PHD free sleeping bag scam

Talk about anything.

Moderators: Bearbonesnorm, Taylor, Chew

Post Reply
User avatar
PJG
Posts: 156
Joined: Thu Oct 06, 2016 9:09 am
Location: Stockport

PHD free sleeping bag scam

Post by PJG »

Anyone else had the email from PHd offering a free bag ?
One of the better scam emails I've seen, but a free PHd bag certainly sounded too good to be true !

Now concerned about what other personal data PHd had that are now in the hands of some Russian criminals...
User avatar
whitestone
Posts: 7847
Joined: Thu Dec 04, 2014 10:20 am
Location: Skipton(ish)
Contact:

Re: PHD free sleeping bag scam

Post by whitestone »

Not had the scam email but just after reading your post I received this from PHD.

"We have been alerted that some of our customers have been targeted by a spam email telling them they have won a sleeping bag and asking them to claim the bag by paying for postage.

This email did not originate from PHD.

We will never ask a customer to pay for postage to claim a prize.

The PHD Team
"
Better weight than wisdom, a traveller cannot carry
User avatar
JohnClimber
Posts: 3907
Joined: Fri Feb 17, 2012 10:41 pm

Re: PHD free sleeping bag scam

Post by JohnClimber »

Yes I got the email then later on got the spam.
Very pissed off as to how my details were given out but also very confused as to why both emailed came from the very same email address.
I've emailed them back asking how these 2 things could have happened
User avatar
whitestone
Posts: 7847
Joined: Thu Dec 04, 2014 10:20 am
Location: Skipton(ish)
Contact:

Re: PHD free sleeping bag scam

Post by whitestone »

Basically email spoofing, it's not the originating email address that's important but the links within the email, clicking on them could install malware etc.
Better weight than wisdom, a traveller cannot carry
User avatar
johnnystorm
Posts: 3947
Joined: Wed Nov 21, 2012 9:55 pm
Location: Eastern (Anglia) Front

Re: PHD free sleeping bag scam

Post by johnnystorm »

Blimey. A properly niche phishing expedition.
Image
ericrobo
Posts: 500
Joined: Tue Feb 26, 2013 6:40 pm
Location: West Pennine Moors
Contact:

Re: PHD free sleeping bag scam

Post by ericrobo »

Yep got the free sleeping bag offer and straight after one from PHD issuing the warning
( I wasn’t going to click that link - no way)

But John’s right, there must have been a breach somewhere for them to get access to PHD’s customers, but I wonder if that breach happened not within PHD’s systems but sub-systems which its system has used....

which is no excuse and is not good enough.

PHD should investigate AND let people know what happened (without giving anything away if that’s possible)
User avatar
whitestone
Posts: 7847
Joined: Thu Dec 04, 2014 10:20 am
Location: Skipton(ish)
Contact:

Re: PHD free sleeping bag scam

Post by whitestone »

Depending on the systems involved it might not be immediately apparent what the entry point was. The server logs should give a clue but the breach might have been some time ago and the criminals have been waiting to send out the spam. They could have been trying to crack passwords for example. Interesting/strange that they didn't spam everyone so there might have been some filtering going on - nothing appeared in my spam folder (several other ones appeared today but not one from PHD).
Better weight than wisdom, a traveller cannot carry
User avatar
Matt
Posts: 1634
Joined: Thu Jun 23, 2011 10:31 am

Re: PHD free sleeping bag scam

Post by Matt »

Clever though...

Hack PHD small company with probably not the greatest IT and fairly high value products... pick up a few 1000 emails and send a phishing scam asking for postage.

PHD need to acknowledge how they got the customer email addresses though.
User avatar
JohnClimber
Posts: 3907
Joined: Fri Feb 17, 2012 10:41 pm

Re: PHD free sleeping bag scam

Post by JohnClimber »

Email just in from PHD...........

Dear PHD Customer

Unfortunately, as is increasingly common these days, PHD have been targeted by hackers. They have stolen some of our customers’ email and postal address (but NOT debit/credit card details).*

They also targeted our website with a distributed denial-of-service attack.

If you have received an email asking you to pay for postage to receive a free sleeping bag, DO NOT input your debit/credit card details. This is a phishing email intended to try to harvest your debit/credit card details.

If you have inputted your debit/credit card details on the phishing website to try to claim the free sleeping bag, please contact your bank as soon as possible to tell them that your card details may have been stolen.

We have already spoken with a security expert, the UK police and our web hosting company and are working hard to find out more about how this attack took place.

The PHD Team

[Apologies for cross-posting, but we wanted to make sure all our customers received the latest information on this attack as soon as possible]

* We do not hold any of our customers’ debit/credit card details. All transactions are passed through our payment provider PayPoint.
User avatar
whitestone
Posts: 7847
Joined: Thu Dec 04, 2014 10:20 am
Location: Skipton(ish)
Contact:

Re: PHD free sleeping bag scam

Post by whitestone »

Matt wrote:Clever though...

Hack PHD small company with probably not the greatest IT and fairly high value products... pick up a few 1000 emails and send a phishing scam asking for postage.

PHD need to acknowledge how they got the customer email addresses though.
Probably a script that tests every business/site for unpatched vulnerabilities. A DDOS attack on such a business is unusual though unless there was some form of blackmail following it.
Better weight than wisdom, a traveller cannot carry
User avatar
whitestone
Posts: 7847
Joined: Thu Dec 04, 2014 10:20 am
Location: Skipton(ish)
Contact:

Re: PHD free sleeping bag scam

Post by whitestone »

This email just came through:

"Following up from the emails we have sent over the last few days about the hacking attack on PHD’s website, we are writing again with some new information.

The database that the hackers gained access to included the passwords (in encrypted form) used by PHD customers to login to their account on PHD’s main website.

If you are a PHD customer who has an account on our main website we would, therefore, advise you to change your password. Furthermore, if you use that same password on other sites we would advise you to change it on those sites too.

We have taken extra security measures on our website and both the web hosting company and the Cybercrime unit for North Yorkshire Police are currently investigating the situation.
"
Better weight than wisdom, a traveller cannot carry
User avatar
In Reverse
Posts: 1819
Joined: Mon Oct 12, 2015 9:08 pm
Location: Manchester

Re: PHD free sleeping bag scam

Post by In Reverse »

Anyone know how long delivery takes on the free bag? Can imagine they've got a lot of demand!
User avatar
PJG
Posts: 156
Joined: Thu Oct 06, 2016 9:09 am
Location: Stockport

Re: PHD free sleeping bag scam

Post by PJG »

In Reverse wrote:Anyone know how long delivery takes on the free bag? Can imagine they've got a lot of demand!
If you give me your address, credit card details, Mothers maiden name, DoB, then I'll find out for you Andy !
Post Reply