User avatar
ben_nuttall
Posts: 235
Joined: Sun Aug 19, 2012 11:19 am
Location: Cambridgeshire, UK
Contact: Website Twitter

Beware: phishing DM notification emails

Fri Mar 14, 2014 4:06 pm

Hi everyone

Please be cautious of any emails you receive notifying you of direct messages on the Raspberry Pi forums. There is a clone of our site at storyhub.actionaid.org and we've received reports of users of this forum getting DM notification emails linking to the clone, which will prompt you to log in.

Assuming the worst, this is a phishing scam in attempt to gain users' login credentials.

We're working on getting the clone site taken down. In the mean time please be cautious of emails supposedly from our forums, and double check the URL when logging in - if it's not on raspberrypi.org, it's not ours.

Ben

UPDATE: This has now been resolved.
Former RPF staff. Author of gpiozero and creator of piwheels.

User avatar
jojopi
Posts: 3353
Joined: Tue Oct 11, 2011 8:38 pm

Re: Beware: phishing DM notification emails

Fri Mar 14, 2014 5:50 pm

Perhaps "Plan 9" is not the best subforum for this.

Email addresses should be no more publicly cloneable than password hashes.

The storyhub name resolves to mythic beasts, where the real raspberrypi site is also hosted. I suspect it is an innocent mistake by the host.

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 6258
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Beware: phishing DM notification emails

Fri Mar 14, 2014 5:52 pm

Moved

RPi85
Posts: 26
Joined: Fri Dec 27, 2013 10:42 pm

Re: Beware: phishing DM notification emails

Mon Apr 07, 2014 5:30 pm

Just received a topic reply notification that looks exactly like the real thing including the name of the thread and my username, but all the links go to http://storyhub.actionaid.org/forums. I honestly wouldn't have noticed, but luckily my password manager didn't fill in the account info because the URL was wrong. Is my username publicly associated to my email address somewhere here on the forum? If it isn't, this doesn't seem like a scam but rather some really weird mistake.. :shock:

Aydan
Posts: 734
Joined: Fri Apr 13, 2012 11:48 am
Location: Germany, near Lake Constance

Re: Beware: phishing DM notification emails

Wed Apr 16, 2014 8:18 pm

What is really strange is that this happens only for this thread, and not others.

Regards
Aydan

RPi85
Posts: 26
Joined: Fri Dec 27, 2013 10:42 pm

Re: Beware: phishing DM notification emails

Wed Apr 16, 2014 8:27 pm

Nope, I got a notification for this thread http://www.raspberrypi.org/forums/viewt ... 43&t=44966.

edit: but seriously though, how long does it take investigate this? I'ts been a month already, and the messages apparently keep on going.

Aydan
Posts: 734
Joined: Fri Apr 13, 2012 11:48 am
Location: Germany, near Lake Constance

Re: Beware: phishing DM notification emails

Wed Apr 16, 2014 8:30 pm

RPi85 wrote:Nope, I got a notification for this thread http://www.raspberrypi.org/forums/viewt ... 43&t=44966.

edit: but seriously though, how long does it take investigate this? I'ts been a month already, and the messages apparently keep on going.
Both threads are part of the camera sub-forum, the working ones aren't.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 27410
Joined: Sat Jul 30, 2011 7:41 pm

Re: Beware: phishing DM notification emails

Thu Apr 17, 2014 7:56 am

We thought that this was sorted out - I'll flag it up again.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

gkreidl
Posts: 6355
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: Beware: phishing DM notification emails

Wed May 14, 2014 6:40 am

I just received such a message, matching a real new posting of today. So it's not sorted out. The phishing site is still active (site might have been hacked).

And how did the sender ("haggis.mythic-beasts.com") get my email address? And how did he know that I have subscribed to that special topic?
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

RPi85
Posts: 26
Joined: Fri Dec 27, 2013 10:42 pm

Re: Beware: phishing DM notification emails

Wed May 14, 2014 7:05 am

gkreidl wrote:I just received such a message, matching a real new posting of today. So it's not sorted out. The phishing site is still active (site might have been hacked).

