IMPORTANT! Have you received an email to your forum username?

SimonM_2

0dd8a11 wrote: »

I own a domain name and get all emails sent to a different email address in Money Saving Expert case I get it sent to [EMAIL="moneysavingexpert.com@mydomainname.com"]moneysavingexpert.com@mydomainname.com[/EMAIL] this is so I can block emails once a company starts sending spam etc.

The email we all got this morning not only has MSE unique email address it also has my forum username.

What other information has MSE leaked/sold?

I have exactly the same setup as you, and have received two of these messages to an email address I only use for this site, and to my forum name.

Just like you, I wish to know what other information has MSE leaked/sold and exactly how this has happened. I also expect the ICO to be advised of this issue by MSE (http://www.ico.gov.uk/for_organisations/data_protection/lose.aspx) exactly the same as we all would expect if it were any other company such as a bank.

I did of course think it was spam and highly suspect as soon as I saw the message and viewed the source of it rather than the message itself, where the .zip made it even more obvious something clearly wasn't quite as above board as people may think.

DarkConvict

I have not been emailed, and have been on the forums since sept 2009.

PhylPho

mynewaccount wrote: »

[/FONT][/COLOR]
Yep, they bungled it. But now they know better - and they still have the database. It's the work of a few minutes to send out a further email which purports to be from Moneysavingexpert.com and says something along the lines of "Hi, this is Martin, you might have had a scam email recently, make sure you don't open it. We take this seriously so we've got you a deal for some free anti-virus software, just download it from this address..." and how many people would fall for that?

I've no idea. Nor have you.

History, however, tends to demonstrate that when the authors of malware attacks have so little comprehension of the English language that -- as in this case --they can't tell the difference between moneysavingexpert.com and moneyexpert.com, then they're going to be entirely incapable of composing an email as articulate as the one you've just hypothesised.

However. . . In saying that, I'm not disagreeing with your sentiments. Nor questioning your sincerity. What I am saying is that hypothesis-after-hypothesis-after-hypothesis -- all postulated on the basis of could / might / may -- is as extreme in the direction it is headed as an all's-well, Martin's-on-the-case, take-no-action response is in the other.

There needs to be a sense of proportion. And I believe too many posts on here have lost that.

mynewaccount wrote: »

Yes, they bungled it - it could have been much worse. But it could still get worse. Going around and saying "it's spam, just delete it" ignores the real issue. And constantly referring to this email as a "spam" email is itself wilfully playing down the true situation. It wasn't a SPAM email, it was a VIRUS email which, if clicked, could compromise your computer and lead to all manner of problems both for your computer and potentially your bank accounts and real-world finances in the future. There is a danger here and it's wrong to play that down because "Martin does a good job, so he does".

I raised the issue of the dangerous misnaming of this malware infection attempt way, way, way back on this thread. But everyone else -- including Martin and even MSE's Tech guys -- seem intent to keep on calling it 'spam' when it isn't, never was, never could be. So I stopped bothering.

Your description is exactly right and I, too, would be greatly obliged if Martin / MSE would stop compounding the confusion surrounding this situation by glibly mis-defining what has actually happened. Otherwise, yes: some folks are going to think ah, well, so it was only spam then, I get a load of that every day.

However. . . as to how the malware in this case is behaving, I've no idea. Not a single post on here has reported its effects, even though -- in view of the nature of the Trojan family involved -- those effects would be readily noticed. Time goes by and statistics change but on the evidence available to hand this minute, there is nothing to suggest that, compared to the total number of users in the MSE database, a significant percentage have been caught by the malware. We seem still to be going around, diagnosing a condition before all the symptoms are manifest. But the fact that I'm pointing that out doesn't mean I'm not alert to the difference between a cold and cholera.

I don't envy the position that Martin and the MSE team are in one bit, I'm sure they're passionate and committed. But equally at the same time I'm pretty sore that despite the compromise of the forum member list back in July 2009 (I knew about this immediately because I received getting scam mail from Russian dating sites) there was no significant announcement. I looked around the forums at the time, and even posted a few messages, but saw no announcements. And indeed quite the reverse, all I saw was posts from helpful but wrong people assuring me that there was obviously no breach and that "spammers just try every possible email address until they get one that works". Anything but admit a problem.

Again, agreed. I don't envy 'em either. But I'm not happy at the way the "spam email" phrase is being so blithely tossed around and I've never thought MSE handled the previous incident -- which may well have been the one that led to today's situation -- in a way that does those concerned much credit.

Fact: there was a hack. Fact: there is now an attempted scam. Nowt to do with spam, everything to do with a website security breach. Better communication about the hack would've done much to stifle the anger of so many who're now finding out about the scam.

Well and good to say "Well we know there's a new version of vBulletin but it's so much work to upgrade"... Well, yes, but again, staying up-to-date with the latest security patches and releases of software is vital for any serious web-facing system. It's just essential. You should never get yourself into a position (whether through popularity or size or the number of tricked-out features you've added to something) where you can't update your software immediately there is a new security release available. Especially when you're being compromised in ways you don't know or understand.

