-
• #302
Only an old person would be that dumb.
-
• #303
No, not at all. They've clearly been hacked. The emails are full of my information which makes them look like a proper email from PHD.
The emails look nothing like a normal phishing email, no spelling mistakes, proper formatting, everything, they look legit! They look just like an order response email from PHD with only a couple of links changed (that I happen to inspect before clicking because I'm the paranoid type).
This is why I've been all over them and I'm posting here.
-
• #304
I emailed them too.
Maybe I'm not so dumb, but who gets a free sleeping bag! I only sped £130 with them before.
-
• #305
Obviously it's a bit suspicious but phishing emails are rarely full of your own name, address, email, phone number, etc.
They're usually from a well dodgy domain too.
-
• #306
Yeah was weird coming from their official email.
-
• #307
They're still claiming it's just spam email which is horseshit because I used a PHD specific email with them that only they would've ever received email from.
-
• #308
You use specific emails for different places? Doesn't that get boring setting them all up?
-
• #309
You use a domain that accepts everything before the @ makes it easy to see where stuff is coming from, you can blacklist those that get taken over by spam and makes it more secure as everything is unique so stuff from one site can't be used in another if hacked
-
• #310
Depends what it is I'm dealing with. Sometimes it's just my normal email with a "+sitename" added to it.
eg. Gmail will send it all to the main email address but for all intents it's a new email address. Takes seconds in this case.
https://www.wired.com/2016/03/set-gmail-aliases-import-inboxes/
If you have your own domain, it's easy enough to create aliases too.
-
• #311
They keep claiming it's just a spam email but that's bullshit, there's been a breach somewhere.
They need to stop bullshitting their and investigate it and then let me know what the fuck they've lost.
-
• #312
That's smart didn't know that.
-
• #314
Are you their 'security expert'?
Ha
-
• #315
No, I'm fucked off because a bunch of my details have been compromised because of something they or one of their providers did and they're being cagey about calling it spam rather than a breach. You're legally obliged to report data breaches.
Aha, I've just checked my email and it seems my pestering has got them to fess up to the breach.
-
• #316
"As I keep telling you, this is no normal spam or phishing email. This was sent to an email address I created explicitly for dealing with your company - look at the "+phd" on my PHD sales email.
The dodgy email was sent to this email address and contained my name, address and phone number. This means the attackers have compromised your systems, your email sending systems or possibly your payment systems to extract this information.
It is not information that could've just been harvested off the internet unless of course you had this information in some kind of publicly exposed form. So which is it? What other information of mine was compromised?You need to start reading this: https://ico.org.uk/for-organisations/guide-to-pecr/communications-networks-and-services/security-breaches/ get some data forensics done to find out what was compromised and stop with the "spam" story.
I look forward to your response."
Dear PHD Customer
Unfortunately, as is increasingly common these days, PHD have been targeted by hackers. They have stolen some of our customers’ email and postal address (but NOT debit/credit card details).*
They also targeted our website with a distributed denial-of-service attack.
If you have received an email asking you to pay for postage to receive a free sleeping bag, DO NOT input your debit/credit card details. This is a phishing email intended to try to harvest your debit/credit card details.
If you have inputted your debit/credit card details on the phishing website to try to claim the free sleeping bag, please contact your bank as soon as possible to tell them that your card details may have been stolen.
We have already spoken with a security expert, the UK police and our web hosting company and are working hard to find out more about how this attack took place.
The PHD Team
[Apologies for cross-posting, but we wanted to make sure all our customers received the latest information on this attack as soon as possible]
- We do not hold any of our customers’ debit/credit card details. All transactions are passed through our payment provider PayPoint.
- We do not hold any of our customers’ debit/credit card details. All transactions are passed through our payment provider PayPoint.
-
• #317
We have already spoken with a security expert
Is that you then?
P.s. long time passed but my partner thinks she needs a warmer bag than the one you are/were flogging... not sure I'd let you know
-
• #318
No, I'm just an angry fucker that won't take bullshit "it was spam" excuses when my personal details are lost to Russia.
I don't recall? I think cake or someone was asking about it last. It's not gone anywhere so I assume I've not sold it to anyone :)
-
• #319
angry fucker that won't take bullshit
Probably makes you an expert in their marketing depts eyes!
Surprised it hasn't sold, good kit at good price just too short for me & as above partner sleeps cold so wants warmer. GLWS etc.
-
• #320
I never knew about this! This is brilliant.
-
• #321
I am brilliant. Yes, thank you. So brilliant, the most brilliant. I basically invented the Google and created that feature, that's how brilliant. I have big hands and I'm brilliant.
-
• #322
Companies that loose people's data should be fined. (I think they are no?)
I know Phd are a small company but that's no excuse.
-
• #323
There are penalties for data breaches. I think Talk Talk was fined ~£400,000 for their THIRD breach. I don't really know how all that works though. Talk Talk was a high priority case.
Their site isn't https - I don't think security is high on their list of priorities.
-
• #324
Run your email and/or usernames through here to see where else you've had your data spilled from... https://haveibeenpwned.com/
Looks like PHD has been hacked. Don't click any links in any emails from them.