Jump to content


  • Tweets

  • Posts

  • Recommended Topics

  • Our picks

    • If you are buying a used car – you need to read this survival guide.
      • 1 reply
    • Hello,

      On 15/1/24 booked appointment with Big Motoring World (BMW) to view a mini on 17/1/24 at 8pm at their Enfield dealership.  

      Car was dirty and test drive was two circuits of roundabout on entry to the showroom.  Was p/x my car and rushed by sales exec and a manager into buying the mini and a 3yr warranty that night, sale all wrapped up by 10pm.  They strongly advised me taking warranty out on car that age (2017) and confirmed it was honoured at over 500 UK registered garages.

      The next day, 18/1/24 noticed amber engine warning light on dashboard , immediately phoned BMW aftercare team to ask for it to be investigated asap at nearest garage to me. After 15 mins on hold was told only their 5 service centres across the UK can deal with car issues with earliest date for inspection in March ! Said I’m not happy with that given what sales team advised or driving car. Told an amber warning light only advisory so to drive with caution and call back when light goes red.

      I’m not happy to do this, drive the car or with the after care experience (a sign of further stresses to come) so want a refund and to return the car asap.

      Please can you advise what I need to do today to get this done. 
       

      Many thanks 
      • 81 replies
    • Housing Association property flooding. https://www.consumeractiongroup.co.uk/topic/438641-housing-association-property-flooding/&do=findComment&comment=5124299
      • 160 replies
    • We have finally managed to obtain the transcript of this case.

      The judge's reasoning is very useful and will certainly be helpful in any other cases relating to third-party rights where the customer has contracted with the courier company by using a broker.
      This is generally speaking the problem with using PackLink who are domiciled in Spain and very conveniently out of reach of the British justice system.

      Frankly I don't think that is any accident.

      One of the points that the judge made was that the customers contract with the broker specifically refers to the courier – and it is clear that the courier knows that they are acting for a third party. There is no need to name the third party. They just have to be recognisably part of a class of person – such as a sender or a recipient of the parcel.

      Please note that a recent case against UPS failed on exactly the same issue with the judge held that the Contracts (Rights of Third Parties) Act 1999 did not apply.

      We will be getting that transcript very soon. We will look at it and we will understand how the judge made such catastrophic mistakes. It was a very poor judgement.
      We will be recommending that people do include this adverse judgement in their bundle so that when they go to county court the judge will see both sides and see the arguments against this adverse judgement.
      Also, we will be to demonstrate to the judge that we are fair-minded and that we don't mind bringing everything to the attention of the judge even if it is against our own interests.
      This is good ethical practice.

      It would be very nice if the parcel delivery companies – including EVRi – practised this kind of thing as well.

       

      OT APPROVED, 365MC637, FAROOQ, EVRi, 12.07.23 (BRENT) - J v4.pdf
        • Like
  • Recommended Topics

CAG email database may have been hacked - beware spam emails


style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 1955 days.

If you need to add something to this thread then

 

Please click the "Report " link

 

at the bottom of one of the posts.

 

If you want to post a new story then

Please

Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 

 

Thanks

Recommended Posts

Not had one yet on any of my e-mail addresses.

It is definitely a German telephone area code Stuttgart ( I was there last week).

 

 

It was probably you who set this up to activate when you were back in the UK so you got an alibi laugh.gif:lol:

Link to post
Share on other sites

It was probably you who set this up to activate when you were back in the UK so you got an alibi laugh.gif:lol:

Moi??? I need dx to sort out the simplest computer problem!!

Any Letters I Draft are N0T approved by CAG and no personal liability is accepted.

Please Consider making a donation to keep this site running!

Nemo Mortalium Omnibus Horis Sapit: Animo et Fide:

Link to post
Share on other sites

Don't answer it and don't try to contact them. They have no idea who you are or even if there is an email address with your name on it.

 

 

These work by knowing the second part of the email address like the one for this site. What they do is to send out emails by the tens of thousands with a random generator adding a name in from of the @.

 

 

The majority they send out will bounce back as no such address exists, but once in a while they hit on the correct name to add to the front and that email then goes through. They still have no idea who you are or your email address unless you respond to it and then you alert them to the fact it is live. This is why there is always a question of some sort, in this case "or would you like a further extension?".

Giving no details is also calculated to make you query the invoice.

Don't be tempted to click on the 'If you don't wish to receive these emails any further, click here', that is another of there tricks.

Be especially certain not to click on any attachments that say your invoice (or pics of the pretty girl) are attached. They will contain a virus.

 

 

They are sending this to my email address that was hacked from Consumer Action Group last year.

Link to post
Share on other sites

They are sending this to my email address that was hacked from Consumer Action Group last year.

