POSSIBLE Eurospares data breach: Please read, carefully

[CatmanV2]

Hi all

As some of you may know, I run secure websites for companies such as Asda and House Of Fraser. I've been in IT for a while now (20+ years) and I've delivered security systems to comply with the payment card industry standards and data protection act. Not bragging just stating my bona fides.

One of the things I do, because I have my own domain registered, is use unique addresses for all the companies I deal with typically dell@mydomain or eurospares@mydomain.

That way, if I get spam to one of these addresses it's a) easy to filter, and b) I can see who has lost / sold my data.

Just now I have a classic Companies house phishing email delivered to my eurospares@ email address.

That address has never been given to anyone other than eurospares.

I have tried to mail them to tell them of my suspicions, but all my emails are bouncing as rejected by spam filters.

I *suspect* therefore, they've had a breach.

I'll give them a call in a minute, see if I can get through, but I invite you all to check your account details and be very careful of phishing emails.

This has been a public (I hope) information posting.

C

 

[CatmanV2]

Annnd they don't want to talk to me.

Oh well.

C

 

[TridentTested]

One of the things I do, because I have my own domain registered, is use unique addresses for all the companies I deal with typically dell@mydomain or eurospares@mydomain.

That way, if I get spam to one of these addresses it's a) easy to filter, and b) I can see who has lost / sold my data.

I do the same for the same reason.

Poor show if they are selling on our details. Thanks for the heads up.

 

[safrane]

Had a email with a competition from them for cinema tickets for Rush yesterday??? Is this anything to do with this?

 

[CatmanV2]

Had a email with a competition from them for cinema tickets for Rush yesterday??? Is this anything to do with this?

I don't think so. I got the same mail, looks like marketing puff.

The Companies house one is about the 5th I've got similar, all alleging a complaint raised against you (which wouldn't come from Companies House anyway) and both inviting you to log in to a link provided in the email, and to view the conveniently attached complaint in a zipped file.

C

 

[2b1ask1]

Oh that is rather silly if they are forwarding details, they are not going to win any friends that way...

 

[Parisien]

Not good......hope its just a glitch and nothing more serious


P

 

[Simon]

Hi, did you actually do IT work for Eurospares or do you just use that email system for all your online transactions?

 

[hodroyd]

Sounds like they have a security issue..??

 

[CatmanV2]

Hi, did you actually do IT work for Eurospares or do you just use that email system for all your online transactions?

If you're adressing me, Simon, neither.
I do security work (among other stuff) for rather large companies than Eurospares. I know they are the only people that have that address so the logic is pretty simple, even without experience

C

 

[CatmanV2]

Sounds like they have a security issue..??

I think so, Mike. Selling addresses to the kind of malware distributors that sent the companies house email is not really something that happens.
What I'm peeved about is that they don't want to talk about it. I guess it's now weather I bother to go to the ICO, or not.
Probably not, unless anyone else has got a similar email?

C

 

[Chrisbassett]

Get stuff like that all the time, Chris, but didn't give eurospares a different email address so can't tell if any are through them. A few came for an email address that only BT has from about 6 years ago the other day...that made me laugh.

 

[Gary687]

Hi guys

With regards to this I've been getting smashed over the past 2 weeks with such things and was doing the routine 'delete' and just grumbling under my breath about them all but reading this post, I did a check and saw I contacted Eurospares and swapped a couple of emails on 11th September - not long after this I started getting hammered with about 5 a day whereas before I wasn't getting any at all. Like Chris above I didn't give a different address so can't pin it down to them but it seems too much of a coincidence now??

G

 

[CatmanV2]

The Companies House phishing started couple of weeks back as a new approach to get malware infection, so it's more of change of approach. If you've not been getting *anything* though, up until then, I'd be very suspicious

I'm further disappointed that they've not responded to my web form, or indeed, on here.

Still..

C

 

[CatmanV2]

And now I am getting 'invoices' to that same address.

C

 

[allandwf]

I've been getting loads from Amazon and UPS recently, "with regards your shipment, please click the above link".( a handy zip file also.)

 

[hodroyd]

I report anything like that to the scams online people,, scams@fraudwatchinternational.com

 

[Chrisbassett]

I report anything like that to the scams online people,, scams@fraudwatchinternational.com

They can have 90% of the 3000+ emails I just deleted from my junk mail folder...if it wasn't for spam filters I'd spend more time deleting emails than reading them. Apparently I've been signed up for Facebook a couple of times, but can't tell much about it as they are all in Arabic, and the number of people sending me "incoming fax" messages is quite hilarious.

 

[Felonious Crud]

Don't be too hasty, Chris.. you might miss out on the chance to Help my Esteemed Friend Colonel Mr. Very High-Ranking to move some Monies from Kenya, which is Completely Legal. Please will you just share some Personal Details so the Money can be moved to your Personal and Distinguished Bank account?

 

[Chrisbassett]

Don't be too hasty, Chris.. you might miss out on the chance to Help my Esteemed Friend Colonel Mr. Very High-Ranking to move some Monies from Kenya, which is Completely Legal. Please will you just share some Personal Details so the Money can be moved to your Personal and Distinguished Bank account?

I'm lucky in that I now know that...

هلو عباس اليوم اخويه جاوب عليك هم زين ما عرفك انت شلون تخابر قبل غير لمن نسولف لمن نتفق على وقت المخابره هم زين ما شك بيه ليش هيج عباس ليش جا وسه اني مبسوطه

...apparently - facebook tells me so, to an account I never created, but receive emails for. No idea what it means.

Sorry if this does't show up on your computer...it's a bunch of arabic text.

Edit: Google translate says that apparently I am joyous. Yay!