G-P Posted September 21, 2017 Share Posted September 21, 2017 (edited) There was an email sent today that was not sent from us. All we see from our transactional email platform is a bunch of "reset email password" emails sent this morning. We do not store credit card numbers in our database as both platforms we use (PayPal and Stripe) give us encrypted tokens - so again no credit card information is stored. We are still investigating - will have more soon. Edited September 21, 2017 by G-P Link to comment Share on other sites More sharing options...
puz Posted September 21, 2017 Share Posted September 21, 2017 I suspect, these 'reset email password' transactions you are seeing are people like me who received the Spam email this morning and went 'Omg I forgot I had a Photo.net account, I wonder what the password is o_O'. I've not been here for many years so had to reset it just to post a 'you've had your details scraped' post. 2 Link to comment Share on other sites More sharing options...
Julie H Posted September 21, 2017 Share Posted September 21, 2017 I did not get any such email (yes, I checked the Spam folder). I'm curious: did any currently active photo.net members get it? (Because I don't recognize the names of anybody posting about the email.) Link to comment Share on other sites More sharing options...
G-P Posted September 21, 2017 Author Share Posted September 21, 2017 still investigaging Link to comment Share on other sites More sharing options...
Sandy Vongries Posted September 21, 2017 Share Posted September 21, 2017 Just posted separately - I received the notice notice from from photo@sudjam dot com.2 years yet to run on my subscription. Link to comment Share on other sites More sharing options...
adrian_r2 Posted September 21, 2017 Share Posted September 21, 2017 Hi GPalm, as puz has posted elsewhere you should urgently send an email to all regsitered accounts infoirming them to disregard an unofficial phishing email sent out, confirming that no change has been made to account status and no automated billing transactions will take place. I can forward you the one I recieved if it will help. As I also posted elsewhere, I suspect that account login names and email addresses have either been leaked or were part of the mass event "Onliner Spambot" as recently added to the list of breaches at:- Have I been pwned? Check if your email has been compromised in a data breach. Link to comment Share on other sites More sharing options...
zonghao_shen Posted September 21, 2017 Share Posted September 21, 2017 I just got one and here’s how it looks like: Link to comment Share on other sites More sharing options...
kelly_macinnis Posted September 21, 2017 Share Posted September 21, 2017 This is a highly targeted phishing attack. The links in the email point to udeth.com The data that they use in the email suggests that they have already hacked the data at this sight. I would not click any links in the email. I would also warn my users. I have forwarded the email to a malware annalist that I know. We will see... Link to comment Share on other sites More sharing options...
danmouer Posted September 21, 2017 Share Posted September 21, 2017 I clicked on the link and it downloads a javascript file...almost certainly malware. I, too, have not visited Photo.net in years, but discovering that there is no obvious way to cancel my subscription.account is very disturbing. I refuse to have an account anywhere that I don't have control of it. Please do cancel my account or let me know how to do so. 3 Link to comment Share on other sites More sharing options...
kelly_macinnis Posted September 21, 2017 Share Posted September 21, 2017 Do not execute that file. Targeted attacks like this are likely ransomware. Given what a photographer has to lose I expect they are going to make some money today. Link to comment Share on other sites More sharing options...
kenneth_drake Posted September 21, 2017 Share Posted September 21, 2017 I too just reset my password due to getting this exact email. Looking it over, all the links were to a .zip so I was fairly sure it was a scam. How easily folks could be hoodwinked with the legit looking email. Link to comment Share on other sites More sharing options...
G-P Posted September 21, 2017 Author Share Posted September 21, 2017 still investigating- the phishing attack has been reported, but udeth.com is a URL registered in China - Whois udeth.com and [photo @ sudjam . com] is a hosting company in Glendale, CA - again still investigating Link to comment Share on other sites More sharing options...
