Page 1 of 2 12 LastLast
Results 1 to 15 of 24
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Antigonish, NS
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts

    "Fill out surveys" email from Windows Secrets...spam?

    Today I recived an email from "email obscured purposely" (part of email address obscurred in case it's legit)

    It explained how I could make $20 filling out surveys. I rarely get emails from Windows Secrets, other than the weekly newsletter. So this seemed a bit odd to me. Even more odd, there was a link in the email to a dropbox account for more info. It seems strange that it wouldn't link to something on the Windows Secrets site if more info was to be presented. For these reasons I didn't click on the link. Seems like spam to me.

    If so, I have a bigger concern. How would a spammer know that I subscribe to Windows Secrets? Does this suggest that their email database has been compromised? Perhaps not, if I am the only one to recieve this email. However, if others have also recieved it, and it's not legit, there may be an issue. Has anyone else recieved the email?

    Is there someone in the know that can shed some light on this?

    Brian
    Last edited by Medico; 2012-09-17 at 19:17.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,176
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    We do not think they are legitimate emails and the fact that you are getting them does not mean any database was hacked, it most likely is just a coincidence.
    None of us on the Lounge moderation team is related to the Windows Secrets, other than through the Lounge role and most likely through a subscription to the newsletter like many other Lounge members. The situation is being looked at and we will provide more info when we get it.

  4. #3
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Fishkill, New York, USA
    Posts
    406
    Thanks
    92
    Thanked 35 Times in 31 Posts
    Same here.

    Rich

  5. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 929 Times in 851 Posts
    We have been notified that non-members have also received these emails. It is a phishing attempt. Do not fall for these folks. they are fake.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  6. #5
    New Lounger
    Join Date
    Oct 2011
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Me to

    Sam

  7. #6
    New Lounger
    Join Date
    Apr 2010
    Location
    Sydney,NSW,Australia.
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Likewise..........but
    The email address I use I don't share with a lot of people.
    I have a large number of email addresses that I use, this is the only one that has been spammed.
    BTW
    Reply-To shows "email obscured purposely"
    Return-Path shows "email obscured purposely"
    Also see that the links are to dropbox.com

    Other Strange Tech Stuff.

    X-Truedomain-SPF: Error (mx2: error in processing during lookup of domain of windowssecrets.com: Could not find a valid SPF record)
    X-Truedomain-DKIM: No Signature
    X-Truedomain-ID: B1306E3A46B99AA0673C49DA47E03367
    Last edited by Medico; 2012-09-17 at 19:22.

  8. #7
    New Lounger
    Join Date
    Sep 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by ruirib View Post
    We do not think they are legitimate emails and the fact that you are getting them does not mean any database was hacked, it most likely is just a coincidence.
    None of us on the Lounge moderation team is related to the Windows Secrets, other than through the Lounge role and most likely through a subscription to the newsletter like many other Lounge members. The situation is being looked at and we will provide more info when we get it.
    I have forwarded two spam emails with full headers via the Windows Secrets "Contact Us" email page.

    One was received yestereday, and one this morning. I have used an email address that has **ONLY** been used for Windows Secrets newletters, and thus, this leads me to suspect that your email database may have been compromised.

    Please let us know of your findings.

    Thanks,
    Lex2

  9. #8
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 929 Times in 851 Posts
    Lex, we will definitely post things as we find out. We have also heard from people that are not now nor ever been members of WS. This leads us to believe this phishing scheme has not compromised our systems, but these things are being investigated by those responsible for security and software here at WS.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  10. #9
    Lounger
    Join Date
    Jan 2010
    Posts
    33
    Thanks
    0
    Thanked 2 Times in 1 Post
    like Mr Flot, the email address i use for WS is only used for a handful of other subscriptions and is never used for anything else. it gets literally zero spam, but out of the clear blue i'm getting these same spam emails to this address with a from address of "Windows Secrets".

    sure looks to me like the WS subscription list has been compromised. given that i use this address for only four subscriptions then it seems clear that one of those four lists has been compromised. and given that the spammer chose to use WS as the from address, that sure seems to implicate WS. the fact that others receiving this spam are not WS subscribers simply means that the spam list being used probably has multiple sources, the WS list being just one.

    now this particular spam is easily blocked with a filter -- at least in its current form. but what i worry about is the list being sold to one of the more heinous spammers, who are next to impossible to block. and that would pretty much leave that particular address as unusable. for my particular case, that's no big deal, as there's only four total senders involved, so i could easily change the address. but for other WS subscribers this could be a major PITA.

    lee

  11. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,176
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    I, for one, got no emails and I am a subscriber too. I think it's a bit early to draw conclusions.

  12. #11
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,722
    Thanks
    78
    Thanked 336 Times in 304 Posts
    Check your junk mail folder. I think it's a bit early to draw conclusions.

  13. #12
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,176
    Thanks
    129
    Thanked 1,139 Times in 1,050 Posts
    I don't know how you configure your email client, but mine allows me to know when there are junk messages, just by looking at it.
    Maybe you should really not draw hasty conclusions, both about the spam and the way others use their computers.

  14. #13
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,722
    Thanks
    78
    Thanked 336 Times in 304 Posts
    I didn't draw any conclusions about either. I just made a suggestion.

    (The junk mail folder is where I found mine today, but I hadn't noticed it yesterday.)
    Last edited by BruceR; 2012-09-18 at 17:13.

  15. #14
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,625
    Thanks
    161
    Thanked 929 Times in 851 Posts
    I have not received any of these emails either, and I also checked my junk folder. Junk emails are kept in this folder until I manually delete them.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  16. #15
    New Lounger
    Join Date
    Dec 2009
    Location
    Tennessee
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Exclamation

    Looks like the debate is over. Received this today:


    Important notice to all subscribers: Windows Secrets’ website was exploited on 9/11/12, the “hacker” gained access to the website by compromising an admin account. On 9/12, the hacker planted malicious code that allowed him export a list of users email addresses. On 9/17, a spam email was sent on behalf of WindowsSecrets.com – this is what alerted us to the issue.

    On 9/17, immediately after the email was sent, our IT personnel identified the exploited account and disabled access and removed the malicious code. We promptly scrubbed our system and performed a full audit of the code.

    Going forward, we recommend the following:
    - Do not click on the links if you receive any unsolicited emails from Windows Secrets. We send two regularly scheduled emails – the newsletter on Wed/Thursday AM and renewal notices (for paid subscribers) on Tuesdays.
    - We recommend changing your password here. If you changed your default password from a reader number to the same password you use elsewhere on the web – such as your e-mail – then we recommend that you change the password there too.

    We sincerely apologize for any inconvenience this may have caused you. We appreciate your support of Windows Secrets.


    Apparently there is nearly always a way around even the best security.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •