RAF Club email addresses hacked
Received an email from the RAF Club this morning Dear Customer and apologising for sending an invoice for £204 a week early. An address and phone number from the supplier was in the email together with the inevitable internet link.
Subsequently an email from the real RAF Club is investigating two such messages sent to a small number of members, yeah right, and not to email or phone as they are too busy to reply. They say the message was not believed to be from the Club server. The other odd thing is the message was FROM the RAF Club email address when the payload was from the spammer TO Dear Customer. I guess some might click out of curiosity. |
I received that too. Luckily I didn't click but it was plausible since I used the club not that long ago.
BV |
Thanks for the heads up - I got 2 copies this morning, and now haven't even opened them(and won't) !!
|
The Club said only a small number. Would those members who have not received the emails say so please. That way we can get a cockshy at what constitutes a small number.
|
Originally Posted by Pontius Navigator
(Post 9595369)
Received an email from the RAF Club this morning Dear Customer and apologising for sending an invoice for £204 a week early. An address and phone number from the supplier was in the email together with the inevitable internet link.
Subsequently an email from the real RAF Club is investigating two such messages sent to a small number of members, yeah right, and not to email or phone as they are too busy to reply. They say the message was not believed to be from the Club server. The other odd thing is the message was FROM the RAF Club email address when the payload was from the spammer TO Dear Customer. I guess some might click out of curiosity. |
The displayed "from:" address in an email means very little; you can set most email clients to display whatever "from:" address you want. Look at the full headers to see what the source outgoing mail server was.
|
Nonsense, my point was that the content was self-evidently not FROM the RAF Club but TO the club. Hugely cack handed.
|
I've received 2 copies of this email - both went straight to Junk, and when you look at the actual email address behind the title, it is not from the Club. The postal address at the bottom is also rogue - with a telephone number that I do not believe to be the Clubs.
Slightly worrying about the hack.... |
PN
In post 4 did you mean have or have not received etc ? The originating address on my ipad shows it to be (apparently) from some Plumbing Co in WA |
You shouldn't really simply junk them, if you are using hotmail / outlook etc, it has a link on the top for junk, click the down arrow next to it then click phishing scam, will report it to the relevant authorities and they will take the site it has come from down, as well as deleting it from your emails.
.. |
This was the email I received from the RAF Club (email address was [email protected])
Dear Customer, Please find attached invoice INV-01823 (Amended) for 204.11 GBP. This invoice was sent too early in error. The payment date should be 7th December 2016. Kindly accept our apologies for the oversight and for any inconvenience caused. The amount outstanding of 204.11 GBP is due on 07 Dec 2016. View and pay your bill: https://in.xero.com/xWpt0unExHSOWJMX...scPgq5MVuAZ1a3 If you have any questions, please do not hesitate to contact us. Kind regards, Accounts Department Ashwood Portable Buildings Ltd T +44 (0) 203 633 7115 |
NRU, I received the same message as CGB.
Apart from the nonsense that the invoice should have been sent next week but pay now, the message is plausible as we know th ed Club has works in progress so might need a,portable building. |
May I add myself to the "small list of members?"
|
Further, my Outlook spam filter junked it but my Android phone allowed it.
|
.. and me too, twice.
|
Of course, the big question is how did the scammer get the list of email addresses, or was he/she just lucky. Also is it just email addresses?
|
I posted this under the Royal Air Force Club about the same time as you PN. Being a new name here it had to be cleared by the mods so sorry for the duplication.
So yes. One is one of the few! Exactly as quoted by CGB. Twice. No I didn't open the link either. I did contact the Club. Sorry, but someone had to. Guess there were many. |
+1 for getting the spam.
Gmail automatically flagged it as malicious and dropped it into the spam folder. The Club saying "a small number" is not the same as saying a small percentage. Even if the hack exposed every member email it would still be a "small number" when compared to, say, the talk talk hack. Also, saying the email didn't come from the Club server is technically true if you take that to mean the Club SMTP server did not transmit the spam, but that's not the same as saying the Club server was not the source of the leak in the first place. I strongly suspect the Club server was compromised and the entire membership database has been taken. |
I was one of the "small number" - got the message about the invoice twice around 10am, with neither message being caught by the spam filter. Tried to warn the Club but the phone lines were (not surprisingly) busy and then received the Club's warning message.
|
Stuff, good point.
Hasta, I got through not long after 9 Savannah, no problem, I just thought a separate thread specific to the hack. Of course being moderated would have delayed you anyway. |
All times are GMT. The time now is 19:51. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.