Jump to content


  • Tweets

  • Posts

  • Our picks

    • Future Comms issues. Read more at https://www.consumeractiongroup.co.uk/topic/416504-future-comms-issues/
      • 3 replies
    • This is a bit of a lengthy one but I’ll summerise best as possible.
       
      THIS IS HOW THE PHONECALL WENT 
       
      I was contacted by future comms by phone, they stated that they could beat any phone contract I have , (I am a limited company but just myself that needs a business phone and I am the only worker) 
      I told future comms my deal, £110 per month with a phone and a virtual landline, they confirmed that they could beat that, £90 per month with a phone , virtual landline  they also confirmed they would pay Vodafone (previous provider) the termination fee. As I am in business, naturally I was open to making a deal. So we proceeded. 
      Future comms then revealed that the contract would be with PLAN.COM and the airtime would be provided by 02, I instantly told them that this would break the deal as I have poor 02 signal in the house where I live as my partner is on 02 and constantly complaining about bad signal
      the salesman assured me he would send a signal booster box out with the phone so I would have perfect signal.
      so far so good.....
      i then explained this is the only mobile phone I use for business and pleasure, so therefore I didn’t want any disconnection time in the slightest between the switchover from Vodafone to 02
      the salesman then confirmed that the existing phone would only be disconnected once the new phone was switched on.
      so far so good....
      • 14 replies
    • A shocking story of domestic and economic abuse compounded by @BarclaysUKHelp ‏ bank complicity – coming soon @A_Gentle_Woman. Read more at https://www.consumeractiongroup.co.uk/topic/415737-a-shocking-story-of-domestic-and-economic-abuse-compounded-by-barclaysukhelp-%E2%80%8F-bank-complicity-%E2%80%93-coming-soon-a_gentle_woman/
      • 0 replies
    • The FSA has announced large fines against DB UK Bank Limited (trading as DB Mortgages) - DeutscheBank and also against Redstone for their unfair treatment of their customers.
      Please see the links below for summaries and full details from the FSA website.
      It is now completely clear that any arrears charges which exceed actual administrative costs are unfair and therefore unlawful.
      Furthemore, irresponsible lending practices are also unfair and unlawful.
      Additionally there are other unfair practices including unarranged counsellor visits - even if they have been attempted.
      You are entitled to refuse counsellor visits and not incur any charges.
      Any charges for counsellor visits must not seek to make profits. The cost of the visits must be passed on to you at cost price.
      We are hearing stories of people being charged for counsellor visits for which there is no evidence that they were even attempted.
      It is clear that some mortgage lenders are trying to cheat you out of your money.
      You should ascertain how much has been taken from you and claim it back. The chances of winning are better than 90%. It is highly likely that the lender will attempt to avoid court action and offer you back your money.
      However, you should ensure that you receive a proper rate of interest and this means that you should be seeking at least restitutionary damages - which would be much higher than the statutory 8%.
      Furthermore, you should assess whether the paying of demands for unlawful excessive charges has also out you further into arrears and if this has caused you further penalties in terms of extra interest or any other prejudice. This should be claimed as well.
      If excessive unlawful charges have resulted in your credit file being affected, then you should take this into account also when working out exactly what you want by way of remedy from the lender.
      You should consult others on these forums when considering any offer.
      You must not make any complaint through the Ombudsman. your time will be wasted, you will wait up to 2 yrs and there will be a minimal 8% award of interest and no account will be taken of any other damage you have suffered.
      You must make your complaint through the County Court for a rapid and effective remedy.

      http://www.fsa.gov.uk/pages/Library/Communication/PR/2010/120.shtml
      http://www.fsa.gov.uk/pubs/final/redstone.pdf
      http://www.fsa.gov.uk/pubs/final/db_uk.pdf
       
      http://www.fsa.gov.uk/pages/consumerinformation/firmnews/2011/db_mortgages.shtml
      Do you have a mortage arears claim to make? Then post your story on the forum here
        • Like
      • 0 replies
style="text-align:center;"> Please note that this topic has not had any new posts for the last 187 days.

If you are trying to post a different story then you should start your own new thread. Posting on this thread is likely to mean that you won't get the help and advice that you need.

