Go Back  PPRuNe Forums > Aircrew Forums > Military Aviation
Reload this Page >

RAF Club email addresses hacked

Military Aviation A forum for the professionals who fly military hardware. Also for the backroom boys and girls who support the flying and maintain the equipment, and without whom nothing would ever leave the ground. All armies, navies and air forces of the world equally welcome here.

RAF Club email addresses hacked

Old 1st Dec 2016, 11:10
  #1 (permalink)  
I don't own this space under my name. I should have leased it while I still could
Thread Starter
 
Join Date: Dec 2002
Location: Lincolnshire
Age: 76
Posts: 16,570
RAF Club email addresses hacked

Received an email from the RAF Club this morning Dear Customer and apologising for sending an invoice for 204 a week early. An address and phone number from the supplier was in the email together with the inevitable internet link.

Subsequently an email from the real RAF Club is investigating two such messages sent to a small number of members, yeah right, and not to email or phone as they are too busy to reply.

They say the message was not believed to be from the Club server.

The other odd thing is the message was FROM the RAF Club email address when the payload was from the spammer TO Dear Customer. I guess some might click out of curiosity.
Pontius Navigator is offline  
Old 1st Dec 2016, 11:51
  #2 (permalink)  
 
Join Date: Jul 2003
Location: Near the coast
Posts: 1,578
I received that too. Luckily I didn't click but it was plausible since I used the club not that long ago.

BV
Bob Viking is online now  
Old 1st Dec 2016, 11:59
  #3 (permalink)  

Gentleman Aviator
 
Join Date: Jul 2000
Location: Teetering Towers - somewhere in the Shires
Posts: 3,365
Thanks for the heads up - I got 2 copies this morning, and now haven't even opened them(and won't) !!
teeteringhead is offline  
Old 1st Dec 2016, 12:09
  #4 (permalink)  
I don't own this space under my name. I should have leased it while I still could
Thread Starter
 
Join Date: Dec 2002
Location: Lincolnshire
Age: 76
Posts: 16,570
The Club said only a small number. Would those members who have not received the emails say so please. That way we can get a cockshy at what constitutes a small number.
Pontius Navigator is offline  
Old 1st Dec 2016, 12:23
  #5 (permalink)  
 
Join Date: Jan 2007
Location: Lincolnshire
Age: 74
Posts: 104
Originally Posted by Pontius Navigator View Post
Received an email from the RAF Club this morning Dear Customer and apologising for sending an invoice for 204 a week early. An address and phone number from the supplier was in the email together with the inevitable internet link.

Subsequently an email from the real RAF Club is investigating two such messages sent to a small number of members, yeah right, and not to email or phone as they are too busy to reply.

They say the message was not believed to be from the Club server.

The other odd thing is the message was FROM the RAF Club email address when the payload was from the spammer TO Dear Customer. I guess some might click out of curiosity.
Received an email warning from the RAF Club. It was good to get the "Heads Up" in advance of perhaps receiving the "Duff" one. Well done Club Staff. It is never a good idea to click on any link in an email addressed to an un-named addressee.
cyclic35 is offline  
Old 1st Dec 2016, 12:28
  #6 (permalink)  
 
Join Date: Apr 2008
Location: on the ground
Posts: 210
The displayed "from:" address in an email means very little; you can set most email clients to display whatever "from:" address you want. Look at the full headers to see what the source outgoing mail server was.
nonsense is offline  
Old 1st Dec 2016, 12:31
  #7 (permalink)  
I don't own this space under my name. I should have leased it while I still could
Thread Starter
 
Join Date: Dec 2002
Location: Lincolnshire
Age: 76
Posts: 16,570
Nonsense, my point was that the content was self-evidently not FROM the RAF Club but TO the club. Hugely cack handed.
Pontius Navigator is offline  
Old 1st Dec 2016, 12:58
  #8 (permalink)  
 
Join Date: Mar 2007
Location: UK
Posts: 176
I've received 2 copies of this email - both went straight to Junk, and when you look at the actual email address behind the title, it is not from the Club. The postal address at the bottom is also rogue - with a telephone number that I do not believe to be the Clubs.

Slightly worrying about the hack....
30mRad is offline  
Old 1st Dec 2016, 13:19
  #9 (permalink)  
 
Join Date: Jan 2007
Location: UK
Posts: 461
PN
In post 4 did you mean have or have not received etc ?

The originating address on my ipad shows it to be (apparently) from some Plumbing Co in WA
NRU74 is online now  
Old 1st Dec 2016, 13:20
  #10 (permalink)  
 
Join Date: Feb 2006
Location: Hanging off the end of a thread
Posts: 15,802
You shouldn't really simply junk them, if you are using hotmail / outlook etc, it has a link on the top for junk, click the down arrow next to it then click phishing scam, will report it to the relevant authorities and they will take the site it has come from down, as well as deleting it from your emails.


