• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required. There are many reviews of audio hardware and expert members to help answer your questions. Click here to have your audio equipment measured for free!

Beware! Frequent Password Phishing Emails!

amirm

Founder/Admin
Staff Member
CFO (Chief Fun Officer)
Joined
Feb 13, 2016
Messages
45,986
Likes
256,724
Location
Seattle Area
I don't know if others are getting these as well but I am getting a number of emails claiming to be from ASR and that my password has expired. These are NOT legitimate emails. Please don't click on their links. The emails are poorly formatted so you should be able to tell they are not real but others were more official looking. The "From" line in the last email was: "audiosciencereview.com <info @ gh-hyd.com>" Clearly that is not our domain although they could have easily spoofed that.
 
If you are receiving an email, you can avoid this type of nonsense with the proper account settings:

privacy.png


prefs.png


If any member wants to contact you via email, they can ask for your email in a PM. If you don't recognize them, then . . .
 
They use them to take over your account and post spam/scams. They may also hope that you use the same password elsewhere so break into those accounts.
 
I don't know if others are getting these as well but I am getting a number of emails claiming to be from ASR and that my password has expired. These are NOT legitimate emails. Please don't click on their links. The emails are poorly formatted so you should be able to tell they are not real but others were more official looking. The "From" line in the last email was: "audiosciencereview.com <info @ gh-hyd.com>" Clearly that is not our domain although they could have easily spoofed that.
It's a sure sign that ASR has truly arrived...!
This is something that is getting worse and worse, especially in the area of classified ad fraud.
The usual options have been exhausted, e.g. super cheap strollers, coffee machines, notebooks and tablets, smartphones, etc. People have been warned and don't fall for it as often anymore.

The scammers are now concentrating heavily on much rarer and less frequently offered items with stolen pictures and text, at very tempting prices from absolutely all areas.

These stolen email addresses are used, among other things, to hack accounts on this platform and on classified ad portals, to take them over, or to open new ones in order to then place fraudulent ads.

Don't fall for it, no matter how good and heartbreaking the stories are about why no secure payment method is possible. You will be scammed 98% of the time.
 
Some very basic rules to stay safe in the Internet (and in the world)

- If something sounds too good to be true, it is.
- If someone writes to you/offers you something without you knowing the person or the context, ignore and report it immediately.
- If a legitimate business/person wants to contact you, they will do so with full address, name and some clear proof of legitimacy. If they don't, refer to prior rule.
- Ease of use and comfort ALWAYS comes at the cost of security. If some login or verification process is annoying to you, it's exponentially harder for criminals, which is a good thing.
- If someone wants to blackmail you by claiming to have "compromising data", they will prove it to you and not leave you in the dark. So don't panic unless they send you a picture/video that only you had. If they do though, do not respond, collect evidence (screenshots etc) and contact authorities.
 
The emails are poorly formatted so you should be able to tell they are not real but others were more official looking.

There’s one »good« reason for those folks not to issue official looking mails: They use these badly formatted mails instead as a sort of filter, insomuch that only people dumb enough to not even notice the fraud character of crappy designs should step into that trap. For they are the »right stuff« to get cheated thoroughly afterwards ...
 
If it's just Amir or only a very few people then that's one thing. If it's lots of us then I wonder how the spammer as associated the email addresses with ASR.

What I assume is Amir's email address can be found on the internet, so that's likely how he is getting them.

A lot of times they will just brute force it. they scrape usernames and any data (for example your age shows on your profile page) from site. The then use that to create possible email addressed.


Consider a fictional 24 year old user, whose username is johnDoe. That info will be uses to create multiple usernames.

johnDoe
johnDoe99
johnDoe00
johnDoe01
johnDoe1999
johnDoe2000
johnDoe2001
john.Doe
john.Doe99
john.Doe00
john.Doe01
john.Doe1999
john.Doe2000
john.Doe2001

all 14 of those usernames would then be sent out to each major hosting provider gmail, yahoo, apple, Microsoft etc. They are basically throwing you know what at the wall and seeing what sticks.
 
What I assume is Amir's email address can be found on the internet, so that's likely how he is getting them.
Yes. So is mine. But what about the association between 1) an email address and 2) the string "audiosciencereview.com"? For Amir I'd guess that's easy to figure out. But if hundreds of us have been getting spam emails containing the string "audiosciencereview.com" then I'm interested to know how the spammer made those associations.
 
Yes. So is mine. But what about the association between 1) an email address and 2) the string "audiosciencereview.com"? For Amir I'd guess that's easy to figure out. But if hundreds of us have been getting spam emails containing the string "audiosciencereview.com" then I'm interested to know how the spammer made those associations.
I would be very intrigued if this where the case as well. I have not received emails to my knowledge but I do get security alerts pop-ups sometimes due to the ASR website.
 
@amirm - If I may provide a recommendation: it’s worth looking into the SPF Record, setting that to hard fail (not soft fail as it is now), this way the receiving party will reject anything that is not sent from your servers.
I can help out with this matter (it’s kinda my job/expertise)
 
Back
Top Bottom