Phishing via ukc

New Topic
This topic has been archived, and won't accept reply postings.
 Tom Blake 17 Nov 2021
Thanks for this report. We are aware and have put a stop to the email. See the other thread - here

Hi,

User Clemeflame has sent me a phishing email. 

Please DO NOT click any links sent to you unexpectedly from any source, including ukc via this user. 

I have reported this thread to ukc mods so they see the content. 

Stay (digitally) safe all.

 miffyl 17 Nov 2021
In reply to Tom Blake:

I've also got one from coimacosquan

https://www.ukclimbing.com/user/profile.php?id=329791

 Lucian 17 Nov 2021
In reply to miffyl:

And from glosingetem …

 Kean 17 Nov 2021
In reply to Tom Blake:

Had three in the last 2 hours...all different "registered users". Sent a message to the Mods.

Also site keeps "hanging" in a way I've never seen before...

Post edited at 05:34
 coinneach 17 Nov 2021
In reply to Kean:

Me too . . . From aboslanlio

 Lucian 17 Nov 2021
In reply to Kean:

Same here, Error 500.

 AndyC 17 Nov 2021
In reply to Tom Blake:

I got mine from this one...

UKC Users - lilaligsi (ukclimbing.com)

https://www.ukclimbing.com/user/profile.php?id=342708

Must be a slow night in the phishing bizniss!

 Lucian 17 Nov 2021
In reply to AndyC:

They all joined in the same day, today, so most likely programmatically not through user interface, so probably parts of the forum are hacked.

1
 james mann 17 Nov 2021
In reply to Tom Blake:

User: Stinuncauge

8aldon.ammar.3i@mphaotu.com

has sent me similar too

James

 Jim Climber 17 Nov 2021
In reply to james mann:

+1

stagmelane • marwa-d@ttdesro.com

 65 17 Nov 2021
In reply to Tom Blake:

I had two, deleted immediately. Definitely a good idea to check out a user's forum history before  opening any unsolicited email from here now. A pox on phishers and scammers.

 Stroppy 17 Nov 2021
In reply to Tom Blake:

And me. 'acamcurfig'

 arc_73 17 Nov 2021
In reply to Tom Blake:

3 so far from

consbilenpen

duiclavinad

buemucoara

 BusyLizzie 17 Nov 2021
In reply to Tom Blake:

Got one from some oaf called tamolona.

 PACMAN2428 17 Nov 2021
In reply to Tom Blake:

And another....

User Name of this lizard is: Jacmanpovio, profile created TODAY, title of email: 'We Give U Second to None Billionaire Advices to 16 Lucky Persons'. [sic]

 AliHammond 17 Nov 2021
In reply to Tom Blake:

celmendecau • oomar.mahmoud367n@dluerei.com

 Stegosaur 17 Nov 2021
In reply to Tom Blake:

Temporary fix:

Click the person icon top right

Click User Options

Emails:

Who can send you emails?

Tick "No-one"

Click save

Post edited at 07:30
 teknojon 17 Nov 2021
In reply to Tom Blake:

ditto

hissutiotuo & ID: 3D334677

Plus malwarebytes blocks email reply website of 

 ba rre to drums .com

(no spaces, don't go to that website!)

Message Removed 17 Nov 2021
Reason: Contained the phishing link
 djwilse 17 Nov 2021
In reply to Tom Blake:

Got one from Graphbapbuva today. Is that a route name?!

 miffyl 17 Nov 2021
 miffyl 17 Nov 2021
 Gillian Holmes 17 Nov 2021
In reply to Tom Blake: Hmm as I suspected, in box full of it this morning.

 summo 17 Nov 2021
In reply to Tom Blake:

They should just make it so you have to be a member for 3 months before you can direct contact anyone. 

 Geoff F 17 Nov 2021
In reply to Tom Blake:

Me too from:

Destrabide 

And 

Diuscurimla 

Both about billionaire secrets.

 Mozza 17 Nov 2021

Same here, from user profangalduo

 John1458 17 Nov 2021
In reply to Geoff F:

Another user;

Epcalquatu 

"Giving away superlative million....."

 HeMa 17 Nov 2021
In reply to Lucian:

I agree (had a few in the inbox).

Most likely a weakness in the forum application. UKC should check if a patch already exists...

that being said, a real databreach is also possible, but less likely (then they would be phishing/spamming us directly, not via UKC).

 ThunderCat 17 Nov 2021
In reply to summo:

> They should just make it so you have to be a member for 3 months before you can direct contact anyone. 

Seems like a reasonable solution.

I've not been spammed. I feel a bit left out

In reply to Tom Blake:

Hi guys, thanks for reporting these. I've deleted any remaining emails on the server that haven't been sent yet and I've disabled the user to user messaging while we can beef up security on it. There's no way for them to send anymore.

There's a 10 message/day limit a user can send before it triggers alarm bells and they've either realised this or just assumed that's the case and created thousands of accounts this morning. Any account created today have been banned.

 Suncream 17 Nov 2021
In reply to Tom Blake:

The emails were pretty annoying but I'd be interested to hear anyone's experience if they tried it and successfully became a billionaire, or even just a millionaire

 Cusco 17 Nov 2021
In reply to Tom Blake:

I've received two spam/phishing emails into my Junk mail via UKC. 

 wintertree 17 Nov 2021
In reply to Tom Blake:

Also “geofesmibel”.

In reply to Tom Blake:

Yep. 2 received overnight offering me a road to riches. 

 Graeme G 17 Nov 2021
In reply to ThunderCat:

> Seems like a reasonable solution.

> I've not been spammed. I feel a bit left out

I felt special this morning.

Until everyone else chipped in.

 Lucian 17 Nov 2021
In reply to HeMa:

If spamming directly then your anti malware software would catch it. Sent from a trusted source tho …

If they’d have your credentials they would not phish, so it looks like initial stage attack.

Thanks for this report. We are aware and have put a stop to the email. See the other thread here - https://www.ukhillwalking.com/forums/ukc/spam_from_user_messaging-741244


New Topic
This topic has been archived, and won't accept reply postings.
Loading Notifications...