Consumer Action Group Hacked!

Mr_MD

I have had a similar problem. I have my own domain name which allows limitless email addresses and just like Paul Varjak I have just had a series of phishing emails with a virus file attached sent to my unique CAG email address. I informed them of this via their online contact form upon receiving the 3rd email. I got no reply or acknowledgement.

So after a couple of days and upon receiving a 4th email with a virus I decided to start following thread.

" Hi There

I have had a number of phishing emails with virus file attachments sent to me in the last couple of weeks (4 in total so far). This is not unusual in this day and age you say but, and this is important, they are only being sent to my unique CAG email address.

Now this is a concern but it is not unusual that email addresses are leaked by workers or people who have access to the database, including hackers. I have had my details leaked by at least 2 financial institutions and I suspect the FSA and or COLP to boot as they were given a unique address that somehow my personal details, with the unique email addresses got into the hands of [problem]mers (why is an anagram of sacmmers or specifically sacm a problem?) organisations. I actually found out who the culprit was from Saxo bank. It was one of their former marketing managers and I got emails from every company he made his way through over the next 3 years before it got sold to a number of different target lists for overt [problem]mers.

I note that even CAG is not immune to the [problem]mers as there is a company calling themselves Reclaim the Right ltd has been doing the rounds with sient and [problem] calls in recent years. The virus emails, which all seem to be the standard delivery or missed delivery notice, in my case Amazon LOL are the cover to try and push through the virus files.

So beware and may I suggest that people with a point to raise should consider buying their own domain or sub domain and get an email service from a provider and mail client software. This way you too can issue unique email addresses to your various internet accounts and will find out who is leaking your details. This type of personal security allows you to verify who is sending emails to you and if there is a leak, you will have the evidence to prove where the leak originated"


At first one of the site team Conniff posted a reply stating that the issue was with a random blanket attack using smiff1 smiff2 etc. It was just what I considered as a patronising blow off.

So when I tried to reply I found that the thread was yanked by Conniff. I was obviously not happy with this or the fact that it had been pulled just as they had placed a dismissive reply and I had not been contacted by CAG regarding my complaint or that it is apparent that something had gone very wrong. This along with the fact that my details on the CAG website were used in this attempted multiple attack. I was and I am still annoyed because these details are something that should be secure and they were given in good faith and trust. Keeping this in mind this is what ensued.



From : Conniff
To : mdfrance
Date : 2013-10-01 11:37
Title : Email addresses and Phishing

---

Good Morning,

You thread has made allegations that staff have 'leaked' unique email addresses.

I will send your thread up to the administrator so they can comment.

In the meantime, I have unapproved your post.

Regards

Conniff
Site Team

================================================================================
From : mdfrance
To : Conniff
Date : 2013-10-01 12:09
Title : Re: Email addresses and Phishing

---

With all due respect it could have been stolen though hacking from your server or that of a partner who has been given the mailing list. Which also means it was sold or stolen by from them. I find it surprising that you have chosen to unapprove the thread, at least if any other CAG users received the same phishing/virus attack they can inform you and it will allow CAG to take appropriate action and warn site users. Next time I suggest that the Administrators reply to my internal contact message instead of the requirement for me to announce these targeted attacks on the forum. Would you not rather the problem be announced and discussed here rather than somewhere else where there is no control over what is discussed and portrayed.


================================================================================
From : Conniff
To : mdfrance
Date : 2013-10-01 12:57
Title : Re: Email addresses and Phishing

---

If you had taken the time to do a search of the forums, you would have been presented with a thread that was started last June on the very subject by the site owner, you will also notice that
I am also included in those that have notified the spam / phishing being sent to their address.

This forum does NOT sell, give away or share information or 'mailing lists' as you call them, or any other information of a personal nature.

Regards

Conniff
Site Team

================================================================================
From : mdfrance
To : Conniff
Date : 2013-10-01 13:17
Title : Re: Email addresses and Phishing

---

There is no need to be defensive or in fact be confrontational in tone because it is counterproductive. If this is your stance then all I can say is that either CAG has been hacked or you have someone who is leaking information. I think that it is the former rather than latter. So let me point something out and make myself perfectly clear. I HAVE BEEN TARGETED and the email address to which it has been aimed HAS BEEN OBTAINED FROM THE CAG. Needless to say getting stroppy will only inflame the issue and I will have no choice than to COMPLAIN TO THE ICO so get off the high horse and tell the owner because you are not helping at all and in fact making it far worse.

