PSA: change your fedex.com account logins
I received a credit card scam addressed to my one-off unique address registered to fedex.com. So it seems fedex.com user database has been compromised. Change your logins asap. -Dan
Possibly. The other possibility I can think of is that you succumbed to a phishing scheme where are you entered the login information for your Fed ex account.
On May 30, 2019, at 4:12 PM, Dan Hollis <goemon@sasami.anime.net> wrote:
I received a credit card scam addressed to my one-off unique address registered to fedex.com.
So it seems fedex.com user database has been compromised. Change your logins asap.
-Dan
Phishing scheme didn't happen. fedex has had a number of major compromises so it's not a stretch that their user database was stolen and sold to spammers. -Dan On Thu, 30 May 2019, Matt Hoppes wrote:
Possibly. The other possibility I can think of is that you succumbed to a phishing scheme where are you entered the login information for your Fed ex account.
On May 30, 2019, at 4:12 PM, Dan Hollis <goemon@sasami.anime.net> wrote:
I received a credit card scam addressed to my one-off unique address registered to fedex.com.
So it seems fedex.com user database has been compromised. Change your logins asap.
-Dan
Dan Hollis wrote:
Phishing scheme didn't happen.
fedex has had a number of major compromises so it's not a stretch that their user database was stolen and sold to spammers.
The other possibility is that your one-off email scheme is predictable, and someone knows you use FedEx, and that someone is targeting specifically you, and this obvious phishing email is a red herring for the exploit you didn't see. Be concerned. -- S.C.
Oh for fucks sake. Really? You two are questioning someone who subscribes to Nanog over Fedex? You really think it's more likely that someone is targeting Dan Hollis (whoever he is) instead of Fedex leaving something else exposed? On Thu, May 30, 2019 at 11:39 PM Scott Christopher <sc@ottie.org> wrote:
Dan Hollis wrote:
Phishing scheme didn't happen.
fedex has had a number of major compromises so it's not a stretch that their user database was stolen and sold to spammers.
The other possibility is that your one-off email scheme is predictable, and someone knows you use FedEx, and that someone is targeting specifically you, and this obvious phishing email is a red herring for the exploit you didn't see.
Be concerned.
-- S.C.
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Is it possible, yes. I've seen it several times now at my place of work. Targeted attacks are a thing. On Fri, May 31, 2019 at 2:53 AM Mike Hale <eyeronic.design@gmail.com> wrote:
Oh for fucks sake.
Really?
You two are questioning someone who subscribes to Nanog over Fedex? You really think it's more likely that someone is targeting Dan Hollis (whoever he is) instead of Fedex leaving something else exposed?
On Thu, May 30, 2019 at 11:39 PM Scott Christopher <sc@ottie.org> wrote:
Dan Hollis wrote:
Phishing scheme didn't happen.
fedex has had a number of major compromises so it's not a stretch that their user database was stolen and sold to spammers.
The other possibility is that your one-off email scheme is predictable,
and someone knows you use FedEx, and that someone is targeting specifically you, and this obvious phishing email is a red herring for the exploit you didn't see.
Be concerned.
-- S.C.
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-- Sincerely, Jason W Kuehl Cell 920-419-8983 jason.w.kuehl@gmail.com
Date: Friday, May 31, 2019 08:04:13 -0400 From: Jason Kuehl <jason.w.kuehl@gmail.com
Is it possible, yes. I've seen it several times now at my place of work. Targeted attacks are a thing.
Dan Hollis wrote:
Phishing scheme didn't happen.
fedex has had a number of major compromises so it's not a stretch that their user database was stolen and sold to spammers.
When I have looked into this type of issue for my unique addressing some did trace back to back-end db hacks (e.g., adobe), but I found that the most likely culprit was the 3rd-party bulk mailer that handled the organization's marketing mail. It could be a non-zeroed disk thrown into the trash or an inside job, but it almost always traced back to one or two bulk mailing companies.