If you are trying to post information which is relevant to the story in this thread then please flag it up to the site team and they will allow you to post.

Thank you

Recommended Posts

Not had one yet on any of my e-mail addresses.

It is definitely a German telephone area code Stuttgart ( I was there last week).

 

 

It was probably you who set this up to activate when you were back in the UK so you got an alibi laugh.gif:lol:

Share this post


Link to post
Share on other sites
It was probably you who set this up to activate when you were back in the UK so you got an alibi laugh.gif:lol:

Moi??? I need dx to sort out the simplest computer problem!!


Any Letters I Draft are N0T approved by CAG and no personal liability is accepted.

Please Consider making a donation to keep this site running!

Nemo Mortalium Omnibus Horis Sapit: Animo et Fide:

Share this post


Link to post
Share on other sites
Not had one yet on any of my e-mail addresses.

It is definitely a German telephone area code Stuttgart ( I was there last week).

 

No it is a UK phone number. If you look at the original email it has the international dial code (+44) for the UK.

Share this post


Link to post
Share on other sites
Don't answer it and don't try to contact them. They have no idea who you are or even if there is an email address with your name on it.

 

 

These work by knowing the second part of the email address like the one for this site. What they do is to send out emails by the tens of thousands with a random generator adding a name in from of the @.

 

 

The majority they send out will bounce back as no such address exists, but once in a while they hit on the correct name to add to the front and that email then goes through. They still have no idea who you are or your email address unless you respond to it and then you alert them to the fact it is live. This is why there is always a question of some sort, in this case "or would you like a further extension?".

Giving no details is also calculated to make you query the invoice.

Don't be tempted to click on the 'If you don't wish to receive these emails any further, click here', that is another of there tricks.

Be especially certain not to click on any attachments that say your invoice (or pics of the pretty girl) are attached. They will contain a virus.

 

 

They are sending this to my email address that was hacked from Consumer Action Group last year.

Share this post


Link to post
Share on other sites
They are sending this to my email address that was hacked from Consumer Action Group last year.

 

 

it cld be re that (i had some soon after the hack). as connif says though also, once a [problem]mer has an email domain, then they just use software generators for the bit before the @, auto sending hoping for a hit.

 

maybe though it was Brig when he was site team, pinched all the addy's and has been flogging them off in stuttgart :)


IMO

:-):rant:

 

Share this post


Link to post
Share on other sites
as connif says though also, once a [problem]mer has an email domain, then they just use software generators for the bit before the @, auto sending hoping for a hit.

 

 

I have my own domain name from Google and any localpart (that is the bit before '@') will result in a valid email address on that domain. The only spam I am getting is to the exact email address registered on CAG. I see no evidence of 'random generation' of the localpart. If that were the case, my inbox would be littered with every randomly generated localpart on that domain and this has simply never happened to me ever.

 

 

 

 

maybe though it was Brig when he was site team, pinched all the addy's and has been flogging them off in stuttgart :)

 

 

I am not a frequent user of CAG, so I don't know anything of this. I also think it may be tempting fate, given what happened when CAG accused a former CAG employee of wrongdoing in the past.

Share this post


Link to post
Share on other sites

There has never been a denial that the email server was hacked in fact I believe a warning was published to that fact.

 

 

But in the main, email addresses are random and even if you have your own domain, that doesn't mean it was gleaned by looked through cag servers. There is no such thing as a same email address or server, even the banks have been hacked into.

 

 

You would not get all the random generated attempts, just the one that hit on your particular address.

Share this post


Link to post
Share on other sites
There has never been a denial that the email server was hacked in fact I believe a warning was published to that fact.

 

That is correct - the announcement was made on the very first post in this thread. Three Caggers then posted (including myself) that their CAG email address had received spam; email addresses they had only ever used on CAG. I reiterate that this random generation of email addresses is NOT being used to spam (at least not to my domain name)

 

 

You would not get all the random generated attempts, just the one that hit on your particular address.

 

 

 

You have missed my point entirely! I have virtually an infinite number of email addresses on my domain name. I don't have to set up each email address, they simply exists automatically. For example if my domain name was mydomain.com then I would have all the possible email addresses on that domain, for example...

