Hi,

For the very first time I've received a spam email sent to an address that I only use with CAG (it's a specific user @ one of my own domains). It's not the address associated with this log in, but from a much earlier account I had here at the peak of the bank charges reclaims. I've not logged into CAG with that account for many years now. Is there any chance that you have a security breach?

Regards,

OMWO

Quite a few spambots use common words prepended to an email domain in the hope of the message getting through. The shorter the word, and the more common it is, the higher probability is that will attract spam.

I would suspect it is just a random hit that got through rather than a security leak.

No probs, just thought I'd better let you know just in case.

I've just received a spam message and can guarantee there's no way my unique email address could be derived or guessed...

From: GOOGLE JOB [mailto:[email protected]]

Sent: 06 October 2017 07:51

To: ***

Subject: WINNER! (Final Notice)

 

 

Hi,

 

 

Please claim your prize.

 

In 24 hours I will deactivate this link and choose someone else.

 

 

--> Click Now To Claim Your Prize!

--> ?M=2204429&N=948&L=1891&F=H>

 

 

May god bless you...

Carolyn

 

 

 

LANGUAGE TRANSLATIONS

 

 

Page 2

CLICK HERE: 1K Daily Profit Swedish ?M=2204429&N=948&L=1890&F=H>

 

 

Page 3

CLICK HERE: 1K Daily Profit Russian ?M=2204429&N=948&L=1889&F=H>

 

 

Page 4

CLICK HERE: 1K Daily Profit Italian ?M=2204429&N=948&L=1888&F=H>

 

 

Page 5

CLICK HERE: 1K Daily Profit German ?M=2204429&N=948&L=1888&F=H>

 

 

Page 6

CLICK HERE: 1K Daily Profit Spain ?M=2204429&N=948&L=1887&F=H>

 

 

Page 7

CLICK HERE: 1K Daily Profit ?M=2204429&N=948&L=1886&F=H>

 

 

Page 8

CLICK HERE: 1K Daily Profit Norway ?M=2204429&N=948&L=1885&F=H>

 

 

Page 9

CLICK HERE: 1kDaily Profit Denmark ?M=2204429&N=948&L=1884&F=H>

 

 

 

To unsubscribe and no longer to receive work from home info & tips, hit link below:

Unsubscribe

 

... /open.php?M=2204429&L=99&N=948&F=H&image=.jpg>

came here to post same thing. Same google job email.

I use a very unique non-guessable email address and password combo for everything.

edit: looks like they have access to your mail server too as the email came via jumbomail, same as your regular emails.

same here.

Mine was the same spam email too.

OMWO

Hi,

 

For the very first time I've received a spam email sent to an address that I only use with CAG (it's a specific user @ one of my own domains). It's not the address associated with this log in, but from a much earlier account I had here at the peak of the bank charges reclaims.

 

Old as in 2013??

http://www.consumeractiongroup.co.uk/forum/showthread.php?394727-CAG-email-database-may-have-been-hacked-beware-spam-emails

Ack, the site breaks that link.

Either correct it manually to remove the space added, or

https://tinyurl.com/y7kamcbt

I've not logged into CAG with this particular username since well before 2008. The only emails I get to the associated email address are CAG newsletters. Today I've now received two copies of the same spam. It is a user I had here back in the early days of bank charges when I was also a site helper.

When I started up with debt queries I set up a new account so that there was no link back to my identity where I was now dealing with the same institutions in different circumstances.

Just got another one, as commented they're using jumbomail and the message purports to come from CAG. Might it be an issue with CAG's mailing service??

Return-Path:

Delivered-To: ********

Received: ************* Tue, 10 Oct 2017 09:53:31 +0100

Received: ************* Tue, 10 Oct 2017 09:53:31 +0100

Received: from mail.jumbomail.org ([51.255.6.188])

by mx2.xxx.xxx.xxx with esmtp (Exim 4.89)

(envelope-from )

id 1e1qI7-0000eX-A4

for *************; Tue, 10 Oct 2017 09:53:31 +0100

Received: by mail.jumbomail.org (Postfix, from userid 0)

id 53123171E52; Tue, 10 Oct 2017 08:12:38 +0100 (BST)

To: ********************************

Subject: Instant 1000% profit. For REAL! Here is how.