 

 

it cld be re that (i had some soon after the hack). as connif says though also, once a [problem]mer has an email domain, then they just use software generators for the bit before the @, auto sending hoping for a hit.

 

maybe though it was Brig when he was site team, pinched all the addy's and has been flogging them off in stuttgart :)

Link to post
Share on other sites

as connif says though also, once a [problem]mer has an email domain, then they just use software generators for the bit before the @, auto sending hoping for a hit.

 

 

I have my own domain name from Google and any localpart (that is the bit before '@') will result in a valid email address on that domain. The only spam I am getting is to the exact email address registered on CAG. I see no evidence of 'random generation' of the localpart. If that were the case, my inbox would be littered with every randomly generated localpart on that domain and this has simply never happened to me ever.

 

 

 

 

maybe though it was Brig when he was site team, pinched all the addy's and has been flogging them off in stuttgart :)

 

 

I am not a frequent user of CAG, so I don't know anything of this. I also think it may be tempting fate, given what happened when CAG accused a former CAG employee of wrongdoing in the past.

Link to post
Share on other sites

There has never been a denial that the email server was hacked in fact I believe a warning was published to that fact.

 

 

But in the main, email addresses are random and even if you have your own domain, that doesn't mean it was gleaned by looked through cag servers. There is no such thing as a same email address or server, even the banks have been hacked into.

 

 

You would not get all the random generated attempts, just the one that hit on your particular address.

Link to post
Share on other sites

There has never been a denial that the email server was hacked in fact I believe a warning was published to that fact.

 

That is correct - the announcement was made on the very first post in this thread. Three Caggers then posted (including myself) that their CAG email address had received spam; email addresses they had only ever used on CAG. I reiterate that this random generation of email addresses is NOT being used to spam (at least not to my domain name)

 

 

You would not get all the random generated attempts, just the one that hit on your particular address.

 

 

 

You have missed my point entirely! I have virtually an infinite number of email addresses on my domain name. I don't have to set up each email address, they simply exists automatically. For example if my domain name was mydomain.com then I would have all the possible email addresses on that domain, for example...

 

 

[email protected]

[email protected]

[email protected]

[email protected]

[email protected]

 

 

Currently, I use about 100 such localparts (the bit before the '@'). I just give out the email addresses as I wish WITHOUT having to create them. They can only be used for incoming mail. I trust that has cleared up any confusion.

Link to post
Share on other sites

 

I am not a frequent user of CAG, so I don't know anything of this. I also think it may be tempting fate, given what happened when CAG accused a former CAG employee of wrongdoing in the past.

 

i was only jesting, re the previous banter on thread eg #26/7.

am not accusing anyone.

Link to post
Share on other sites

  • 1 month later...

Just received another email with an 'attached invoice' at my unique CAG email address. I rang the company who the invoice is purported to be from and they have been inundated with calls about the problem.

 

It appears their email system has been hijacked to send out emails to those caggers who had their email addresses hacked from CAG.

 

I know there is little that you can do.

Link to post
Share on other sites

  • 5 months later...

Sorry to bump an old thread but I got a word doc attached to an email to my cag email address today entitled "Debit Note [21650] information attached to this email".

 

The attachment contained a download trojan virus (with only Nod32 being positive for it on VirusTotal).

 

Hopefully I am alone. If not - please delete the email.

Link to post
Share on other sites

As you will know, we did get hacked some time ago and there are some remnants of spam hanging around in the 'get a life' peoples cupboards after an easy ride to money.

 

 

You will know if you have ordered something so are expecting a bill or invoice, so don't open anything you don't recognise. That goes for all email, if it has an attachment and you don't know the sender, (check both the name and senders email address), then never open it.

Link to post
Share on other sites

  • 3 years later...

Just to add for info that the 'p**n blackmail' spams are now heading through on my, unique, CAG email address (cag@*mydomain*.co.uk). I know (hope!) nothing new has happened and there is nothing to be done other than ignore it, but it IS the first time this address has been used, so hope this might help put some other forum users minds at rest.

 

However, this is the blackmail variant without any password attatched which suggests the initial harvesting dates from way back when the email-only was hacked off of the board.

 

As above, yes I accept this could be random guessing but I too own a whole domain and get to see eveything coming in - and 99.9% of the recent 'blackmail', listing site and tablet spams are valid 'to' addressess I have used as unique logins on other sites or shops - mostly but not exclusively quite some time ago. Many of the shop ones are logins for sites long out of business which shows how these things are easily stored in huge databases and can perpetuate almost forever. They are almost always for small outfits that I assume didn't properly update their e-commerce software etc... Funny how I never, ever, get spam to my amazon@*mydomain*.co.uk address I've had since 1999!

