Redisplay Messages: Compact | Brief | All | Full Show Messages: All | Without Replies| Author: | 1001bricks  | | Posted: | Mar 21, 2024 21:22 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 61 times | | Topic: | Problem | |
|
| In Problem, CCBricks writes:
| | Well, I'll be one of the first to say that I did click the link. I noticed
the .com.co and knew something wasn't right. I'm not happy
with myself, but I immediately went in and changed the password...three times.
I'm going to say that I got lucky (extremely) and caught it at the right
time.
|
Thanks to be honest!
You've got a pretty quick and sane reaction, that's VERY fine, congratulations!
Remember to check if you used this pass somewhere else, and then change it there...
| | I did a download of my inventory with BrickStore to compare totals. This is what
I found: the total number of items (parts) is off by 4 and the dollar amount
is off by $2.56. This is possibly due to a couple of lots that I have retained
that are not zeroed out. I also looked at the "newest items" to see
if any were added, which I can confirm nothing was added. I also verified the
lot totals were correct (main store and stock rooms).
|
Yes, also some parts may be in the 10 min checkout "reservation" and/or
minor glitches.
As you said a $2 discrepency (I'm sure you can explain later on) isn't
a problem.
| | I strongly suggest every seller download BrickStore and performing a back up,
especially each day, or after sales. I usually do one a day.
|
Absolutely - I repeat it like every week in forum, but hey?
And/or, at the MINIMUM download your Inventory in XML, as BrickStore can open
it later on:
https://www.bricklink.com/invExcel.asp
| | Hopefully BrickLink will post a banner on the main page to warn EVERY user about
this.
|
Yep, but for this we'd need an internal Notification system...
That is VERY needed in fact and IMO.
|
 |
| Author: | CCBricks | | Posted: | Mar 21, 2024 21:12 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 52 times | | Topic: | Problem | |
|
| Well, I'll be one of the first to say that I did click the link. I noticed
the .com.co and knew something wasn't right. I'm not happy
with myself, but I immediately went in and changed the password...three times.
I'm going to say that I got lucky (extremely) and caught it at the right
time.
I did a download of my inventory with BrickStore to compare totals. This is what
I found: the total number of items (parts) is off by 4 and the dollar amount
is off by $2.56. This is possibly due to a couple of lots that I have retained
that are not zeroed out. I also looked at the "newest items" to see
if any were added, which I can confirm nothing was added. I also verified the
lot totals were correct (main store and stock rooms).
I strongly suggest every seller download BrickStore and performing a back up,
especially each day, or after sales. I usually do one a day. It is super easy
to "jump the gun" as I did, and it caught me off guard.
Hopefully BrickLink will post a banner on the main page to warn EVERY user about
this. As of this post, I didn't see anything, so BL should jump on the ball,
like yesterday.
Brian
In Problem, chetzler writes:
| | I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
|
|
| Author: | waltzking | | Posted: | Mar 21, 2024 20:06 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 62 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | In Problem, waltzking writes:
| | As someone not in any LEGO groups (or at least not using my BL email address),
and am still getting the scam emails, I am certain it related to either the hack
or fake contact/orders on BL that can harvest seller emails. Had a lot of these
orders, immediate cancel request, and no contact there after a few months back.
I know it was to phish my seller info as often as the pattern was repeated exactly.
But even messages we reply to can do this as the system still lonks our email
to those. It really should not do this unless an order is placed, or even confirmed
as paid by the system (instant or seller marked). Simply put, contact info should
remain better protected until a transaction is deemed legit. BL is largely an
open book for all seller info if the party wanting to phish it knows how the
site works.
Waltzking
|
Is there any need at all for buyers/sellers to see each other's email contact
info even on legitimate orders? Maybe I've been using instant checkout and
the pay now button for so long I have forgotton, but it has been a while since
a buyer has made a payment directly to my email address. Since BrickLink implemented
sales tax collection, all (at least all of my) payments are negotiated through
PayPal Marketplace.
Maybe other payment methods require an email address.
I know some people send photos via email (if only we could attach photos to a
BL message!).
I'd be perfectly happy to have "public-facing email address" be an
option that I can enable/disable at will.
|
Indeed, there is very little reason it needs to be shared at all. eBay and Amazon
(and other sites too) never share seller address with a buyer, and especially
not their emails. Email addresses can be handy at times (pics, custom instruction
files, etc.), but should be a voluntary thing to give, not granted without our
active consent to each case. It is a BIG security issue (and one I've brought
up to support numerous times) and what leads to all the recent spam and phishing.
If such non-imperative info was hidden, there would be no way to harvest it
for these attacks, baring an actual database hack. Sadly it all seems to fall
on def ears with the community suffering the consequences.
Waltzking
|
|
| Author: | chetzler | | Posted: | Mar 21, 2024 19:34 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 68 times | | Topic: | Problem | |
|
| In Problem, waltzking writes:
| | As someone not in any LEGO groups (or at least not using my BL email address),
and am still getting the scam emails, I am certain it related to either the hack
or fake contact/orders on BL that can harvest seller emails. Had a lot of these
orders, immediate cancel request, and no contact there after a few months back.
I know it was to phish my seller info as often as the pattern was repeated exactly.