 

 

cag@mydomain.com

consumeractiongroup@mydomain.com

moneysavingexpert@mydomain.com

google@mydomain.com

amazon@mydomain.com

 

 

Currently, I use about 100 such localparts (the bit before the '@'). I just give out the email addresses as I wish WITHOUT having to create them. They can only be used for incoming mail. I trust that has cleared up any confusion.

Share this post


Link to post
Share on other sites

 

I am not a frequent user of CAG, so I don't know anything of this. I also think it may be tempting fate, given what happened when CAG accused a former CAG employee of wrongdoing in the past.

 

i was only jesting, re the previous banter on thread eg #26/7.

am not accusing anyone.


IMO

:-):rant:

 

Share this post


Link to post
Share on other sites

Just received another email with an 'attached invoice' at my unique CAG email address. I rang the company who the invoice is purported to be from and they have been inundated with calls about the problem.

 

It appears their email system has been hijacked to send out emails to those caggers who had their email addresses hacked from CAG.

 

I know there is little that you can do.

Share this post


Link to post
Share on other sites

I still get them, I expect others do to. As you say, not a lot can be done but the less responses they receive the quicker they will disappear and cross CAG off their list.

Share this post


Link to post
Share on other sites

Sorry to bump an old thread but I got a word doc attached to an email to my cag email address today entitled "Debit Note [21650] information attached to this email".

 

The attachment contained a download trojan virus (with only Nod32 being positive for it on VirusTotal).

 

Hopefully I am alone. If not - please delete the email.

Share this post


Link to post
Share on other sites

As you will know, we did get hacked some time ago and there are some remnants of spam hanging around in the 'get a life' peoples cupboards after an easy ride to money.

 

 

You will know if you have ordered something so are expecting a bill or invoice, so don't open anything you don't recognise. That goes for all email, if it has an attachment and you don't know the sender, (check both the name and senders email address), then never open it.

Share this post


Link to post
Share on other sites

Just to add for info that the 'p**n blackmail' spams are now heading through on my, unique, CAG email address (cag@*mydomain*.co.uk). I know (hope!) nothing new has happened and there is nothing to be done other than ignore it, but it IS the first time this address has been used, so hope this might help put some other forum users minds at rest.

 

However, this is the blackmail variant without any password attatched which suggests the initial harvesting dates from way back when the email-only was hacked off of the board.

 

As above, yes I accept this could be random guessing but I too own a whole domain and get to see eveything coming in - and 99.9% of the recent 'blackmail', listing site and tablet spams are valid 'to' addressess I have used as unique logins on other sites or shops - mostly but not exclusively quite some time ago. Many of the shop ones are logins for sites long out of business which shows how these things are easily stored in huge databases and can perpetuate almost forever. They are almost always for small outfits that I assume didn't properly update their e-commerce software etc... Funny how I never, ever, get spam to my amazon@*mydomain*.co.uk address I've had since 1999!

 

I think the most worrying one was using an email address related to a security supplier (an actual designer and manufacturer, not a shop) who are in total denial and even tried to tell me 'it must be a worm in your own computer - for a start the from address is your own'. They then shoved a reddit link my way patronising me with 'see, there are a lot of blackmail emails like this - it isn't real'. Yeah, exactly, I know that, but some the data contained within it is... Bangs head against wall.

Share this post


Link to post
Share on other sites
Just to add for info that the 'p**n blackmail' spams are now heading through on my, unique, CAG email address (cag@*mydomain*.co.uk). I know (hope!) nothing new has happened and there is nothing to be done other than ignore it, but it IS the first time this address has been used, so hope this might help put some other forum users minds at rest.

 

However, this is the blackmail variant without any password attatched which suggests the initial harvesting dates from way back when the email-only was hacked off of the board.

 

As above, yes I accept this could be random guessing but I too own a whole domain and get to see eveything coming in - and 99.9% of the recent 'blackmail', listing site and tablet spams are valid 'to' addressess I have used as unique logins on other sites or shops - mostly but not exclusively quite some time ago. Many of the shop ones are logins for sites long out of business which shows how these things are easily stored in huge databases and can perpetuate almost forever. They are almost always for small outfits that I assume didn't properly update their e-commerce software etc... Funny how I never, ever, get spam to my amazon@*mydomain*.co.uk address I've had since 1999!