On May 31, 2019, at 2:17 PM, Richard <lists-nanog@listmail.innovate.net> wrote:
Date: Friday, May 31, 2019 08:04:13 -0400 From: Jason Kuehl <jason.w.kuehl@gmail.com
Is it possible, yes. I've seen it several times now at my place of work. Targeted attacks are a thing.
Dan Hollis wrote:
Phishing scheme didn't happen.
fedex has had a number of major compromises so it's not a stretch that their user database was stolen and sold to spammers.
When I have looked into this type of issue for my unique addressing some did trace back to back-end db hacks (e.g., adobe), but I found that the most likely culprit was the 3rd-party bulk mailer that handled the organization's marketing mail. It could be a non-zeroed disk thrown into the trash or an inside job, but it almost always traced back to one or two bulk mailing companies.
The most common issue for quite a while was malware on the windows desktops of employees with access to the companies ESP account. The web browser saves username and password to autofill the ESPs web interface in a very predictable place. Malware exfiltrates that. Bad guys compromise ESP account, download all the lists they can find (and then start spamming on the company dime). That's why ESPs pushed quite so hard to get multifactor authentication of some sort adopted by their customers. But a lot of them didn't do that (partly, I suspect, because the ESP account was accessed by multiple employees) and even if they did that didn't stop the lists that had already been downloaded. Actual compromises of the ESP, or bad behaviour of it's employees, seem to be rather rare but customer account compromise is everywhere. Cheers, Steve
On Fri, May 31, 2019 at 01:17:19PM +0000, Richard wrote:
When I have looked into this type of issue for my unique addressing some did trace back to back-end db hacks (e.g., adobe), but I found that the most likely culprit was the 3rd-party bulk mailer that handled the organization's marketing mail. It could be a non-zeroed disk thrown into the trash or an inside job, but it almost always traced back to one or two bulk mailing companies.
FYI, I've been running numerous experiments in this area for many years using unique non-guessable non-typo'able addresses. Explaining the results in full would take many pages, so let me summarize: 3rd party bulk mailers leak like sieves. "How?" remains an open question: could be that they're selling, could be that they have security issues, could be that insiders are selling on their own, could be any number of things: it's really not possible to say. But they are unquestionably leaking. This is hardly surprising: many of them are spammers-for-hire, many of them use invasive tracking/spyware, and none of them actually care in the slightest about privacy or security -- after all, it's not *their* data, why should they? Which are some of the many reasons that outsourcing your mailing lists is a terrible idea, doubly so when it's quite easy to run your own with Mailman (or equivalent). ---rsk
* rsk@gsp.org (Rich Kulawiec) [Fri 31 May 2019, 16:18 CEST]: [...]
This is hardly surprising: many of them are spammers-for-hire, many of them use invasive tracking/spyware, and none of them actually care in the slightest about privacy or security -- after all, it's not *their* data, why should they?
Which is why we now have GDPR. Care, or get fined.
Which are some of the many reasons that outsourcing your mailing lists is a terrible idea, doubly so when it's quite easy to run your own with Mailman (or equivalent).
Unfortunately it's not that easy; the few large remaining mail hosters at best have opaque procedures when it comes to accepting mail. -- Niels.
On 31/05/2019 16:02, Niels Bakker wrote:
* rsk@gsp.org (Rich Kulawiec) [Fri 31 May 2019, 16:18 CEST]: [...]
This is hardly surprising: many of them are spammers-for-hire, many of them use invasive tracking/spyware, and none of them actually care in the slightest about privacy or security -- after all, it's not *their* data, why should they?
Which is why we now have GDPR. Care, or get fined.
Not quite so simple, though, is it. If you want to make a complaint then you have to get your EU national data protection regulator interested. Even the worst-leaking ESPs are unlikely to generate many complaints, I suspect. And if they are located outside the EU with no direct business presence within the EU then it requires the regulator to make approaches to foreign governments who might or might not be willing to cooperate. In the UK the data protection regulator is the ICO <www.ico.org.uk> and, whilst it is perhaps one of the better UK regulatory agencies, I still wouldn't hold out much hope of getting them to do anything like this (where multiple levels of evidence would need to be collected) in individual cases.