And how did the sender ("haggis.mythic-beasts.com") get my email address? And how did he know that I have subscribed to that special topic?
Exactly. The "other site" seems to have information it shouldn't have, which makes me think this is some sort of mistake. Or a serious breach.

Either way, I can't say I'm impressed by the way it's being handled...

gkreidl
Posts: 6355
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: Beware: phishing DM notification emails

Wed May 14, 2014 7:42 am

The foundation should send reports to
domainabuse@tucows.com and admin@mythic-beasts.com (Reseller)

that user (sub domain) haggis.mythic-beasts.com ([IPv6:2a00:1098:0:86:1000:0:2:1])
is sending out phishing emails.

A moderator or admin can contact me via PM, if he needs the source of the original mail I received.
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

RobHenry
Posts: 452
Joined: Fri Sep 21, 2012 9:04 pm
Location: UK

Re: Beware: phishing DM notification emails

Wed May 14, 2014 7:50 am

As pointed out above, they're not phishing emails - they come to genuine thread subscribers as a result of thread updates. Some sort of data leakage or use of production data in a test or back up environment I guess.

Why is there no explanation from the foundation?

gkreidl
Posts: 6355
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: Beware: phishing DM notification emails

Wed May 14, 2014 8:06 am

RobHenry wrote:As pointed out above, they're not phishing emails - they come to genuine thread subscribers as a result of thread updates. Some sort of data leakage or use of production data in a test or back up environment I guess.

Why is there no explanation from the foundation?
If you follow the link you are asked for user name and password of your Raspberry Pi forum account. That's phishing in my view.
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 27410
Joined: Sat Jul 30, 2011 7:41 pm

Re: Beware: phishing DM notification emails

Wed May 14, 2014 8:44 am

I'll flag it up - they may not know its happening again.

Mythic Beasts are the Foundations web provider, so they are the good guys.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

gkreidl
Posts: 6355
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: Beware: phishing DM notification emails

Wed May 14, 2014 9:34 am

jamesh wrote:I'll flag it up - they may not know its happening again.

Mythic Beasts are the Foundations web provider, so they are the good guys.
OK, but they may have another evil client. If they are the foundation's web provider it should be easy to contact them and tell them about it. They should really be interested in not loosing a client like the foundation.
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

gkreidl
Posts: 6355
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: Beware: phishing DM notification emails

Wed May 14, 2014 9:53 am

some more infos on this:
the phishing link I've got:
http://storyhub.actionaid.org/forums/vi ... 7&e=550317

actionaid.org has the IP 216.219.73.118, which is hosted in the US, but storyhub.actionaid.org is routed to IP 93.93.130.39 which belongs to Mythic Beasts Ltd. That means, the phishing site itself is hosted at Mythic Beasts!
And the origin of the phishing mail was also a Mythic Beasts user.
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 27410
Joined: Sat Jul 30, 2011 7:41 pm

Re: Beware: phishing DM notification emails

Wed May 14, 2014 9:53 am

Mythic have been informed and are looking in to it.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

User avatar
ben_nuttall
Posts: 235
Joined: Sun Aug 19, 2012 11:19 am
Location: Cambridgeshire, UK
Contact: Website Twitter

Re: Beware: phishing DM notification emails

Wed May 14, 2014 10:19 am

We're looking in to it.

We suspect it's no more sinister than a misconfigured DNS. Not so much anything to worry about, but I'm working to get Mythic to resolve it.
Former RPF staff. Author of gpiozero and creator of piwheels.

User avatar
ben_nuttall
Posts: 235
Joined: Sun Aug 19, 2012 11:19 am
Location: Cambridgeshire, UK
Contact: Website Twitter

Re: Beware: phishing DM notification emails

Tue Jun 10, 2014 5:19 pm

This issues has now been resolved.

The domain no longer points at this website. It was just misconfigured DNS.
Former RPF staff. Author of gpiozero and creator of piwheels.

Return to “General discussion”