User Tag List

Results 1 to 6 of 6
  1. #1
    Regular Member
    Join Date
    Feb 2008
    Location
    UK
    Posts
    2,178
    Mentioned
    28 Post(s)
    Tagged
    0 Thread(s)

    Default security leak or personal details sold from MBS

    Unfortunately I am getting spam (actually phishing scam) from an address only used with mybadmintonstore. If you have used them and share account details with other sites I would advise changing them.
    Last edited by amleto; 11-16-2014 at 06:10 PM.

  2. #2
    Regular Member
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    3,038
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)

    Default

    Yikes! Thanks for the tip!

  3. #3
    Regular Member visor's Avatar
    Join Date
    Dec 2009
    Location
    Vancouver, BC
    Posts
    10,833
    Mentioned
    155 Post(s)
    Tagged
    1 Thread(s)

    Default

    Did the phishing email come from MBS directly or from some other email address?

    Ime, phishing usually comes from Russia or eastern European countries (apologies, no offence to those players on the forum).

    So your Internet provider usually has good software that blocks spam from those areas. If any slips thru to you , it's easy to add that to your Internet provider's database.

  4. #4
    Regular Member
    Join Date
    Feb 2008
    Location
    UK
    Posts
    2,178
    Mentioned
    28 Post(s)
    Tagged
    0 Thread(s)

    Default

    It didn't come directly from mbs:

    PHP Code:
    Delivered-Tospam123+mbs@xxxxxx.co.uk
    Received
    by 10.195.12.67 with SMTP id eo3csp196641wjd;
            
    Sun26 Oct 2014 13:03:23 -0700 (PDT)
    X-Receivedby 10.107.131.85 with SMTP id f82mr4344313iod.31.1414353803278;
            
    Sun26 Oct 2014 13:03:23 -0700 (PDT)
    Return-
    Path: <fuaa@softmagic.int-software.com>
    Receivedfrom softmagic.int-software.com ([204.187.101.58])
            
    by mx.google.com with ESMTPS id l10si10027882igk.0.2014.10.26.13.03.22
            
    for <spam123+mbs@xxxxxxxx.co.uk>
            (
    version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
            
    Sun26 Oct 2014 13:03:23 -0700 (PDT)
    Received-SPFnone (google.comfuaa@softmagic.int-software.com does not designate permitted sender hostsclient-ip=204.187.101.58;
    Authentication-Resultsmx.google.com;
           
    spf=neutral (google.comfuaa@softmagic.int-software.com does not designate permitted sender hostssmtp.mail=fuaa@softmagic.int-software.com
    Received
    from fuaa by softmagic.int-software.com with local (Exim 4.82)
        (
    envelope-from <fuaa@softmagic.int-software.com>)
        
    id 1XiU20-0006Ra-0r
        
    for spam123+mbs@xxxxxxx.co.ukSun26 Oct 2014 16:03:16 -0400
    To
    spam123+mbs@xxxxxxxx.co.uk
    Subject
    : =?UTF-8?Q?Confirmation_of_your_Card=21?=
    X-PHP-Scriptfuaa.org/h.php for 154.106.203.25
    Date
    Sun26 Oct 2014 16:03:15 -0400
    From
    : =?UTF-8?Q?Pay_pal?= <updting@softmagic.int-software.com>
    Message-ID: <2956cf4230639f2bde8853a10d727117@fuaa.org>
    X-Priority3
    MIME
    -Version1.0
    Content
    -Transfer-Encodingquoted-printable
    Content
    -Typetext/htmlcharset="us-ascii"
    X-AntiAbuseThis header was added to track abuseplease include it with any abuse report
    X
    -AntiAbusePrimary Hostname softmagic.int-software.com
    X
    -AntiAbuseOriginal Domain chaoticmirage.co.uk
    X
    -AntiAbuseOriginator/Caller UID/GID - [586 587] / [47 12]
    X-AntiAbuseSender Address Domain softmagic.int-software.com
    X
    -Get-Message-Sender-Viasoftmagic.int-software.comauthenticated_idfuaa/primary_hostname/system user

    <div id=3D"bodyreadMessagePartBodyControl1304f" class=3D"ExternalClass MsgB=
    odyContainer" 
    data-link=3D"class{:~tag.cssClasses(PlainText, IsContentFilte=
    red)}"
    ><span class=3D"ecxtext_lightblue_header" style=3D"color:#009CDE;font=
    -size:42px;"
    >C&#959;nfirm that you're the owner of the accοunt</span><=
    br>

          <
    br>

          <
    span style=3D"color:#717074;font-size:14px;line-height:21px;">Dear v=
    alued customer,</span><br>
    <
    br>
    <
    span style=3D"color:#717074;font-size:14px;line-height:21px;"><brSomeone=
     
    l&#959;gin to your accοunt from : 212.55.61.5 <br><br><br><strong>Wha=
    do I=20
    need to 
    do?</strong><br>
    <
    ul><li>=20
    =20
    =09 =09<a href=3D"<dodgy url here>
    style=3D"color:#009CDE;font-size:14px;text-decoration:none;font-weight:bo=
    ld;" 
    target=3D"_blank">Click here</ato c&#959;nfirm that you are the acc&=
    #959;unt owner <a href=3D"dodgy url" style=3D"color:#009CDE;font=
    -size:14px;text-decoration:none;font-weight:bold;" target=3D"_blank"></a></=
    li><li>=20
    =20
    =20
    =20
    =09 =09Cοnfirm that you're the owner of the accοunt, and then fol=
    low the instructions.                                 </li><li>=20
    =20
    =20
    =20
    =09 =09cοnfirm all information, and then access your accοunt as n=
    ormal
     </li></ul>

     <br><br>
    <strong>Yours sincerely,<br>
    ΡayΡal </strong></span>
    </div> 

  5. #5
    Regular Member
    Join Date
    Jun 2004
    Location
    London, UK
    Posts
    1,462
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)

    Default

    Have you told MBS about this?

  6. #6
    Regular Member
    Join Date
    Feb 2008
    Location
    UK
    Posts
    2,178
    Mentioned
    28 Post(s)
    Tagged
    0 Thread(s)

    Default

    No, I thought I'd leave them in the dark...


    They have ignored my e-mail on the topic.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •