IMPORTANT! Have you received an email to your forum username?

ElkyElky

VictimOfImpersonation wrote: »

From your signature, we can see you work for the banks, ElkyElky. Interesting to have a banker's take on this thread

Salted hash anyone? ...

My signature is a list of credit cards I currently have - it's not a list of my employers.

sheepy71

Just got said message and deleted it immediately! Thanx for the heads up!

portlandboy

I just got one today - thanks to the warnings I was half expecting it so no harm done...I hope!
I also noticed that it was from "moneyexpert" rather than "moneysavingexpert".

VictimOfImpersonation

ElkyElky wrote: »

My signature is a list of credit cards I currently have - it's not a list of my employers.

Didn't say it was, but at those rates I was not wrong, was I?

ElkyElky

VictimOfImpersonation wrote: »

Didn't say it was, but at those rates I was not wrong, was I?

The rates are irrelevant. Those figures are out of date, I repay my cards by direct debit in full except for the HSBC which is currently enjoying 0% for another 6 months or so. :j

PhylPho

VictimOfImpersonation wrote: »

As DocN and others have said, the symptoms suggest that it is a given that MSE passwords have also been harvested ... probably during one of the serious Denial of Service attacks against MSE that were reported when the OFT versus the Banks case was reaching a climax.

Hysteria does nothing to help people who aren't as familiar with the ways and means of protecting themselves from online threats as they should be.

A DOS attack is intended to incapacitate a site. Such an attack will only result in a data breach if the keeper of that data was incapable of holding it securely. Recently, a DOS attack was mounted against one of the UK's most noxious law firms, ACS:Law. In struggling to get back up again, the site briefly exposed unencrypted data which was picked up and circulated worldwide via the Net. Also caught up in the aftermath of the DOS attack was British Telecom, which transferred unencrypted data to ACS:Law which then held it insecurely.

The above is an example of what *can* in the most *rare* of circumstances happen. But banging on about DOS attacks and password hacking as if both are axiomatically linked, and doing this in the context of what's happened here at MSE, is to elevate the tiny trace of a wandering mole into the North Face of The Eiger.

VictimOfImpersonation wrote: »

Laying the recent trojan bait & trap is just one potential use of those passwords and email addresses. There are likely to be other less obvious attacks going forward. These people are not dumb. Serious money changes hands for this type of data. It is a big industry with organised criminals ultimately controlling it.

I said in a much earlier post how dumb most scammers are and how this muddled exercise where MSE is concerned proves it. Yes: a healthy awareness of risk is essential, but to say of scammers "these people are not dumb" is to raise a spectre of evil omnipotence that simply isn't true.

Scaremongering plays directly into the hands of those who rely on fear to turn a profit, as in the case of those countless thousands of computer users frightened witless by phony pop-up AV scans created by scareware scammers to propel such users into buying non-existent software (or to persuade 'em into providing credit card and other personal / financial details that can then be exploited yet further.)

Given that the more frightened the person, the bigger the mug, your statement:

"It is a big industry with organised criminals ultimately controlling it"

is just the kind of scareware puffery scammers love to read. What are you trying to say here? Lex Luthor Rules The World? We're all doomed without Batman?

'Organised criminals' don't control *anything*. Organised Crime, be it Russian, Chinese, or former Eastern Block has its fingers in the pie of the cyber world just as it has its fingers in the pie of the real world.

But Disorganised Crime of the sort apparent in the MSE case -- and stuff like the advance fee fraud emails from relatives of Nigerian Finance ministers, or the kind of crackpot website fraud currently chronicled on MSE thread:

https://forums.moneysavingexpert.com/discussion/2513613

exponentially outweighs the activities of professional cybercrime outfits.

VictimOfImpersonation wrote: »

As MSE is likely to be a recurring target for DoS attacks due to its frequent conflicts with big business, MSE users would probably be well advised to change their passwords to something unique that they do not and will not use for anything else, and if they have used the old password for something else then that also needs changing as a matter of urgency.

Why on earth are you hedging advice that is basic, simple, and straightforward commonsense with such weird qualifications? The fact is:

No Internet user should ever use the same name or the same password on any Internet account she / he may hold.

Anyone who treads the Internet leaves their footprints behind 'em. Anyone who uses the same name or same password on different accounts leaves the same foot prints, all leading back to the same place. Whereas those who change their footwear are just random passers-by, not easily tracked or traced and ultimately identified. And that's it. End of story.

Festooning that simple truth with all that rhubarb about how MSE "is likely" to experience this, that or the other, or the "would probably be well advised", seems to show you’re not even certain of what you’re recommending.

As to all the paranoia and scaremongering rampant in various other comments on this thread, how about dealing with some facts for a change? As in:

(1) Purpose of the email hit was to trick recipients into installing malware on their computer. The exercise went insanely wrong because the con depended on persuading recipients that the email was from moneysavingexpert.com. Instead, the morons bombarded their MSE targets with text about moneyexpert.com and an invitation to use a new “tool” from moneyexpert.com.

