RAF Club email addresses hacked
+1 here too. Picked it up on my phone, surprised it got round the spam filter.
But more to the point, if the RAF Club's accounts / servers have been hacked, what personal data other than email addresses are now compromised? It would be a reasonable assertion for anyone with malicious intent to assume that there will be a fair number of members who are currently serving as well as retired. Are their home addresses now compromised? Would be worth the RAF Club investigating the extent to which their systems have been compromised in case it was a deliberate attempt rather than a lucky spamming operation.
But more to the point, if the RAF Club's accounts / servers have been hacked, what personal data other than email addresses are now compromised? It would be a reasonable assertion for anyone with malicious intent to assume that there will be a fair number of members who are currently serving as well as retired. Are their home addresses now compromised? Would be worth the RAF Club investigating the extent to which their systems have been compromised in case it was a deliberate attempt rather than a lucky spamming operation.
I received this email too, but as I had just checked out of the club I knew immediately that it was fake. For interest, the actual smtp server it came from was:
Received: from mail80.suw17.mcsv.net ([198.2.181.80]:31442) by mx04.mail.eu.clara.net
Received: from mail80.suw17.mcsv.net ([198.2.181.80]:31442) by mx04.mail.eu.clara.net
Fortunately not received this SPAM yet. On the other hand had a great stay at the Club last week. It keeps getting better, though bookings need to be made much earlier.
I don't own this space under my name. I should have leased it while I still could
Thread Starter
RAF Club members emailed fake invoices. Has it been hacked? ? The Register
This was posted a short while ago
This was posted a short while ago
Join Date: Jan 2008
Location: Edinburgh
Posts: 19
Likes: 0
Received 0 Likes
on
0 Posts
My father is staying with me this week and we (both members) received the spam early this morning. As far as spam goes it is moderately plausible in form if not substance - it seems dad in a pre-caffeine morning daze was nearly fooled into clicking on the link.
I stayed at the Club around 4 weeks ago but it sounds as if there is no obvious nexus between those affected and recent use of the facilities.
I stayed at the Club around 4 weeks ago but it sounds as if there is no obvious nexus between those affected and recent use of the facilities.
Join Date: Dec 2005
Location: UK
Posts: 330
Likes: 0
Received 0 Likes
on
0 Posts
It is extremely easy to identify people who belong to various MOD organisations or have links to them from the past.....many people put details of past and current careers on the likes of LinkedIn or Facebook and a simple organisation search reveals that, and most importantly their email address...
Scammers will also gather phone numbers from these sites or CV's that people have previously listed on jobsites and will check them against sites such as www.truecaller.com (check your own number) it will list your phone network provider and in some cases your personal details which makes spam texting even easier to spoof.
I dont have any connection with the club but this would appear that ex military and members of the club are being targeted as part of an organised effort to get you all to "click a link" and enter your login details or install ransomware, just be extra cautious of suspicious emails.
I would urge you all to report all suspicious emails to Action Fraud (the right hand link) so that a true picture can be established or simply forward them to
[email protected]
I would doubt the club has been hacked but someone has done some harvesting of email addresses.
you can also read up more in the little book of cyber scams published on the Met Police website here http://www.met.police.uk/docs/little...yber-scams.pdf
Scammers will also gather phone numbers from these sites or CV's that people have previously listed on jobsites and will check them against sites such as www.truecaller.com (check your own number) it will list your phone network provider and in some cases your personal details which makes spam texting even easier to spoof.
I dont have any connection with the club but this would appear that ex military and members of the club are being targeted as part of an organised effort to get you all to "click a link" and enter your login details or install ransomware, just be extra cautious of suspicious emails.
I would urge you all to report all suspicious emails to Action Fraud (the right hand link) so that a true picture can be established or simply forward them to
[email protected]
I would doubt the club has been hacked but someone has done some harvesting of email addresses.
you can also read up more in the little book of cyber scams published on the Met Police website here http://www.met.police.uk/docs/little...yber-scams.pdf
Last edited by Colonal Mustard; 1st Dec 2016 at 18:23. Reason: updated link
Join Date: Dec 2005
Location: UK
Posts: 330
Likes: 0
Received 0 Likes
on
0 Posts
Just as an example i searched "People who work (or used to work) at Royal Air Force" on linkedin and it came up with 32,465 examples...many of those have emails, simple scraping software will easily create a database to email from
This is one example https://www.atompark.com/web-email-e...form-linkedin/
This is one example https://www.atompark.com/web-email-e...form-linkedin/
Last edited by Colonal Mustard; 1st Dec 2016 at 19:37.
