Email sent today stating your account will be upgraded is not from us

Discussion in 'Photo.net Site Help' started by G-P, Sep 21, 2017.

  1. G-P

    G-P Administrator Staff Member

    An email was sent out to all on our list - NOT TO CLICK ON ANY LINKS from earlier said email.
     
  2. G-P

    G-P Administrator Staff Member

    This was done as soon as we could get the email out.
     
  3. I haven't received anything other than the two phishing messages. Going back, the last legit email I got from photo.net was a password reset message on July 30th. That password reset message is quite easy to mistake for spam or phishing as you guys don't have DKIM, SPF, or even a reverse DNS entry that would make your mail server look like a legit part of photo.net set up. Seriously, your legit mail comes from buydomains.com.
     
  4. Fiendish simulation by the rascals. My alert radar has to learn to keep up.
     
  5. I downloaded the "terms and conditions", but didn't open it when I saw it was a javascript file. I did scan it with Malwarebytes, which found it clean....
     
  6. I got the e'mail....flushed it!
     
  7. As far as subscription renewal. There should only be an opt in and never a default renewal. Not part of any contractual arrangement. Let us know -once more if there is an opt in versus and opt out..I have not decided as of now, but will consider it.
     
  8. I got the phishing email this morning (similar but slightly diff from that posted above) but have not received anything from photo.net about not clicking on anything.
     
  9. Norman 202

    Norman 202 i am the light

    Glenn, you need to reprimand your security VP and refund those whose emails have been compromised. And by that, I mean all those who have made recent payments (in the last year, say, since Feb just before V2) that extend into the future. Our security is at stake. How are people supposed to cope with Trump, Brexit, Kim Wrong-Un and now this?
     
    Gerald Cafferty and PapaTango like this.
  10. PapaTango

    PapaTango Itinerant Philosopher

    Norman, if you can 'see' anyone or anything resembling a "Security VP" then please send me a gram or two of whatever you are smoking... :cool:

    Remember, this is the place that a couple months ago let its SSL security certificates expire.

    Some days I feel rather sorry for Glen and the situation he finds himself in. This day was one of them. :(

    BTW, Alex Jones says that all of the culprits you cite above are in cahoots with each other in a giant conspiracy to gain control of Miley Cyrus' tongue. I know it's true because I heard it repeated on "Faux & Friends." How we figure into this has not yet been revealed. Expect our Fearless Leader to tweet something inane soon! :eek:
     
  11. I got two phishing emails from <photo@sudjam.com> and from <info@vallasvuo.fi>

    No warning mail from Photo.Net...
     
  12. wtm

    wtm

    Was a waning email actually sent out?
    How is it that I have not received it?
     
  13. I received the email too. I could not find how to "opt out" and had forgotten about this account. I would like to opt out now, can you help me do that please?
     
  14. I just received a 2nd email that has only this wording.........

    This email was infected with a virus: 'Virus/JS/Downloader'.
    The content of this message has been removed for your protection.

    I had to find an old hdd to discover when it was that I joined photo.net. It was Nov. 26, 2007. For whatever reason, I've had no activity on the forum. I may have been looking for some Nikon help on a D3. My email address was active but I had no record of the password. No mention in any of 3 password books! I quickly had it reset.
     
  15. I got the email. Both of the links in it point to "PhotoNet_Membeship_Premium_Info_Html.zip" which contains some obfuscated JavaScript. It really just looks like an amateurish attempt to get people to click on those links and run the scripts. Deceptive, crummy, and probably criminal, but also petty, inept, unambitious, and not necessarily very dangerous.

    A properly set up password system doesn't store the actual passwords at all. There's little or no reason to think anyone's password has been compromised. What's apparently been accessed is the info in your profile. Your email address matched up with your name and whatever else you've got in there.

    The greatest danger would come if 1) you've got a common or weak password here on photo.net that could be reverse-hashed and 2) you use that same password someplace else, someplace important, someplace guessable from your profile info. Even in that case, the danger isn't here, the danger is at that other site. For example, if you use the same password at photo.net and Facebook, and your Facebook is conveniently linked from your profile, the important danger is to your Facebook account, and it's your Facebook password you most need to change.

    The staff at photo.net should figure out how this happened and try to prevent it from happening again, sure. But with so many websites in the world, breaches like this are inevitable. It's a rotten situation, but it's almost always a waste of energy to get into high dudgeon at any one little site operator. Most of them are doing the best they can with the resources they have, and all of them are only human. These kinds of breaches have been happening for years, they will continue to happen in the future. Use a different password on every site, don't put excessive detail in your profile.
     
  16. I haven't received one yet. Frontier Yahoo mail is pretty good at snagging spam, and I may have deleted it without looking. Or, should I just feel left out? :(
     
  17. I did not get any 'phishing' or 'renewal' emails but did get the warning from photo.net - which I guess is good.

    There is no doubt in my mind, however, that p.n was hacked in some manner and at least some email addresses were compromised because recently the number of other 'spam' emails I receive have increased at least ten-fold, and only at my email address associated with this site. It would be a 'serendipitous' coincidence if those events were not related. :(

    I now retire back into the shadows until something else occurs to induce me log in again to find out what's happening - or until something approximating the functionality and usability of 'photo.net V1' is restored.
     
  18. G-P

    G-P Administrator Staff Member

    we sent one to all - not sure why you didn't get it but it was sent
     
  19. Tony Parsons

    Tony Parsons Norfolk and Good

    Is it possible, now that the feathers have settled, we could get away from the 'I got one too !' posts ? Those who got one, got one - those who didn't, didn't. End of.
     
  20. As long as PN hasn't set up another way of registering who received one and who didn't, it might be useful for many of us to report. I didn't receive the original phishing email, but did get the warning email from photo.net. I am not a paid subscriber.
     

Share This Page