..

Last edited by NutLoose; 1st Dec 2016 at 13:32.
NutLoose is offline  
Old 1st Dec 2016, 13:34
  #11 (permalink)  
 
Join Date: Apr 2009
Location: Hotel Gypsy
Posts: 2,830
This was the email I received from the RAF Club (email address was [email protected])

Dear Customer,

Please find attached invoice INV-01823 (Amended) for 204.11 GBP.

This invoice was sent too early in error. The payment date should be 7th December 2016.
Kindly accept our apologies for the oversight and for any inconvenience caused.

The amount outstanding of 204.11 GBP is due on 07 Dec 2016.

View and pay your bill: https://in.xero.com/xWpt0unExHSOWJMX...scPgq5MVuAZ1a3

If you have any questions, please do not hesitate to contact us.

Kind regards,
Accounts Department
Ashwood Portable Buildings Ltd
T +44 (0) 203 633 7115
Cows getting bigger is offline  
Old 1st Dec 2016, 14:12
  #12 (permalink)  
I don't own this space under my name. I should have leased it while I still could
Thread Starter
 
Join Date: Dec 2002
Location: Lincolnshire
Age: 76
Posts: 16,570
NRU, I received the same message as CGB.

Apart from the nonsense that the invoice should have been sent next week but pay now, the message is plausible as we know th ed Club has works in progress so might need a,portable building.
Pontius Navigator is offline  
Old 1st Dec 2016, 14:30
  #13 (permalink)  
 
Join Date: Jul 2006
Location: Yorkshire
Posts: 185
May I add myself to the "small list of members?"
Top West 50 is offline  
Old 1st Dec 2016, 14:34
  #14 (permalink)  
 
Join Date: Jul 2006
Location: Yorkshire
Posts: 185
Further, my Outlook spam filter junked it but my Android phone allowed it.
Top West 50 is offline  
Old 1st Dec 2016, 14:34
  #15 (permalink)  
ICM
 
Join Date: May 2008
Location: Bishops Stortford, UK
Age: 78
Posts: 397
.. and me too, twice.
ICM is offline  
Old 1st Dec 2016, 14:47
  #16 (permalink)  
 
Join Date: Sep 2014
Location: It's Fairyland!
Posts: 8
Of course, the big question is how did the scammer get the list of email addresses, or was he/she just lucky. Also is it just email addresses?
Thomas Woodrooffe RN is offline  
Old 1st Dec 2016, 14:58
  #17 (permalink)  
 
Join Date: Nov 2016
Location: Maun
Posts: 20
I posted this under the Royal Air Force Club about the same time as you PN. Being a new name here it had to be cleared by the mods so sorry for the duplication.

So yes. One is one of the few! Exactly as quoted by CGB. Twice. No I didn't open the link either. I did contact the Club. Sorry, but someone had to. Guess there were many.
Savanna Dry is offline  
Old 1st Dec 2016, 15:22
  #18 (permalink)  
 
Join Date: Aug 2003
Location: Stamford
Posts: 474
+1 for getting the spam.

Gmail automatically flagged it as malicious and dropped it into the spam folder.

The Club saying "a small number" is not the same as saying a small percentage.

Even if the hack exposed every member email it would still be a "small number" when compared to, say, the talk talk hack.

Also, saying the email didn't come from the Club server is technically true if you take that to mean the Club SMTP server did not transmit the spam, but that's not the same as saying the Club server was not the source of the leak in the first place.

I strongly suspect the Club server was compromised and the entire membership database has been taken.
Stuff is offline  
Old 1st Dec 2016, 15:29
  #19 (permalink)  
 
Join Date: May 2006
Location: North of Watford Gap
Age: 66
Posts: 6
I was one of the "small number" - got the message about the invoice twice around 10am, with neither message being caught by the spam filter. Tried to warn the Club but the phone lines were (not surprisingly) busy and then received the Club's warning message.
Hastalavista is offline  
Old 1st Dec 2016, 15:47
  #20 (permalink)  
I don't own this space under my name. I should have leased it while I still could
Thread Starter
 
Join Date: Dec 2002
Location: Lincolnshire
Age: 76
Posts: 16,570
Stuff, good point.

Hasta, I got through not long after 9

Savannah, no problem, I just thought a separate thread specific to the hack. Of course being moderated would have delayed you anyway.
Pontius Navigator is offline  

Thread Tools
Search this Thread

Contact Us Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.