But even messages we reply to can do this as the system still lonks our email
to those. It really should not do this unless an order is placed, or even confirmed
as paid by the system (instant or seller marked). Simply put, contact info should
remain better protected until a transaction is deemed legit. BL is largely an
open book for all seller info if the party wanting to phish it knows how the
site works.
Waltzking
|
Is there any need at all for buyers/sellers to see each other's email contact
info even on legitimate orders? Maybe I've been using instant checkout and
the pay now button for so long I have forgotton, but it has been a while since
a buyer has made a payment directly to my email address. Since BrickLink implemented
sales tax collection, all (at least all of my) payments are negotiated through
PayPal Marketplace.
Maybe other payment methods require an email address.
I know some people send photos via email (if only we could attach photos to a
BL message!).
I'd be perfectly happy to have "public-facing email address" be an
option that I can enable/disable at will.
|
|
| Author: | waltzking | | Posted: | Mar 21, 2024 19:16 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 64 times | | Topic: | Problem | |
|
| As someone not in any LEGO groups (or at least not using my BL email address),
and am still getting the scam emails, I am certain it related to either the hack
or fake contact/orders on BL that can harvest seller emails. Had a lot of these
orders, immediate cancel request, and no contact there after a few months back.
I know it was to phish my seller info as often as the pattern was repeated exactly.
But even messages we reply to can do this as the system still lonks our email
to those. It really should not do this unless an order is placed, or even confirmed
as paid by the system (instant or seller marked). Simply put, contact info should
remain better protected until a transaction is deemed legit. BL is largely an
open book for all seller info if the party wanting to phish it knows how the
site works.
Waltzking
|
|
| Author: | popsicle | | Posted: | Mar 21, 2024 19:13 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 61 times | | Topic: | Problem | |
|
| In Problem, Admin_Russell writes:
| | In Problem, Saitobricks.ca writes:
| | In Problem, Admin_Russell writes:
| | In Problem, randyf writes:
| | In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur. I have a strong feeling that a user here that was
very upset about the decisions made is having some "fun" at BrickLink's
expense.
|
Interesting theory. But the scammers that caused the November 3 incident are
the same ones that caused the problems last night, and the variant merge project
was not exposed to the public before January 2024.
As much as companies tend not to boast about the number of online attacks they
receive, we do see a remarkable increase in scammer activity across the board
- throughout many companies and across different industries. To us, it does not
feel like BrickLink is being singled out.
|
Does there happen to be a plan in the works to stop this activity?
|
Yes. In fact, most of what is being done to prevent this type of fraud is being
done behind the scenes, and BrickLink members are not aware that it is happening.
|
Makes sense. That being the case however, would not this suggestion slide perfectly
into the space between understandings: https://www.bricklink.com/message.asp?ID=1460563
|
|
| Author: | cosmicray | | Posted: | Mar 21, 2024 16:55 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 79 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
|
There are a couple of takeaways from that ... first, steer away from the need
to reply IMMEDIATELY to anything you see prior to your first cup of java, tea,
or whatever. Second, do not trust any link that comes in an email, unless a site
is sending you a validation link, has told you it was just sent, and you just
received it. Everything else, including smishing attempts within SMS texts should
be considered suspect dangerous, and unreliable.
The whole paradigm of social engineering attacks is to make you react without
thinking it all the way thru. Take the slow paranoid path, log into the site
using a known good bookmark, and ignore any links that come via dangerous paths
(no matter how real they appear).
Nita Rae
|
|
| Author: | cosmicray | | Posted: | Mar 21, 2024 16:45 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 60 times | | Topic: | Problem | |
|
| In Problem, randyf writes:
| | And judging from the people who are receiving phishing emails (e.g I'm not),
the phisher is probably part of an online BrickLink group somewhere else (Facebook?
Discord?) that all of you are also part of or maybe they ordered from all of
the phishees in the past and already have all of your contact information to
use.
|
I have not received these phishing emails. That said, I am not a member of any
online BL groups, other than reddit, where I visit infrequently. So there may
be something to this theory.
Nita Rae
|
|
| Author: | SylvainLS | | Posted: | Mar 21, 2024 16:41 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 41 times | | Topic: | Problem | |
|
| In Problem, Saitobricks.ca writes:
We don’t know that. The most we know and can say is the person who registered
chose Ukraine for the country field.
|
|
| Author: | Saitobricks.ca | | Posted: | Mar 21, 2024 16:19 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 38 times | | Topic: | Problem | |
|
| In Problem, 1001bricks writes:
| | In Problem, UTLF writes:
| | | | I don't think it's appropriate to mention an invaded Country, right now in war, and BrickLink decision to merge a few parts in their Catalog.
|
That's not even close to what I was referring to: https://www.bricklink.com/message.asp?ID=1423027
|
Sorry, but then it's very certainly not a person from Ukraine, who
as a majority have very probably something better and more urgent to do than
attempt to hack a LEGO items site 
|
You never know, just because he lives in Ukraine dosen't mean he is not bad.
Bad people are everywhere!
|
Next Page: 5 More | 10 More | 25 More | 50 More | 100 More
|
France, Provence-Alpes-Côte d'Azur
USA, Florida
Canada, Ontario