 

I think the most worrying one was using an email address related to a security supplier (an actual designer and manufacturer, not a shop) who are in total denial and even tried to tell me 'it must be a worm in your own computer - for a start the from address is your own'. They then shoved a reddit link my way patronising me with 'see, there are a lot of blackmail emails like this - it isn't real'. Yeah, exactly, I know that, but some the data contained within it is... Bangs head against wall.

 

I work in IT, it can be common for spam emails to be sent to randomly guessed names and initials. I've watched several brute force spam attempts where they would literally try every name possible @domain... and also name.commonsurname@domain... as well as simple 2 and 3 letter initials.

 

Type your email addresses into http://www.haveibeenpwned.com and see if they've appeared in any known (public) databases.

 

Also possible for a malicious attachment to grab contact lists from your PC. One of our clients opened a bad attachment, now they get spoofed emails from their contacts, so it can't be proven where the spammers got the contact details from. In fact I get a couple weekly from a client after they opened a malicious attachment.

 

I've also long has suspicions that there are dodgy email blacklist checkers which are harvesting email addresses in this way.

Share this post


Link to post
Share on other sites
I work in IT, it can be common for spam emails to be sent to randomly guessed names and initials. I've watched several brute force spam attempts where they would literally try every name possible @domain... and also name.commonsurname@domain... as well as simple 2 and 3 letter initials.

 

Type your email addresses into http://www.haveibeenpwned.com and see if they've appeared in any known (public) databases.

 

Also possible for a malicious attachment to grab contact lists from your PC. One of our clients opened a bad attachment, now they get spoofed emails from their contacts, so it can't be proven where the spammers got the contact details from. In fact I get a couple weekly from a client after they opened a malicious attachment.

 

I've also long has suspicions that there are dodgy email blacklist checkers which are harvesting email addresses in this way.

 

Yes I know that they DO randomly generate names @ domain; I'm sure this is prolific, but all I can say is my server will accept absolutely anything and the prefixes are only rarely 'random'; then they are of the random name 'sarah.jones@*mydomain*.co.uk type or 'accounts' / 'sales.ledger' / 'goods_in' / 'payroll' @*mydomain*.co.uk' when associated with the much lower volume spam regarding fake invoices, fake CV's for non existant jobs and the like.

 

I would know if I had been flooded with other junk prefixes, but instead, they are otherwise actual known addresses I have used in the past.

 

I'm aware of that website but it's far from comprehensive and shouldn't be used as absolute proof of anything - as I say I've had a few 'blackmail' types recently based around ancient logins for

ecommerce stores, mostly no longer trading but some were - and the specific password quoted to try and scare me was spot on - thankfully most of the stores still around are

so small time they don't store CC info (and if they did it would be long out of date). None of the five recent specific email, specific password types were on that database.

I didn't even bother telling the owners of the two still going as no doubt they would either not understand or be in total denial just like the access company.

Most of them were cottage industry types selling one or two self manufactured products connected with the marine or fire supression industry, hence most still having ancient

shops relying on either paypal or even 'call us to pay on CC after ordering' type setups.

 

That does also leave any potential hack on my own PC having to be ancient too of course, since not only am I super careful but as I last used some of these email aliases about ten years ago

and don't keep many old emails at all unless very important or relatively recent...

Share this post


Link to post
Share on other sites
I work in IT, it can be common for spam emails to be sent to randomly guessed names and initials. I've watched several brute force spam attempts where they would literally try every name possible @domain... and also name.commonsurname@domain... as well as simple 2 and 3 letter initials.

 

Type your email addresses into ... and see if they've appeared in any known (public) databases.

 

Also possible for a malicious attachment to grab contact lists from your PC. One of our clients opened a bad attachment, now they get spoofed emails from their contacts, so it can't be proven where the spammers got the contact details from. In fact I get a couple weekly from a client after they opened a malicious attachment.

 

I've also long has suspicions that there are dodgy email blacklist checkers which are harvesting email addresses in this way.

 

I think a number of posters work in IT, and, as commented, we operate our own domains and use the catch-all email function to route messages so we can make up addresses on the fly. As you say, this gives us a unique insight into the techniques spammers use, from random brute-force guesses, which in my experience are relatively rare (I've only seen a couple in 20 years), to compromised databases, which are far more common.