X-PHP-Originating-Script: 0:email.php

Message-ID:

Date: Tue, 10 Oct 2017 07:26:36 +0100

From: "MILLIONAIRES MIND"

Reply-To: johnwu143 @ gmail.com

MIME-Version: 1.0

X-Mailer-LID: 82,84,85,86,87,77,76,98,99,100,101,102,75,63,51

List-Unsubscribe:

X-Mailer-RecptId: 2204429

X-Mailer-SID: 949

X-Mailer-Sent-By: 1

Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_2c89ca5305b298e640c7bdc6885ce52d"

Content-Transfer-Encoding: 8bit

X-Spam-Score: 2.1 (++)

X-Spam-Report: Action: no action

Symbol: HAS_REPLYTO(0.00)

Symbol: URIBL_BLOCKED(0.00)

Symbol: FROM_NEQ_ENVFROM(0.00)

Symbol: HAS_PHPMAILER_SIG(0.00)

Symbol: FREEMAIL_FROM(0.00)

Symbol: FREEMAIL_REPLYTO(0.00)

Symbol: MIME_GOOD(-0.10)

Symbol: HAS_X_POS(0.00)

Symbol: RCVD_COUNT_ONE(0.00)

Symbol: FORGED_SENDER(0.30)

Symbol: ARC_NA(0.00)

Symbol: R_SPF_ALLOW(-0.20)

Symbol: RCVD_NO_TLS_LAST(0.00)

Symbol: SUBJECT_HAS_EXCLAIM(0.00)

Symbol: R_DKIM_NA(0.00)

Symbol: DMARC_POLICY_SOFTFAIL(0.10)

Symbol: IP_SCORE(0.00)

Symbol: ASN(0.00)

Symbol: FROM_HAS_DN(0.00)

Symbol: TO_DN_NONE(0.00)

Symbol: TO_MATCH_ENVRCPT_ALL(0.00)

Symbol: PHP_SCRIPT_ROOT(1.00)

Symbol: HAS_INTERSPIRE_SIG(1.00)

Symbol: REPLYTO_DOM_EQ_FROM_DOM(0.00)

Symbol: RCPT_COUNT_ONE(0.00)

Message: (SPF): spf allow

Message-ID: d75e5fb94d5560f39363446f09ab2212 @ em.jumbomail.org

X-Antivirus: Avast (VPS 171009-2, 09/10/2017), Inbound message

X-Antivirus-Status: Clean

From: MILLIONAIRES MIND [mailto:noreply @ gmail.com]

Sent: 10 October 2017 07:27

To: ********

Subject: Instant 1000% profit. For REAL! Here is how.

Hi Guys..

FapTurbo 3.0 is going to offer an instant 25% deposit bonus and .hold your horses 1000% deposit matches 2x trading with it..

CLICK HERE

that`s right.. even before you profit with trading your profit on day 1 !

Here is how:

MORE INFORMATION

The road to the million is being made available exclusively for FapTurbo 3.0 traders.. those brokerages want you to succeed because they trade alongside you not against you. true ECN brokerages.. not like marketmaker casino brokers..

Another huge advantage

Read the full story here about the revolutionary dual Leg ™ system here!

DON'T MISS THIS CHANCE!

Looks like a fabulous christmas is waiting for us!

Sincerly

Johm WU

To unsubscribe and no longer to receive work from home info & tips, hit link below:

Unsubscribe

Had that one (twice - one to the old account email address and one this account email address) here too. Same headers as you would expect. Someone has access to the CAG accounts somehow. Both of my email addresses involved are unique to CAG and not obvious.

OMWO

Can Jumbomail check to see where the redirects are going on the links in these emails?

OMWO

Another one this morning to both addresses - seem to be sending one a day.

OMWO

Quite a few spambots use common words prepended to an email domain in the hope of the message getting through. The shorter the word, and the more common it is, the higher probability is that will attract spam.

 

I would suspect it is just a random hit that got through rather than a security leak.

Been thinking about this, but if that was the case I would have received all the other attempts at making up a name because my email domains are set to allow through any name at the domain. I do this so I can set up unique names for each site I have to provide an email address to. I also use multiple domains, so getting the exact name at the correct domain is far from guesswork or random chance. Both the accounts I have here use different names at different domains.