Again: 100% agreed. MSE is not unique in being an attractive target for scammers by virtue of its sheer size and influence. . . but I can't offhand think of any other site of similar substance that would now publicly admit its security is, er, out of date. And likely to remain so.

Whoever's advising Martin or the MSE tecchies really ought to appreciate that honesty is one thing, potentially dangerous disclosure, another. Yet again, MSE has wrong-footed itself when it needn't have done so.

As will be obvious from my posts, I'm one of those people who says deal with what you're facing today rather than theorise about what you might face tomorrow, on which basis I can only urge MSE to confront the facts as they are and get on -- immediately -- with the task of consolidating this site's defences.

If it means going off-line for a week or more, so be it. Folks will understand. Folks will wait. And if some "user requested options" (I'm quoting MSE here) are incompatible with vBulletin / systems upgrades, then better to sling out the options than sling out the prospect of an up-to-date defence. . .

No-one is trying to be alarmist, but you don't increase your safety by sticking your head in the sand and thinking that it's going to be alright or that the bad guys are stupid or won't do something that's "a bit difficult". If there's a reward, they'll do the difficult thing. They've already hacked one of the UK's largest web forums, that shows you straight away that there's something in it for someone. This is not a game. You work out the potential problems and take the correct actions to guard against them.

True. But posters like myself have never told anyone to stick their heads in the sand (no, I know, you're not accusing me of saying that.) What we have said is take a calm and constructive approach to things and, above all, remember that the more visible you make yourself in the dark alleyways of cyber space, the more likely you're going to get mugged.

Hopefully, some good will come out of this cack-handed malware attack. But only if MSE users reconsider their own behaviour -- and only if MSE itself stops banging on about "spam emails" and bewailing an inability to do what it would like to do in the way of website and user-base defence.

Glad

sheepy71 wrote: »

Just got said message and deleted it immediately! Thanx for the heads up!

as you joined in 2010 can I as if you have voted in the poll on this thread and also forwarded your email and username to webby as detailed below


taken from the pm sent by the mse team today

Please help us work out what's going on...

We have a suspicion that only forumites who joined before Dec 2009 will be receiving these emails, as we are yet to receive verified proof of a breach in 2010 – there was one in 2009 read about that here.

However, if you are a more recent member and have received one of these emails, it would be a massive help if you can forward it to webmaster@moneysavingexpert.com and include your username.

BobbinAlong

As a database admin myself I'm naturally wary, so I run Mailwasher Free to check my mail before it's downloaded to outlook. I don't know if I've had the spam/scam - I think I'd have noticed as the email address is not usually spammed but the mail could have been junked before I noticed as I only carefully check the green or undecided items in mailwasher - the rest are discarded as spam. Then only the accepted items get left for outlook to download.

perlys

just recieved 1 to my name on here as i logged on did.nt even open it after reading all the comments on here how sad that people that try and hack into these sites are. not got much of a life have they

ElkyElky

PhylPho wrote: »

I've no idea. Nor have you.

History, however, tends to demonstrate that when the authors of malware attacks have so little comprehension of the English language that -- as in this case --they can't tell the difference between moneysavingexpert.com and moneyexpert.com, then they're going to be entirely incapable of composing an email as articulate as the one ......blah blah blah.

Do you ever halt? It's an email.. ok, a plain and simple email. A simple email doesn't need to be turned into some sort of Code Red threat issued from a pentagon.

Congratulations for breaking the email down so far, you're inspecting the atoms and electrons that made up the electrical signals sent from the origns router.

We should dumb this down to its simpliest form... Email address + leaked = malicious emails. Welcome to the Internet, sherlock.

PhylPho

ElkyElky wrote: »

Do you ever halt? It's an email.. ok, a plain and simple email. A simple email doesn't need to be turned into some sort of Code Red threat issued from a pentagon.

Congratulations for breaking the email down so far, you're inspecting the atoms and electrons that made up the electrical signals sent from the origns router.

We should dumb this down to its simpliest form... Email address + leaked = malicious emails. Welcome to the Internet, sherlock.

Thanks for that illuminating post. As it doesn't relate to anything I've said or done d'you reckon you might have been infected by this lethal malware that's reportedly doing the rounds???

The_Gerbil

blueberrypie wrote: »

A simple and more secure way around the can't-remember-lots-of-different-passwords issue is to have something that you base your password on, but which creates a different password for each site.

Another way to use secure different passwords for every situation is to use the following utility.
I use the Linux version and it is excellent but I believe the Windows one is just as good.

Windows verson: http://keepass.info/

Linux version: http://www.keepassx.org/

[Edit] I just thought I probably shouldn't be advising people to use things like this. I know I'm a good guy and that these utilities are well respected but in general its not smart to start using a utility some guy on a Forum recommended!

superflygal

I had one but didn't open it and just deleted it, as it wasn't called MoneySavingExpert. I'm sick of weirdos emailing me viruses to download at my leisure, and then having to pay local computer shops £50 to fix them!

SFG x