Page 1 of 3

SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 9:14 am
by sirhc
So several of our customers have received the following email:



Hello,

Do you have a moment to chat on email? I have an obligation did I would like you to complete ASAP.

Chris Sisler
President
Netonix


This is a SCAMMER, not sure yet how they obtained some of our customer email addresses, I would assume from the forums somehow.

There is no worries other than annoyance as we do not store any credit card info on our web store and the most personal info they could get from us is:

Web store: Your shipping/billing address, email address, phone number and such but no credit card info as we do NOT store this info and CC processing is done via PayPal secure app for Magento.

Forums: Your email address

Mail Server: Your email address

At this point we are not even sure if they got this info from us through some sort of hack, or simply from harvesting info from our list of Distributors on our site and from posts on our forums, or our mail server.

We are looking into it.

If you received this email please post below and let us know.

Re: SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 11:12 am
by patagonia
Thanks for letting us know right away!

Re: SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 11:26 am
by john@citylinkfiber.com
While its good to hear you aren't storing CC data, you are storing PII (Personal Identifying Information) and it seems that some or all of that data has been disclosed.

Most people fail to understand that ANY information leak / disclosure is to much.

Cyber criminals collect data, all data, and build databases of information. They correlate and cross reference this information.
The criminals then use the combined data to better target fraud.

So having your name, email address, shipping address (which many times is the Credit Card Billing address) is really valuable.
If they have your card number and email from a different data breach, now they would have your address which makes the card data more valuable.

Further, they can scrape the emails and build relationship graphs. Fill in additional details from other data breaches.

From a legal perspective any disclosure of PII information is considered a data breach. Multiple US States have specific disclosure rules and the EU / GDPR rules also have specific rules that need to be followed.

sirhc, please seek out help to sort out how and where they got the information.

John Brown, CISSP (Certified Information Systems Security Professional)
While I run a WISP, I also do cyber security as part of my $dayjob

Re: SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 12:13 pm
by jg0007
Thank you so much

Re: SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 12:44 pm
by Kingpin3
john@citylinkfiber.com wrote:While its good to hear you aren't storing CC data, you are storing PII (Personal Identifying Information) and it seems that some or all of that data has been disclosed.

Most people fail to understand that ANY information leak / disclosure is to much.

Cyber criminals collect data, all data, and build databases of information. They correlate and cross reference this information.
The criminals then use the combined data to better target fraud.

So having your name, email address, shipping address (which many times is the Credit Card Billing address) is really valuable.
If they have your card number and email from a different data breach, now they would have your address which makes the card data more valuable.

Further, they can scrape the emails and build relationship graphs. Fill in additional details from other data breaches.

From a legal perspective any disclosure of PII information is considered a data breach. Multiple US States have specific disclosure rules and the EU / GDPR rules also have specific rules that need to be followed.

sirhc, please seek out help to sort out how and where they got the information.

John Brown, CISSP (Certified Information Systems Security Professional)
While I run a WISP, I also do cyber security as part of my $dayjob



I can't say a leaked email address is a particular concern to me, nor you I assume since you've got your Name/Email/Location displayed on a public forum..

Re: SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 12:49 pm
by mrmarria
Thanks for heads up!

Re: SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 1:12 pm
by wtm
Thanks for the info !

Re: SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 1:55 pm
by RoggenBroadBan
HOW LONG HAS THIS BEEN GOING ON!!!

If you have not tried to cover this up and hide information, I find this sorely disappointing. I expect to not be told about a hack/information disclosure for MINIMALLY 3 months after it has happened, do you know what this is going to do to my calendar?!?!?!

Honestly, just reporting the possibility of an information disclosure is frustrating. I expect better from a company that does business internationally.

Please take a page out of Equfax's security notebook, they at least have the decency to not even report being hacked to the authorities until after their C level employees have had the chance to sell off stock.

The inability to follow standard industry practices these days is beginning to make me think these Millennials will really be the end of us all.

P.S. I have not gotten one of these emails, even more disappointing.

Re: SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 2:05 pm
by jpaine619
john@citylinkfiber.com wrote:While its good to hear you aren't storing CC data, you are storing PII (Personal Identifying Information) and it seems that some or all of that data has been disclosed.

Most people fail to understand that ANY information leak / disclosure is to much.



Uh... You deliberately made YOUR email address, city, and first name available to members of this forum. None of that information is required to operate in the forums. Plenty of folks use an alias or leave the information marked private.. So...
Pot meet Kettle..

Re: SCAM EMAIL BEING SENT

Posted: Wed Sep 11, 2019 2:24 pm
by therealboss
Thanks for heads up!