Join Date: Jan 2007
Location: Lincolnshire
Age: 78
Posts: 104
Likes: 0
Received 0 Likes
on
0 Posts
Recent Advice
RAF Club members emailed fake invoices. Has it been hacked? ? The Register
This was posted a short while ago
This was posted a short while ago
"We believe it is solely email address data that has been compromised, with no address, membership, financial or personal details at risk. The fraudulent email originated from the email address: [email protected]. This is NOT a Club email address.
The Club has sought advice from an independent anti-fraud specialist (Club member) and the recommendation to members as a precautionary measure is to:
• Change the password on any email accounts (work or personal) associated with their RAF Club membership profile
• Change the password on their RAF Club online account at www.rafclub.org.uk
• Be vigilant for any unusual online activity or unexpected emails
• Ensure any Anti-Virus software is up to date
The matter is under Police investigation and has been reported to the National Cyber Security Centre (NCSC)."
Join Date: Feb 2006
Location: Hanging off the end of a thread
Posts: 33,074
Received 2,942 Likes
on
1,253 Posts
Well as the National Lottery users were hacked and I would think their site was a lot more secure, it does not surprise me.
From PN's post, I would doubt there was many of those on the list.
Hope no one is out of pocket.
Vp if you responded to the email, one fears the beers are sadly on you in some scumbag corner of this world be live in.
The apparent leak of the email list is bad but if the membership list has been accessed, the details of many hundreds of serving and former RAF officers and airmen could now be in the hands of criminals – or worse. At the moment, however, there is no indication that this incident involves more than just the RAF Club's email list
Hope no one is out of pocket.
Vp if you responded to the email, one fears the beers are sadly on you in some scumbag corner of this world be live in.
FWIW all the information in an e-mail header can be manipulated by an unscrupulous person. The club have been very good in being open and honest about this straight away, many organisations would not be as proactive in letting their customers/clients know of the possible breach.
The link in the e-mail loads a javascript file that identifies as ransomware on my virus scanner. If you have clicked on it then I would make sure you have a valid backup of your important data and roll back to prior to clicking the link if you are able.
Find out where else your details might have been leaked here:
https://haveibeenpwned.com
The link in the e-mail loads a javascript file that identifies as ransomware on my virus scanner. If you have clicked on it then I would make sure you have a valid backup of your important data and roll back to prior to clicking the link if you are able.
Find out where else your details might have been leaked here:
https://haveibeenpwned.com
I got it too....
Join Date: Dec 2016
Location: London
Posts: 1
Likes: 0
Received 0 Likes
on
0 Posts
The Club appreciates your concern and is continuing to work with the authorities to get more information and Club Members will be advised if anything further comes to our attention.
Join Date: May 2006
Location: Somewhere in England
Posts: 173
Likes: 0
Received 0 Likes
on
0 Posts
I got it but MacAfee Total protection quarantined the e mail immediately as a security risk, then I deleted it, thus no problem. Then I got the official RAF club e mail stating that there had been a problem.
I don't own this space under my name. I should have leased it while I still could
Thread Starter
In contrast Mailwasher flagged it as good and Zone Alarm passed it. Naturally I didn't click the link but my first reaction had been that the Club had sent me a genuine but erroneous bill for a previous but cancelled visit. My Club dues are not for that amount and are not yet due.
Having attended the club the previous Friday and the fact that I was awaiting email confirm from them for a room cancellation, it did not occur to me that it was a fake/scam. Straight into my inbox with no indication it may be suspect and duely opened. The clubs constant engaged tone indicated it wasn't just me that had the issue. I did eventually leave a message, no one came back and I don't think I had the email from the club until later in the day,confirming a scam etc. Major breach one would suspect and we need to be told, why, how, where from and preventative measures.
Last edited by rolling20; 3rd Dec 2016 at 18:01.