[Ansteorra] URGENT WARNING - Possible hacking or abuse of acceps contact emails

Haraldr Bassi ansteorra at haraldr.drakkar.org
Fri Aug 5 19:15:13 PDT 2011 

Hello Rhodri,

The email address I created and use in all my acceps registrations received email directed to it 
of a phishing type nature. Nine pieces of mail were received at almost the same time with the 
same subject and content.

That address has been used only with regards to acceps business. I've registered for Gulf Wars a 
couple times and several Ansteorran events (though not too many in the past few months IIRC due 
to a lack of acceps being setup for the events I've attended).

The phishing email was well crafted enough to make it look to the uninitiated that it could have 
been legitimate and it was directed at an address that should not have been accessible to anyone 
not associated with an acceps registration for an event. I've been an exchequer and autocrat so 
had seen the spreadsheet lists that are generated and know that the acceps system is also 
emailing to that address giving at least two vectors that a harvester could access the email 
addresses.

I don't recall whether I've ever used that address for any outgoing email (I might have used it 
for setting up acceps for an event I was involved with but I was more likely to create an event 
or officer only email address).

As there aren't hundreds of others also noticing strange emails to their accounts that have been 
used for acceps registrations nor have I received any to any of the hundreds of other addresses 
I've used and have available on my local system, I have to presume that the harvesting took 
place on the system of someone who received a list of acceps registrations, perhaps for a small 
event where only a few dozen registered, and that those people who also were harvested are 
likely to mistake this particular spam/phishing email as no different than any others they 
routinely get. Only someone who uses a unique address for every communication on the internet 
would have had any chance to identify a specific area where an address was harvested by a 
spammer/scammer as is the case here.

I've not seen any issue at all with the financial side of my acceps transactions, just that one 
set of phishing emails to the acceps@ address that I've used.

Thanks,
Haraldr

On 8/5/11 8:43 PM, Paul Foster wrote:
> Haraldr,
>
> When you say ACCEPS, do you mean when you are registering for an event, or
> when you are entering your credit card information to pay for the event?
> ACCEPS only gets registration information, which is kept in the database,
> and I agree with the admin, we have not been hacked.  Your payment
> information is entered to Verisign/Paypal.  We don't control that
> information in any way, not even to see it.  The email on the payment
> information is optional and I don't know if Paypal markets it in any way.
>
> The email address you enter to identify the registration is not provided to
> anyone.  That is only for internal use in case we need to contact someone
> about the registration.
>
> The only time email addresses are captured as part of the registration
> process are wars, like Gulf Wars.  Those addresses are sent to stewards /
> exchequers as part of the registration information.
>
> Rhodri
>
> On Tue, Aug 2, 2011 at 6:28 PM, Haraldr Bassi<ansteorra at haraldr.drakkar.org
>> wrote:
>
>> It is indeed possible that the address was harvested outside of the acceps
>> system, but the only place that address, which has acceps as part of the
>> email address, was ever used was in acceps and it would only have been
>> emailed inside of a spreadsheet to event stewards or exchequers. Not as
>> likely to have been harvested from a spreadsheet as from a Database
>> compromise or some other place. Don't know that I've ever emailed anyone
>> from that address, but it is possible that it ended up in someone's email
>> address book to be harvested.
>>
>> Haraldr
>>
>>
>> On 8/2/11 4:55 PM, Kerry Pratt wrote:
>>
>>> If Acceps had been hacked I doubt that person gaining your information
>>> would have any need to get you to a phishing
>>> site.  More likely, the address that you used, even though you used it
>>> exclusively on Acceps, was probably data mined
>>> from somewhere.  I will still have our server admin look into the
>>> possibility that the database has been compromised but
>>> I am fairly confident that it is just a phishing expedition, as you
>>> indicate in your letter.
>>>
>>> Everyone, please realize that, to the best of my knowledge, Acceps will
>>> NEVER send you an unsolicited email.  If you
>>> ever receive something, either from Acceps OR anyone else that says they
>>> represent this Kingdom, that you find to be
>>> questionable, please, feel free to ask me about it first.  I am more than
>>> willing to investigate any problem or email
>>> that may compromise the security of our system or attack our members.
>>>
>>> William Cameron deBlakstan
>>> Webminister, Ansteorra
>>>
>>> -----Original Message-----
>>> Sent: Tuesday, August 02, 2011 2:56 PM
>>> Subject: [Ansteorra] URGENT WARNING - Possible hacking or abuse of acceps
>>> contact emails
>>>
>>> Greetings,
>>>
>>> I've just received nine emails directly to a unique email address that I
>>> use exclusively for acceps payments. They imply
>>> a security issue that is being investigated (basic phishing attempt). I
>>> wouldn't follow any of the links in their email.
>>>
>>>
>>> ______________________________**_________________
>>> Ansteorra mailing list
>>> Ansteorra at lists.ansteorra.org
>>> In order to make changes and manage your account please go to:
>>> http://lists.ansteorra.org/**listinfo.cgi/ansteorra-**ansteorra.org<http://lists.ansteorra.org/listinfo.cgi/ansteorra-ansteorra.org>
>>>
>> ______________________________**_________________
>> Ansteorra mailing list
>> Ansteorra at lists.ansteorra.org
>> In order to make changes and manage your account please go to:
>> http://lists.ansteorra.org/**listinfo.cgi/ansteorra-**ansteorra.org<http://lists.ansteorra.org/listinfo.cgi/ansteorra-ansteorra.org>
>>
> _______________________________________________
> Ansteorra mailing list
> Ansteorra at lists.ansteorra.org
> In order to make changes and manage your account please go to:
> http://lists.ansteorra.org/listinfo.cgi/ansteorra-ansteorra.org

More information about the Ansteorra mailing list