(2) Anyone who read the email but didn’t click the link is safe. Anyone who trashed the email is safe. Anyone who received the email in their spam box and deleted it is safe, whether on their computer or server-side.

(3) Any Moneysavingexpert member who clilcked on the email link and wound up acquiring the Moneyexpert “tool” has quite possibly landed themselves with a variant of Win32/Bamital, a TrojanDropper family long known for its antics. Microsoft has a useful description here:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper:Win32/Bamital.C

(4) No-one wants malware so no-one wants this on their computer. But as malware goes, there’s much scarier stuff than this around. Bamital family activities are instantly recognisable; the Trojan is removeable.

(5) The bungling scammers – who I doubt were the hackers responsible for what may well have been an original vBulletin vulnerability exploit – went the malware infection route because either they’ve neither the time nor the skills to crack every encrypted user password. . .

Or they never had any user passwords in the first place. There’s not a shred of proof either way that a single MSE user password has been harvested.

As to the "threat" of or "danger" from using MSE, why am I not surprised that none of the doom-gazers on this thread have bothered to point out that every single MSE user who has a Microsoft Hotmail email account and / or a Facebook account is several thousand times more likely to fall victim to scammers than any MSE member who uses neither?

But perhaps, given such posters' seemingly vast knowledge of cybercrime and cyber safety, they, er, somehow missed out on awareness of that?

It's been all too easy to invoke a catalog of horrors in respect of this botched scam, instead of seizing the opportunity that arises at a time like this to provide other MSE members with information that's unambiguous, unsensationalist, and may actually help 'em rather than frighten 'em to death.

HellBoy_2

i've just had a popup appear saying that i've just received an email from you (mse webmaster) and to click ok to read it. i clicked cancel and looked at my email box to discover nothing there.

Rossy.

HellBoy wrote: »

i've just had a popup appear saying that i've just received an email from you (mse webmaster) and to click ok to read it. i clicked cancel and looked at my email box to discover nothing there.

that pop up was a genuine message.

It's just the MSE webmaster informing you of the issue that has taken place

fermi

HellBoy wrote: »

i've just had a popup appear saying that i've just received an email from you (mse webmaster) and to click ok to read it. i clicked cancel and looked at my email box to discover nothing there.

It would have been a PM sent out en mass, not an email. Hence the forum pop-up notification.

Click ----> Private Messages to read it.

Copy below:

MSE_Webmaster wrote:

Hi,

This is a belt n braces PM just in case you haven’t seen the forum-wide announcement. Some MSE forum users have been receiving a spam email from malicious hackers, purporting to be from 'Money Expert' and addressed to their MSE forum usernames. (read full MSE News story: Forum members warned)

In most cases its goes straight to people’s spam/junk file, but if not please don’t open the email – it is not from us (nor is it from the money expert website). It contains a link leading to a type of virus called a 'Trojan' so please DO NOT CLICK THAT LINK! (It’s also an important reminder to read about Free Anti-Virus software and backup all your files regularly).

We want to outline the risks for you and what steps you should take though...

• We don't hold any personal data on individuals - barring email addresses. That is and always has been a deliberate policy both because we don't need/want more data than this, plus in the event something like this happens (and attempts are made every minute!) so at worst if you’re one of those affected these people only have your email and possibly forum user name
• If you use the same password as with your bank - consider changing it urgently. We have absolutely NO evidence that forum users passwords have been accessed, it would be a particularly difficult thing to break the encryption. However if you use the same password here as for a bank website or any other that holds sensitive personal data, and use the same email as your forum email – we suggest you change those passwords as a precaution.

As a general rule it is always bad practice in any forum or social networking site to use a password that you use for secure data.

We apologise wholeheartedly for the hassle caused - we've been through some major security exercises over the last year including bringing in outside consultants to check for any flaws, to try and avoid instances like this. Yet this unfortunately reflects the murkier side of the internet that it is a constant battle to keep out.

We are still investigating, and will continue to update this thread with any new information we find:
https://forums.moneysavingexpert.com/discussion/2866884

Please help us work out what's going on...

We have a suspicion that only forumites who joined before Dec 2009 will be receiving these emails, as we are yet to receive verified proof of a breach in 2010 – there was one in 2009 read about that here.

However, if you are a more recent member and have received one of these emails, it would be a massive help if you can forward it to webmaster@moneysavingexpert.com and include your username.

Thanks

The MSE Team

PaulBear

PhylPho I understood everything that you said but then again I am a bit of a geek.
Unfortunately your good intentions probably bamboozled loads of users who just are not and cannot be bothered to be tech savvie and why should they. They have lots of other stuff that is more important to them and they just like nice, simple and straightforward information in plain speak that can keep them safe whilst enjoying the fun and everything else online. Afterall, how many of us can now service our own cars?