 

I think the most worrying one was using an email address related to a security supplier (an actual designer and manufacturer, not a shop) who are in total denial and even tried to tell me 'it must be a worm in your own computer - for a start the from address is your own'. They then shoved a reddit link my way patronising me with 'see, there are a lot of blackmail emails like this - it isn't real'. Yeah, exactly, I know that, but some the data contained within it is... Bangs head against wall.

Link to post
Share on other sites

Just to add for info that the 'p**n blackmail' spams are now heading through on my, unique, CAG email address (cag@*mydomain*.co.uk). I know (hope!) nothing new has happened and there is nothing to be done other than ignore it, but it IS the first time this address has been used, so hope this might help put some other forum users minds at rest.

 

However, this is the blackmail variant without any password attatched which suggests the initial harvesting dates from way back when the email-only was hacked off of the board.

 

As above, yes I accept this could be random guessing but I too own a whole domain and get to see eveything coming in - and 99.9% of the recent 'blackmail', listing site and tablet spams are valid 'to' addressess I have used as unique logins on other sites or shops - mostly but not exclusively quite some time ago. Many of the shop ones are logins for sites long out of business which shows how these things are easily stored in huge databases and can perpetuate almost forever. They are almost always for small outfits that I assume didn't properly update their e-commerce software etc... Funny how I never, ever, get spam to my amazon@*mydomain*.co.uk address I've had since 1999!

 

I think the most worrying one was using an email address related to a security supplier (an actual designer and manufacturer, not a shop) who are in total denial and even tried to tell me 'it must be a worm in your own computer - for a start the from address is your own'. They then shoved a reddit link my way patronising me with 'see, there are a lot of blackmail emails like this - it isn't real'. Yeah, exactly, I know that, but some the data contained within it is... Bangs head against wall.

 

I work in IT, it can be common for spam emails to be sent to randomly guessed names and initials. I've watched several brute force spam attempts where they would literally try every name possible @domain... and also name.commonsurname@domain... as well as simple 2 and 3 letter initials.

 

Type your email addresses into http://www.haveibeenpwned.com and see if they've appeared in any known (public) databases.

 

Also possible for a malicious attachment to grab contact lists from your PC. One of our clients opened a bad attachment, now they get spoofed emails from their contacts, so it can't be proven where the spammers got the contact details from. In fact I get a couple weekly from a client after they opened a malicious attachment.

 

I've also long has suspicions that there are dodgy email blacklist checkers which are harvesting email addresses in this way.

Link to post
Share on other sites

I work in IT, it can be common for spam emails to be sent to randomly guessed names and initials. I've watched several brute force spam attempts where they would literally try every name possible @domain... and also name.commonsurname@domain... as well as simple 2 and 3 letter initials.

 

Type your email addresses into http://www.haveibeenpwned.com and see if they've appeared in any known (public) databases.

 

Also possible for a malicious attachment to grab contact lists from your PC. One of our clients opened a bad attachment, now they get spoofed emails from their contacts, so it can't be proven where the spammers got the contact details from. In fact I get a couple weekly from a client after they opened a malicious attachment.

 

I've also long has suspicions that there are dodgy email blacklist checkers which are harvesting email addresses in this way.

 

Yes I know that they DO randomly generate names @ domain; I'm sure this is prolific, but all I can say is my server will accept absolutely anything and the prefixes are only rarely 'random'; then they are of the random name 'sarah.jones@*mydomain*.co.uk type or 'accounts' / 'sales.ledger' / 'goods_in' / 'payroll' @*mydomain*.co.uk' when associated with the much lower volume spam regarding fake invoices, fake CV's for non existant jobs and the like.

 

I would know if I had been flooded with other junk prefixes, but instead, they are otherwise actual known addresses I have used in the past.

 

I'm aware of that website but it's far from comprehensive and shouldn't be used as absolute proof of anything - as I say I've had a few 'blackmail' types recently based around ancient logins for

ecommerce stores, mostly no longer trading but some were - and the specific password quoted to try and scare me was spot on - thankfully most of the stores still around are

so small time they don't store CC info (and if they did it would be long out of date). None of the five recent specific email, specific password types were on that database.

I didn't even bother telling the owners of the two still going as no doubt they would either not understand or be in total denial just like the access company.

Most of them were cottage industry types selling one or two self manufactured products connected with the marine or fire supression industry, hence most still having ancient

shops relying on either paypal or even 'call us to pay on CC after ordering' type setups.

 

That does also leave any potential hack on my own PC having to be ancient too of course, since not only am I super careful but as I last used some of these email aliases about ten years ago

and don't keep many old emails at all unless very important or relatively recent...

Link to post
Share on other sites

I work in IT, it can be common for spam emails to be sent to randomly guessed names and initials. I've watched several brute force spam attempts where they would literally try every name possible @domain... and also name.commonsurname@domain... as well as simple 2 and 3 letter initials.

 

Type your email addresses into ... and see if they've appeared in any known (public) databases.

