Archived posting to the Leica Users Group, 2010/05/01

[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]

Subject: [Leica] OT: Is this a Sophisticated Phishing Attempt?
From: mark at whitedogs.co.uk (Mark Pope)
Date: Sat, 01 May 2010 10:14:34 +0100
References: <938d53e3688448ba963f9ff6758fff31@arstechnica.com> <D30A7FF8-AB3E-4D0E-89D2-32745F9C1ABF@mac.com>

Hugh,

Until now, I hadn't heard of ars technica.
Their site looks as if it is genuine - just another technology 
review/news site.
When I googled 'ars technica' on the first things that came up was a 
message saying that their user database had been hacked.  The google URL 
was 
http://benchmarkreviews.com/index.php?option=com_content&task=view&id=9981&Itemid=47

The domain looks genuine - it's been around since 1998.  So, if you have 
used this site in the past and had a signon, then it's likely that the 
email is genuine.  When you hover on the link in the original email, 
what's the URL that pops up in the bottom of the email client?

The phishing attempts I have seen will show a link to 
http://www.xyzorwhatever.com but the actual URL is something like 
http://www.SomethingElseCompletelyDifferent.ru(or somewhere else)

Cheers


Mark



Mark Pope,
Swindon, Wilts
UK

Homepage               http://www.monomagic.co.uk
Blog                   http://www.monomagic.co.uk/blog
Picture a week (2010)  http://www.monomagic.co.uk/index.php?gallery=paw/2010
Picture a week (2009)  http://www.monomagic.co.uk/index.php?gallery=paw/2009
                (2008) 
http://www.monomagic.co.uk/index.php?gallery=paw/2008


Hugh Thompson wrote:
> WARNING - this came to the mailbox I use for the LUG.  Never seen this 
> type of issue before, but others may have.  Checked Ars Technica web 
> sites at:
> 
> http://arstechnica.com/
> http://arstechnica.com/apple/
> 
> ..... without clicking on the link below, the open forum does not have 
> an immediate heads up.  Do you think the site has been compromised?
> 
> Hugh
> 
> Begin forwarded message:
> 
>> From: civis at arstechnica.com
>> Date: April 30, 2010 8:34:33 PM GMT+04:30
>> To: undisclosed-recipients: ;
>> Subject: Alert: Old forum provider compromised, private registration 
>> emails harvested
>> Reply-To: civis at arstechnica.com
>>
>> The following is an e-mail sent to you by an administrator of "Ars 
>> Technica
>> OpenForum". If this message is spam, contains abusive or other 
>> comments you
>> find offensive please contact the webmaster of the board at the following
>> address:
>>
>> civis at arstechnica.com
>>
>> Include this full e-mail (particularly the headers).
>>
>> Message sent to you follows:
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Hello,
>>
>> You are receiving this message because you have a registered an Ars
>> Technica account with this email address.
>>
>> Our previous forum provider (Social Strata, formerly known as Groupee and
>> Infopop) had a server hacked recently, and has advised us that private
>> registration email addresses were harvested.  These included email
>> addresses for anyone who registered with Ars Technica while we were still
>> using their services.  In addition, the rooted server was used to send 
>> out
>> at least one mass phishing attempt.
>>
>> Although Groupee/Social Strata tells us that no password information 
>> of any
>> kind was accessible from that server, we still recommend that you change
>> your Ars Technica password (and any account on a third party site you use
>> that password with) just to be safe.
>>
>> We became aware of this issue this morning and are following up with
>> Groupee/Social Strata to see if we can get more details and assurances on
>> the scope of the compromise.  We have also requested that they purge all
>> Ars Technica data from their systems so future problems don't affect our
>> users.
>>
>> We apologize for any inconvenience this may have caused.  If you would 
>> like
>> to read further updates on this issue, please see the active announcement
>> we have in our new forums:
>> http://arstechnica.com/civis/viewtopic.php?f=3&t=1108748
>>
>> Please contact us with any questions.
>>
>> Thanks,
>> Kurt Mackey
>> Technical Directory, Ars Technica
>>
>>
>> -- 
> 
> hewthompson at mac.com
> Kabul, Afghanistan
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Leica Users Group.
> See http://leica-users.org/mailman/listinfo/lug for more information


In reply to: Message from hewthompson at mac.com (Hugh Thompson) ([Leica] OT: Is this a Sophisticated Phishing Attempt?)