Dieter Schaefer Posted September 21, 2017 Share Posted September 21, 2017 I suspect that account login names and email addresses have either been leaked or were part of the mass event "Onliner Spambot" as recently added to the list of breaches at:- Have I been pwned? Check if your email has been compromised in a data breach. And I suspect that any email address I enter in a site like the one above will certainly be compromised afterward, even if it wasn't before. What I want to know with regard to this phishing attack is how did they get the email address I have on file here at PN? I was under the impression that it is not publicly accessible. Link to comment Share on other sites More sharing options...
tdigi Posted September 21, 2017 Share Posted September 21, 2017 I just got this email as well and while looking through the photo.net site I was unable to find a way to cancel. I tried using the form on the contact page and I received an error so i ended up clicking the link in the email. I realized once it downloaded a file that it was a scam. I deleted the downloaded file but now i'm worried my computer is compromised. Does anyone know what can happen from clicking the link? Link to comment Share on other sites More sharing options...
G-P Posted September 21, 2017 Author Share Posted September 21, 2017 And I suspect that any email address I enter in a site like the one above will certainly be compromised afterward, even if it wasn't before. What I want to know with regard to this phishing attack is how did they get the email address I have on file here at PN? I was under the impression that it is not publicly accessible. Still investigating - as of now I have no answers. But you are correct - emails (to the best of my knowledge) are not publicly accessible on photo.net Link to comment Share on other sites More sharing options...
Dieter Schaefer Posted September 21, 2017 Share Posted September 21, 2017 (edited) FWIW, the second email I received was not from sudjam.com but info(at)vallasvuo.fi. That's the one with the zip file directly attached. The zip file contains a javascript file, and the load is identified as HEUR:Trojan.Script.Agent.gen (which unfortunately doesn't mean much as it is a generic detection indicating that not enough info is available on what the malware really is or does). But you are correct - emails (to the best of my knowledge) are not publicly accessible on photo.net That's what concerns me the most - that this information somehow was accessed. Edited September 21, 2017 by Dieter Schaefer Link to comment Share on other sites More sharing options...
retief_elkhart Posted September 21, 2017 Share Posted September 21, 2017 I just got phished, too. Send out a warning, Photo.net. 1 Link to comment Share on other sites More sharing options...
chuck_lantz Posted September 21, 2017 Share Posted September 21, 2017 I received one from "sudjam" too. And I almost clicked one of the links! Which is scary, since I supposedly know better. It's a very clever phishing scam. As others have mentioned, Photo.net should either send a warning to your entire email list, or at the very least put a large, impossible to miss notice on the front page here. If I hadn't checked these forums and noticed a brief preview mentioning the scam, I wouldn't know what the hell is going on. I realize this is not Photo.net's fault, but it is what it is, so it's your responsibility to warn your users. Link to comment Share on other sites More sharing options...
Tony Parsons Posted September 21, 2017 Share Posted September 21, 2017 Don't forget the Golden Rule - 'If in doubt, do nothing'. All very well saying put a notice on the front page - but I never visit it. My saved link takes me straight through to the Forums, which is the only area I ever visit. Link to comment Share on other sites More sharing options...
G-P Posted September 21, 2017 Author Share Posted September 21, 2017 a notice has been posted on the home page as soon as we could get one up. Link to comment Share on other sites More sharing options...
dvb Posted September 21, 2017 Share Posted September 21, 2017 Another day, another breach. Time to cancel this account I never use. Link to comment Share on other sites More sharing options...
Tony Parsons Posted September 21, 2017 Share Posted September 21, 2017 Why is it that the only members 'threatening' to leave are ones we never knew were here in the first place ? Link to comment Share on other sites More sharing options...
Tim_Lookingbill Posted September 21, 2017 Share Posted September 21, 2017 Well this explains the uptick in visitors to this site from an average of 50 going up to 75. 2 Link to comment Share on other sites More sharing options...
Tim_Lookingbill Posted September 21, 2017 Share Posted September 21, 2017 Glenn, don't you think that banner warning is a little small? I never look at that black bar when I login. The font is just too small. Some may be viewing on smaller screens like laptops. Link to comment Share on other sites More sharing options...
Tim_Lookingbill Posted September 21, 2017 Share Posted September 21, 2017 Why is it that the only members 'threatening' to leave are ones we never knew were here in the first place ? I checked the profiles of the ones I'm assuming you suggest and it shows some signed up as far back as 2009 with very little activity, maybe a couple of comments. I don't know who these people are. And I haven't received an email from PN either. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now