 

Also possible for a malicious attachment to grab contact lists from your PC. One of our clients opened a bad attachment, now they get spoofed emails from their contacts, so it can't be proven where the spammers got the contact details from. In fact I get a couple weekly from a client after they opened a malicious attachment.

 

I've also long has suspicions that there are dodgy email blacklist checkers which are harvesting email addresses in this way.

 

I think a number of posters work in IT, and, as commented, we operate our own domains and use the catch-all email function to route messages so we can make up addresses on the fly. As you say, this gives us a unique insight into the techniques spammers use, from random brute-force guesses, which in my experience are relatively rare (I've only seen a couple in 20 years), to compromised databases, which are far more common.

 

It's obvious when a site is compromised, it starts with a trickle of spam and increases as the list is sold on or shared. When this happens, I tend to change my registered email address at the main site and add the compromised address to my blacklist, however most users with a single email address don't have this luxury. As time goes on, it gets harder and harder to work out how your email address came to be shared.

 

In my experience, spoofed email tends to come from the web-based services - Yahoo was particularly bad - and happens when an account is compromised to the extent that the user's contact list is accessed too. That's how emails are sent from a known contact, to trick the user into opening the message. I agree, it is possible for a PC to be infected but with antivirus programs being so common, I think it's rare these days.

 

CAG demonstrated they are one of the more responsible organisations, reporting the breach immediately and responding to the comments we have posted.

 

Others have gone to great lengths to deny any intrusion or refuse to reply/comment... I hope GDPR will put an end to that as they are encouraged to report breaches immediately.

Link to post
Share on other sites

Yes I know that they DO randomly generate names @ domain; I'm sure this is prolific, but all I can say is my server will accept absolutely anything and the prefixes are only rarely 'random'; then they are of the random name 'sarah.jones@*mydomain*.co.uk type or 'accounts' / 'sales.ledger' / 'goods_in' / 'payroll' @*mydomain*.co.uk' when associated with the much lower volume spam regarding fake invoices, fake CV's for non existant jobs and the like.

 

I would know if I had been flooded with other junk prefixes, but instead, they are otherwise actual known addresses I have used in the past.

 

I'm aware of that website but it's far from comprehensive and shouldn't be used as absolute proof of anything - as I say I've had a few 'blackmail' types recently based around ancient logins for

ecommerce stores, mostly no longer trading but some were - and the specific password quoted to try and scare me was spot on - thankfully most of the stores still around are

so small time they don't store CC info (and if they did it would be long out of date). None of the five recent specific email, specific password types were on that database.

I didn't even bother telling the owners of the two still going as no doubt they would either not understand or be in total denial just like the access company.

Most of them were cottage industry types selling one or two self manufactured products connected with the marine or fire supression industry, hence most still having ancient

shops relying on either paypal or even 'call us to pay on CC after ordering' type setups.

 

That does also leave any potential hack on my own PC having to be ancient too of course, since not only am I super careful but as I last used some of these email aliases about ten years ago

and don't keep many old emails at all unless very important or relatively recent...

 

Yes, I agree. I do see generic addressing - accounts, payroll etc but these can easily be derived from a domain list.

 

The compromised addresses I've seen are specific to the site concerned and recently I have seen a massive increase in demands for bitcoin payments to prevent exposure of webcam (I don't have one plugged in) or browsing history / screenshots etc.

 

As I posted 5 years ago, one clear link is vBulletin software, as used by CAG. In these cases I'm getting email to registered addresses plus passwords so it's clear sites using this forum software have been compromised...

Link to post
Share on other sites

FWIW, I checked the unique address I gave to CAG at haveibeenpwned.com to receive the report that I have been pwned:

Oh no — pwned!

Pwned on 1 breached site and found no pastes

Since CAG is the only site that I've given this address, I strongly suspect that CAG is the breached site.

 

Also FWIW, I give unique addresses to each organisation that wants my email address. Unique addresses that have attracted the current run of p**n spam are associated with LastFM (3 breached sites, no pastes but some of the spam quotes the password I used when I last visited lastfm several years ago) and AVAST anti-virus (2 breached sites, no pastes). I'm really shocked at the last of those.

 

Edited to add: BTW, the addresses that I give organisations comprise of a prefix, a delimiter, and a suffix -- the prefix denotes the type of organisation, the delimiter is a non alphanumeric character and the suffix uniquely identifies the organisation when looked up in a table of addresses that I keep. So 'dictionary' attacks (such as every name possible @domain) will not work, which implies beyond reasonable doubt that these addresses have been harvested during one or more breaches.

Edited by Fred Bear
Link to post
Share on other sites

  • Recently Browsing   0 Caggers

    • No registered users viewing this page.

  • Have we helped you ...?


×
×
  • Create New...