I've been in IT since the early 1980's, before the internet was something the general public was aware of.

OMWO

I'm very sorry about this.

It seems we may have been hacked – and it won't be the first time.

I'm afraid that we have particular problems because our Webmaster died last week and we are all in a bit of shock and a bit of a mess as well.

I'd ask you to to have patience for the moment. Also please appreciate that even the huge well resource companies like Equifax, Yahoo and loads of others get hacked. I'm afraid that we just don't stand a chance even when things are going well.

Absolutely no problem. I wasn't posting to have a dig, but just to make sure that you were aware that something unusual was going on. I owe so much to this site. I would volunteer to help out with the IT side, but websites, forums and mail hosts are not my strength. I'm mainly a data person. My condolences to the team regarding your loss.

OMWO

ditto, condolences.

Thank you. It's all rather fraught at the moment because there is the personal shock and also there are all the problems of having to get access codes and passwords and access codes and so forth.

I think we may have identified a new Webmaster. You may have noticed that the forum went down for about 10 minutes this afternoon and I think that that was somebody trying to get control of the system back for us and I think it has been successful.

Next thing will be to try and have a look at our email system and see what is going wrong – but I expect it will take some time.

I didn't imagine that anybody was trying to have a dig at us – but we have received some pretty nasty messages saying that we have sold their email details and they are going to complain about us to the ICO et cetera.

I hope everyone is confident that we would never do that kind of thing. In fact it seems that nobody needs to buy our data anyway – they just steal it!

Just my twopence worth, for what is worth...

I'm glad I use a separate email address to log into forums at a few sites as I have now around 200 spam emails to delete with more coming every min...

At least its not my normal email address..

Hope cag can get it sorted.

At least all I have to do is disable the email address and I'm not loosing anything..

A lot bigger job for cag to sort out there end Tha I have to do!!!

Are all your 200 spam messages being sent through us?

I've no idea! I'm.no techno wizard.

I dont have an @cag email if that's what u mean.

Its the email address that I used to register some time ago.

I do know that I used to get the odd spam email once in a blue moon and now, over the past few days I'm getting loads

Would you mind sending one of them to us on our admin address. Don't forward it. If you could attach it – as an attachment. Then I might be able to get someone to examine it and maybe get some clues from the headers.

Ta

Sorry to hear about the loss of one of your team - condolences.

I didn't get notification this thread had been updated today, presume that's connected with the "Find all posts" error : "connection to localhost:3312 failed (errno=111, msg=Connection refused)"

I just got another message, sent to my CAG specific email so I can identify each one. Have just forwarded all messages to your admin addy, along with headers.

Let me know if I can help - webmaster for 15 odd years, forum moderator and site admin for 13.

I've also received the emails previously mentioned, but fortunately I use unique everything for every site so there is no risk to me personally.

I think the responsible thing to do would be notify your userbase about this while also talking about the possible implications if using the same username/email/passwords on other sites.

best of luck.

Sorry to hear about the loss of one of your team - condolences.

 

I didn't get notification this thread had been updated today, presume that's connected with the "Find all posts" error : "connection to localhost:3312 failed (errno=111, msg=Connection refused)"

 

I just got another message, sent to my CAG specific email so I can identify each one. Have just forwarded all messages to your admin addy, along with headers.

 

Let me know if I can help - webmaster for 15 odd years, forum moderator and site admin for 13.

received. Thank you.

I've also received the emails previously mentioned, but fortunately I use unique everything for every site so there is no risk to me personally.

 

I think the responsible thing to do would be notify your userbase about this while also talking about the possible implications if using the same username/email/passwords on other sites.

 

best of luck.

thanks for the best wishes. I'm afraid that alerting our user base to this is very difficult because it means we would have to send over 1/4 of a million emails. We don't have the capacity for that and also I suppose that we will simply be accused of spamming again. Also, because we are becoming blacklisted in so many places, a lot of the messages simply won't get through.

We try to be as open about it as possible. We don't prevaricate or make excuses. We come right out and tell people if we been hacked. This thread is an example. Unfortunately, we generally speaking only realise it when people start complaining to us.