Phishing emails sent with Reply-To ichiban1.org

Members may post in this forum, but anyone may read posts.

Moderators: Jim Sheppard, RJ_Smith

Phishing emails sent with Reply-To ichiban1.org

Postby Jim Sheppard » Tue Jun 09, 2015 12:33 am

Our seldom used email account at Inchiban1.org has been hacked.

If you receive mail from any Ichiban1.org identity asking you to open a link, please delete the email message. I believe Jimmy Segars and John Topper's accounts are being used to send people messages.

The issue has been turned over to our website expert...RJ Smith for a remedy.

[Note from R. J.] Thanks for the heads up everyone! I don't believe the website is compromised, rather, this is a typical spam email that is using publicly available usernames from the ichiban1.org contact page. Anyone can send an email with anyone's name and address in the "Reply To" field, but if you look at the message header it came from a foreign email server and source. Best policy is to never follow links or open attachments if you're not expecting them :).

This particular mail linked to a site where you were supposed to enter your email address and passwords to "access" the (non-existent) files. Basically they're trying to get people's Yahoo, Hotmail, GMail, AOL, or other account login information.

The only email address from the website is ichiban1@ichiban1.org, and it is only used to send out registration confirmations when someone signs up. If you ever get an email from "@ichiban1.org", it is 99.99% fake.
User avatar
Jim Sheppard
Moderator
 
Posts: 624
Joined: Tue May 26, 2009 5:24 am

Re: Ichiban1 website mail compromised

Postby harley hawkins » Tue Jun 09, 2015 9:49 am

I got an e-mail from that account last night Jim. I thought it strange so I deleted it . Thanks for the heads up.


Harley Mick Hawkins
harley hawkins
Ruby poster
 
Posts: 194
Joined: Fri Jul 24, 2009 11:06 pm

Re: Ichiban1 website mail compromised

Postby Jim Sheppard » Tue Jun 09, 2015 2:01 pm

From RJ:

Hi Jim!

No hack that I can see - the email address "jimsegar@ichiban1.org" doesn't exist and the admin mailbox hasn't sent or received anything. The address and name are probably just spoofed using information from the public email page on the website. The email actually came from a server in UAE near Abu Dhabi. You can change the "from" email settings to make it look like an email came from anyone pretty easily, though if you look in the message header you can find where it really came from.

Just your basic "phishing" attack using public information :)

R. J.
User avatar
Jim Sheppard
Moderator
 
Posts: 624
Joined: Tue May 26, 2009 5:24 am


Return to Public Forum

Who is online

Users browsing this forum: No registered users and 56 guests

cron