================================================================================
From : Conniff
To : mdfrance
Date : 2013-10-01 13:20
Title : Re: Email addresses and Phishing

---

I find your pm rather offensive and it has been passed to the administrator.


Regards
Conniff

================================================================================
From : mdfrance
To : Conniff
Date : 2013-10-01 15:01
Title : Re: Email addresses and Phishing

---

I knew this was coming. You are exhibiting the attitude of a typical forum administrative troll. Likes to patronise, boss around and offend and takes dramatic and outraged offence and makes it about themself when given the same treatment in return. I found your attitude dismissive and patronising and I took offence and sincerely hope you make it clear what you are offended by in my previous message as it was MY personal details which have been compromised that in turn led to an attempted email virus attack and I believe probably all the members have been subjected to similar emails. I have every right to be annoyed, especially when I have made every effort to make every online account that I use secure and managed in a way that allows me to raise an alert when something goes wrong. It becomes even more annoying when those whose servers have been compromised becomes dismissive and try to deny the fact!

What's next, do you really want the last word on being pretentiously offended!!. I suggest you detach yourself from your little power trip and return to the the real matter to hand and think about the urgency of warning the owners and members of the email phishing/virus issue and possible security breach and that their details may have been illegally obtained rather than concentrating on the pretence of your not so fragile ego.

In fact as you have displayed that you are not capable of dealing with this logically and courteously, I suggest that instead of a compiling another unsuitable and inflammatory retort that will will end in an official complaint to the ICO, is is best that you get the owners to contact me directly as your own attitude has made this matter far worse and believe you don't realise what a serious and damaging an issue this is.

================================================================================
From : Conniff
To : mdfrance
Date : 2013-10-01 15:29
Title : Re: Email addresses and Phishing

---

How dare you. If you want the owner to contact you, then I suggest you request that from him personally.

================================================================================
From : mdfrance
To : Conniff
Date : 2013-10-01 17:02
Title : Re: Email addresses and Phishing

---

How dare I, How dare you,Who do you think you are? I'm afraid you are being very foolish.

You have just proven my point about forum admin trolls in 3 words and proven that you are not capable of having a position of responsibility on this site and frankly a disgrace to the site and what it aims to achieve. In any other profession you would be for the chop, that is if you were in a real[/Ul job. It is obvious that you have no interest in the safety of the members personal details but your own self importance and petty ego

As a result I now wish to make a formal complaint regarding your unprofessional conduct and formally request your removal from the site team and any involvement with policy issues, complaints and interfering with threads. Also directly due to your objectionable, dismissive and frankly disgraceful attitude I WILL raise a formal complaint with the ICO and prepare to publish these messages on other boards and state that CAG it is no longer a safe and trustworthy site to use. So unless the you get the owner to contact me by tomorrow morning, the complaint to the ICO will be lodged and posts on other sites made and it will be apparent that you are to blame for the necessity to do so.

That was the end of that conversation and I sent a message through the main CAG contact page

I request that either of the directors, Mr Gander and Mr Martin contact me within the next 24hrs regarding my CAG unique email address being obtained by internet attackers and used to send phishing/virus emails. Unfortunately due to the behaviour of one of the site team the situation has deteriorated to the point that I wish to make an official complaint.

As a result of their attitude I also wish to raise a formal complaint against Conniff, one of the site team and their attitude toward my complaint and a subsequent email exchange which indicates that they are not capable or understands the seriousness of this issue. What's more, after my last message, my password was somehow expired requiring a renewal. Could be a coincidence but I very much doubt it

Due to that persons idiotically dismissive and disingenuous behaviour I have decided to compile a formal complaint to the ICO and I am preparing a new post for other sites outlining my complaint regarding the CAG website, with the exchange of messages and warning that the site may have been compromised and details of members obtained. ..

Sometimes the snotty and superior attitude of an admin troll is extremely counterproductive and can not just fan the flames but throw petrol on them. I suggest that you remove all admin privileges from this person. How they handled this has not only undermined the integrity of CAG but every bit of advice that they may have given themselves. Furthermore, their singular arrogant foolishness may very well lead to serious damage to the reputation of CAG for which it may take some time to repair, if at all.