Unfortunately it's not that easy; the few large remaining mail hosters at best have opaque procedures when it comes to accepting mail.
Sadly so but I think that if you have a decent and consistent volume (and follow all the usual good hygiene requirements) then it should be possible to get on their automated radar in a positive way. It seems to me that it's small volume senders who have the real deliverability problems. -- Mark Rousell
On 2019-06-02 00:51, Mark Rousell wrote:
On 31/05/2019 16:02, Niels Bakker wrote:
Which is why we now have GDPR. Care, or get fined.
Not quite so simple, though, is it. If you want to make a complaint then you have to get your EU national data protection regulator interested.
What seems to help in individual cases is to reply to real but otherwise unwanted mails and remind the sender of GDPR violation. I got several sources to stop sending me such mails. When using a templated answer, it takes 5 seconds to do so. Also, the correspondence may come handy later, should evidence need to be presented. Robert
The one-off email scheme is not predictable. It is randomly generated string of characters. $ ./randgen jvtMDluV0lwnlY5O So you can totally eliminate that possibility entirely. -Dan On Fri, 31 May 2019, Jason Kuehl wrote:
Is it possible, yes. I've seen it several times now at my place of work. Targeted attacks are a thing.
On Fri, May 31, 2019 at 2:53 AM Mike Hale <eyeronic.design@gmail.com> wrote:
Oh for fucks sake.
Really?
You two are questioning someone who subscribes to Nanog over Fedex? You really think it's more likely that someone is targeting Dan Hollis (whoever he is) instead of Fedex leaving something else exposed?
On Thu, May 30, 2019 at 11:39 PM Scott Christopher <sc@ottie.org> wrote:
Dan Hollis wrote:
Phishing scheme didn't happen.
fedex has had a number of major compromises so it's not a stretch that their user database was stolen and sold to spammers.
The other possibility is that your one-off email scheme is predictable,
and someone knows you use FedEx, and that someone is targeting specifically you, and this obvious phishing email is a red herring for the exploit you didn't see.
Be concerned.
-- S.C.
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-- Sincerely,
Jason W Kuehl Cell 920-419-8983 jason.w.kuehl@gmail.com
You’d be surprised how often nation-states use essentially phishing scams. -Ben Cannon CEO 6x7 Networks & 6x7 Telecom, LLC ben@6by7.net <mailto:ben@6by7.net>
On May 31, 2019, at 5:04 AM, Jason Kuehl <jason.w.kuehl@gmail.com> wrote:
Is it possible, yes. I've seen it several times now at my place of work. Targeted attacks are a thing.
On Fri, May 31, 2019 at 2:53 AM Mike Hale <eyeronic.design@gmail.com <mailto:eyeronic.design@gmail.com>> wrote: Oh for fucks sake.
Really?
You two are questioning someone who subscribes to Nanog over Fedex? You really think it's more likely that someone is targeting Dan Hollis (whoever he is) instead of Fedex leaving something else exposed?
On Thu, May 30, 2019 at 11:39 PM Scott Christopher <sc@ottie.org <mailto:sc@ottie.org>> wrote:
Dan Hollis wrote:
Phishing scheme didn't happen.
fedex has had a number of major compromises so it's not a stretch that their user database was stolen and sold to spammers.
The other possibility is that your one-off email scheme is predictable, and someone knows you use FedEx, and that someone is targeting specifically you, and this obvious phishing email is a red herring for the exploit you didn't see.
Be concerned.
-- S.C.
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-- Sincerely,
Jason W Kuehl Cell 920-419-8983 jason.w.kuehl@gmail.com <mailto:jason.w.kuehl@gmail.com>
participants (12)
-
Ben Cannon -
Dan Hollis -
Jason Kuehl -
Mark Rousell -
Matt Hoppes -
Mike Hale -
Niels Bakker -
Rich Kulawiec -
Richard -
Robert Kisteleki -
Scott Christopher -
Steve Atkins