that any email address I enter in a site like the one above will certainly be compromised afterward, even if it wasn't before.

 

What I want to know with regard to this phishing attack is how did they get the email address I have on file here at PN? I was under the impression that it is not publicly accessible.

 

Still investigating - as of now I have no answers. But you are correct - emails (to the best of my knowledge) are not publicly accessible on photo.net

FWIW, the second email I received was not from sudjam.com but info(at)vallasvuo.fi. That's the one with the zip file directly attached. The zip file contains a javascript file, and the load is identified as HEUR:Trojan.Script.Agent.gen (which unfortunately doesn't mean much as it is a generic detection indicating that not enough info is available on what the malware really is or does).

 

But you are correct - emails (to the best of my knowledge) are not publicly accessible on photo.net

That's what concerns me the most - that this information somehow was accessed.

Edited September 21, 2017 by Dieter Schaefer

I just got phished, too. Send out a warning, Photo.net.

I received one from "sudjam" too. And I almost clicked one of the links! Which is scary, since I supposedly know better. It's a very clever phishing scam. As others have mentioned, Photo.net should either send a warning to your entire email list, or at the very least put a large, impossible to miss notice on the front page here. If I hadn't checked these forums and noticed a brief preview mentioning the scam, I wouldn't know what the hell is going on.

 

I realize this is not Photo.net's fault, but it is what it is, so it's your responsibility to warn your users.

Don't forget the Golden Rule - 'If in doubt, do nothing'.

 

All very well saying put a notice on the front page - but I never visit it. My saved link takes me straight through to the Forums, which is the only area I ever visit.

a notice has been posted on the home page as soon as we could get one up.

Another day, another breach. Time to cancel this account I never use.

Why is it that the only members 'threatening' to leave are ones we never knew were here in the first place ?

Well this explains the uptick in visitors to this site from an average of 50 going up to 75.

Glenn, don't you think that banner warning is a little small? I never look at that black bar when I login. The font is just too small.

 

Some may be viewing on smaller screens like laptops.

Why is it that the only members 'threatening' to leave are ones we never knew were here in the first place ?

I checked the profiles of the ones I'm assuming you suggest and it shows some signed up as far back as 2009 with very little activity, maybe a couple of comments. I don't know who these people are. And I haven't received an email from PN either.