Email sent today stating your account will be upgraded is not from us

Discussion in 'Photo.net Site Help' started by G-P, Sep 21, 2017.

  1. G-P

    G-P Administrator Staff Member

    There was an email sent today that was not sent from us. All we see from our transactional email platform is a bunch of "reset email password" emails sent this morning. We do not store credit card numbers in our database as both platforms we use (PayPal and Stripe) give us encrypted tokens - so again no credit card information is stored. We are still investigating - will have more soon.
     
    Last edited: Sep 21, 2017
  2. puz

    puz

    I suspect, these 'reset email password' transactions you are seeing are people like me who received the Spam email this morning and went 'Omg I forgot I had a Photo.net account, I wonder what the password is o_O'. I've not been here for many years so had to reset it just to post a 'you've had your details scraped' post.
     
    michael_morris|2 and dogunter like this.
  3. I did not get any such email (yes, I checked the Spam folder). I'm curious: did any currently active photo.net members get it? (Because I don't recognize the names of anybody posting about the email.)
     
  4. G-P

    G-P Administrator Staff Member

    still investigaging
     
  5. Sandy Vongries

    Sandy Vongries Administrator Staff Member

    Just posted separately - I received the notice notice from from photo@sudjam dot com.2 years yet to run on my subscription.
     
  6. Hi GPalm, as puz has posted elsewhere you should urgently send an email to all regsitered accounts infoirming them to disregard an unofficial phishing email sent out, confirming that no change has been made to account status and no automated billing transactions will take place. I can forward you the one I recieved if it will help.

    As I also posted elsewhere, I suspect that account login names and email addresses have either been leaked or were part of the mass event "Onliner Spambot" as recently added to the list of breaches at:-

    Have I been pwned? Check if your email has been compromised in a data breach.
     
  7. I just got one and here’s how it looks like:

    26DDD7F7-F224-45EB-BC4B-B1C363FB9D0C.jpeg FF27D9B3-C245-4189-83F3-75116BC39A5B.jpeg
     
  8. This is a highly targeted phishing attack. The links in the email point to udeth.com The data that they use in the email suggests that they have already hacked the data at this sight. I would not click any links in the email. I would also warn my users. I have forwarded the email to a malware annalist that I know. We will see...
     
  9. I clicked on the link and it downloads a javascript file...almost certainly malware. I, too, have not visited Photo.net in years, but discovering that there is no obvious way to cancel my subscription.account is very disturbing. I refuse to have an account anywhere that I don't have control of it. Please do cancel my account or let me know how to do so.
     
  10. Do not execute that file. Targeted attacks like this are likely ransomware. Given what a photographer has to lose I expect they are going to make some money today.
     
  11. I too just reset my password due to getting this exact email. Looking it over, all the links were to a .zip so I was fairly sure it was a scam. How easily folks could be hoodwinked with the legit looking email.
     
  12. G-P

    G-P Administrator Staff Member

    still investigating- the phishing attack has been reported, but udeth.com is a URL registered in China - Whois udeth.com and [photo @ sudjam . com] is a hosting company in Glendale, CA - again still investigating
     
  13. And I suspect that any email address I enter in a site like the one above will certainly be compromised afterward, even if it wasn't before.

    What I want to know with regard to this phishing attack is how did they get the email address I have on file here at PN? I was under the impression that it is not publicly accessible.
     
  14. I just got this email as well and while looking through the photo.net site I was unable to find a way to cancel. I tried using the form on the contact page and I received an error so i ended up clicking the link in the email. I realized once it downloaded a file that it was a scam. I deleted the downloaded file but now i'm worried my computer is compromised. Does anyone know what can happen from clicking the link?
     
  15. G-P

    G-P Administrator Staff Member

    Still investigating - as of now I have no answers. But you are correct - emails (to the best of my knowledge) are not publicly accessible on photo.net
     
  16. FWIW, the second email I received was not from sudjam.com but info(at)vallasvuo.fi. That's the one with the zip file directly attached. The zip file contains a javascript file, and the load is identified as HEUR:Trojan.Script.Agent.gen (which unfortunately doesn't mean much as it is a generic detection indicating that not enough info is available on what the malware really is or does).

    That's what concerns me the most - that this information somehow was accessed.
     
    Last edited: Sep 21, 2017
  17. I just got phished, too. Send out a warning, Photo.net.
     
  18. I received one from "sudjam" too. And I almost clicked one of the links! Which is scary, since I supposedly know better. It's a very clever phishing scam. As others have mentioned, Photo.net should either send a warning to your entire email list, or at the very least put a large, impossible to miss notice on the front page here. If I hadn't checked these forums and noticed a brief preview mentioning the scam, I wouldn't know what the hell is going on.

    I realize this is not Photo.net's fault, but it is what it is, so it's your responsibility to warn your users.
     
  19. Tony Parsons

    Tony Parsons Norfolk and Good

    Don't forget the Golden Rule - 'If in doubt, do nothing'.

    All very well saying put a notice on the front page - but I never visit it. My saved link takes me straight through to the Forums, which is the only area I ever visit.
     
  20. G-P

    G-P Administrator Staff Member

    a notice has been posted on the home page as soon as we could get one up. Screen Shot 2017-09-21 at 12.21.38 PM.png
     

Share This Page