Sincerely


As you see they have not replied. I may have been harsh but it was my details that have ended up in the hands of internet attackers and CAG are responsible, in this there is no doubt. Frankly given the way it was handled it was through shear self constraint that expletives were not used.

I have witnessed a number of exchanges in recent years of what I call is a victim troll. They are determined to get a rise out of someone so they can take the moral high ground. The worst of all are mediators or long term contributors, a fair number of which use the position of responsibility for a ego trip while acting like an asinine jobsworth. Funny thing is the longer in the position the more snotty and impolite they get but offended in such a melodramatic way when they are treated the same way.

All I can say if this is what CAGGERS have to contend with when something goes wrong then more fool Messrs Gander (or is it Brooke-Gander) and Martin as they are allowing unsuitable people to act on their behalf. What is worse is that at least the members email addresses have ended up in crooks hands and they are trying to avoid responsibility. If it were any other site they would be up in arms. Hypocritical is not a strong enough word but for now it will do.

P.S. A big question is this, if they were aware of the hack, why didn't I get an email warning me of this instead of a snippy comment saying "if you had taken the time to do a search on the forums" when I informed them what has happened to me!

jwruk

Paul_Varjak

The question of alleged security breaches by CAG employees has been a sore topic following Marc Gander's forced apology to his former employee a few years back...

http://www.pressbox.co.uk/cgi-bin/links/page.cgi?g=detailed%2F320437.html;d=1

Mr_MD

JWRUK

That's just what I need. Sometimes I think it's a pity you can't drop one in a Forum in order to display through the sense of smell exactly what you think of a comment or post

LOL:rotfl:

peachyprice

infinitelybig wrote: »

Like the OP I am also receiving spam to my CAG email address despite it being registered only with CAG.

I don't have an email address that I only use for CAG, but over the last 4-5 days I have had an increase in spam email, a few with zip files attached. Coincidence?

Paul_Varjak

Mr_MD wrote: »

JWRUK

That's just what I need. Sometimes I think it's a pity you can't drop one in a Forum in order to display through the sense of smell exactly what you think of a comment or post

LOL:rotfl:

It was some while ago that Marc Gander, on the CAG website, made a 'public announcement' (i.e. scathing attack) against his former employee. I cannot remember the details now but the words he used showed no reservation whatsoever and most (possibly all) turned out to be untrue! They were certainly much stronger than words you have used.

If you are lucky, you may still find the offending words on the internet archive...

https://archive.org/web/web.php

Paul_Varjak

If I remember rightly, Marc Gander even appealed for funds on CAG for the impending libel case with that former employee.

I wonder what caggers thought when Gander issued an unreserved apology instead?

Blackbeard_of_Perranporth

Reading this, it more sounds a lovers tiff between disgruntled ex employees.

Will keep checking in!!

Mr_MD

Just so you know. Even though I have dropped the sorry tale of the CAG response to my thread here and on Legalbeagles (A site which I believe that Mr Gander may be a contributor) there is silence. Maybe they are waiting for me to make a slanderous statement in order to take the moral high ground or that it will go away. It's unfortunate that silence in this case from the top isn't going to help and it will eventually turn into a festering ulcer of a problem as more questions are raised when all they need to do is contact the members, apologise and request they take appropriate steps, change password, username and possibly email address. For me that is more pragmatic than a continual line of complaints and ager because of their failure has led to members being attack with virus laden emails.

While I have been posting on other sites, I have encountered a problem with my CAG account. Restrictions have been placed on my account and I can no longer view or edit my profile to see if I have placed any sensitive info in the section. It is lucky that I managed to change my password and email before they took this silly step. All I can say is that CAG is heading for a serious fall due to a numpty or 2

Mr_MD

It's been kicking off over at legalbeagles. I seem to have hit a very sore nerve. You would think I have accused someone of being vicious sex offender instead of telling them that a hack has happened. Could be that their close links to CAG are something to do with it LOL

I have never seen such a spate of illogical defence and denial posts with pathetic and childish attacks and intimidation. It goes to show that when something goes wrong with sites that seize on other faults of others they go apoplectic and end up acting like the people they claim to to be battling in our interest.

I just don't understand why when things go wrong companies and organisations just put there hands up and find a way to move onto a solution instead of squealing and wriggling like a greased pig.

It just goes to show that when things go wrong sensibility goes out the window and headless chickens prevail