 

It's obvious when a site is compromised, it starts with a trickle of spam and increases as the list is sold on or shared. When this happens, I tend to change my registered email address at the main site and add the compromised address to my blacklist, however most users with a single email address don't have this luxury. As time goes on, it gets harder and harder to work out how your email address came to be shared.

 

In my experience, spoofed email tends to come from the web-based services - Yahoo was particularly bad - and happens when an account is compromised to the extent that the user's contact list is accessed too. That's how emails are sent from a known contact, to trick the user into opening the message. I agree, it is possible for a PC to be infected but with antivirus programs being so common, I think it's rare these days.

 

CAG demonstrated they are one of the more responsible organisations, reporting the breach immediately and responding to the comments we have posted.

 

Others have gone to great lengths to deny any intrusion or refuse to reply/comment... I hope GDPR will put an end to that as they are encouraged to report breaches immediately.

Share this post


Link to post
Share on other sites
Yes I know that they DO randomly generate names @ domain; I'm sure this is prolific, but all I can say is my server will accept absolutely anything and the prefixes are only rarely 'random'; then they are of the random name 'sarah.jones@*mydomain*.co.uk type or 'accounts' / 'sales.ledger' / 'goods_in' / 'payroll' @*mydomain*.co.uk' when associated with the much lower volume spam regarding fake invoices, fake CV's for non existant jobs and the like.

 

I would know if I had been flooded with other junk prefixes, but instead, they are otherwise actual known addresses I have used in the past.

 

I'm aware of that website but it's far from comprehensive and shouldn't be used as absolute proof of anything - as I say I've had a few 'blackmail' types recently based around ancient logins for

ecommerce stores, mostly no longer trading but some were - and the specific password quoted to try and scare me was spot on - thankfully most of the stores still around are

so small time they don't store CC info (and if they did it would be long out of date). None of the five recent specific email, specific password types were on that database.

I didn't even bother telling the owners of the two still going as no doubt they would either not understand or be in total denial just like the access company.

Most of them were cottage industry types selling one or two self manufactured products connected with the marine or fire supression industry, hence most still having ancient

shops relying on either paypal or even 'call us to pay on CC after ordering' type setups.

 

That does also leave any potential hack on my own PC having to be ancient too of course, since not only am I super careful but as I last used some of these email aliases about ten years ago

and don't keep many old emails at all unless very important or relatively recent...

 

Yes, I agree. I do see generic addressing - accounts, payroll etc but these can easily be derived from a domain list.

 

The compromised addresses I've seen are specific to the site concerned and recently I have seen a massive increase in demands for bitcoin payments to prevent exposure of webcam (I don't have one plugged in) or browsing history / screenshots etc.

 

As I posted 5 years ago, one clear link is vBulletin software, as used by CAG. In these cases I'm getting email to registered addresses plus passwords so it's clear sites using this forum software have been compromised...

Share this post


Link to post
Share on other sites

FWIW, I checked the unique address I gave to CAG at haveibeenpwned.com to receive the report that I have been pwned:

Oh no — pwned!

Pwned on 1 breached site and found no pastes

Since CAG is the only site that I've given this address, I strongly suspect that CAG is the breached site.

 

Also FWIW, I give unique addresses to each organisation that wants my email address. Unique addresses that have attracted the current run of p**n spam are associated with LastFM (3 breached sites, no pastes but some of the spam quotes the password I used when I last visited lastfm several years ago) and AVAST anti-virus (2 breached sites, no pastes). I'm really shocked at the last of those.

 

Edited to add: BTW, the addresses that I give organisations comprise of a prefix, a delimiter, and a suffix -- the prefix denotes the type of organisation, the delimiter is a non alphanumeric character and the suffix uniquely identifies the organisation when looked up in a table of addresses that I keep. So 'dictionary' attacks (such as every name possible @domain) will not work, which implies beyond reasonable doubt that these addresses have been harvested during one or more breaches.

Edited by Fred Bear

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 Caggers

    No registered users viewing this page.


  • Have we helped you ...?


×
×
  • Create New...