Warning: Scam email from HIDS4U
Discussion
Hi all,
Please be mindful of emails that seem to come from HIDS4U that claim they are giving you a free dash cam (because you're a loyal customer) just for the price of postage.
I've just received one, and it has a link where I can "update my address" which takes me to a hacked webpage on the website of the Orthopaedic and Neurological Rehabilitation Centre in Texas, USA. The hacked website I've no doubt would ask me for my credit card details to pay the postage.
For the techies amongst you, you can see the files that make up this hacked website by looking at
https :// www.onr-inc.com / cli / www.hids4u.co.uk / (URL mangled to protect people, even though this URL just gives a directory file listing)
It contains a file that has details of over 4000 customers, the hids4u.csv file, emails, names, delivery address and phone numbers. Doesn't seem to contain passwords though thankfully.
Maybe someone that knows PHP can pull the PHP files to bits and try and find out where they're sending the captured details?
I used 'preview' in Safari to look at the website and it looks very convincing, with my correct name, delivery address, phone number and email. I've no doubt that following pages would ask for the postage and ask for credit card numbers, etc.
I've sent a message to HIDS4U letting them know, but if you get one of these scams, ignore it, and if you have already paid the 'postage', cancel your credit card ASAP.
The email scam itself had a few thing about it that made it look fishy, there wasn't any obvious "Pay postage here" link, just one link to confirm delivery address, plus the email subject is "Special Delivery" with a reference number - how can they have a reference number for a delivery when I haven't paid for delivery yet?
Cheers,
Richard
Please be mindful of emails that seem to come from HIDS4U that claim they are giving you a free dash cam (because you're a loyal customer) just for the price of postage.
I've just received one, and it has a link where I can "update my address" which takes me to a hacked webpage on the website of the Orthopaedic and Neurological Rehabilitation Centre in Texas, USA. The hacked website I've no doubt would ask me for my credit card details to pay the postage.
For the techies amongst you, you can see the files that make up this hacked website by looking at
https :// www.onr-inc.com / cli / www.hids4u.co.uk / (URL mangled to protect people, even though this URL just gives a directory file listing)
It contains a file that has details of over 4000 customers, the hids4u.csv file, emails, names, delivery address and phone numbers. Doesn't seem to contain passwords though thankfully.
Maybe someone that knows PHP can pull the PHP files to bits and try and find out where they're sending the captured details?
I used 'preview' in Safari to look at the website and it looks very convincing, with my correct name, delivery address, phone number and email. I've no doubt that following pages would ask for the postage and ask for credit card numbers, etc.
I've sent a message to HIDS4U letting them know, but if you get one of these scams, ignore it, and if you have already paid the 'postage', cancel your credit card ASAP.
The email scam itself had a few thing about it that made it look fishy, there wasn't any obvious "Pay postage here" link, just one link to confirm delivery address, plus the email subject is "Special Delivery" with a reference number - how can they have a reference number for a delivery when I haven't paid for delivery yet?
Cheers,
Richard
r11co said:
Fishing - probably no data breach has happened.
They have the details of over 4000 customers, how would they get that information? (I noticed that a few email addresses are of the form "hids4u@<persons email address>" which is typical of people shopping somewhere taking junk email precautions, these aren't just 4000 random peoples details)Anyone here on PH ordered from HIDS4U and want to check if their personal details appear in a suspected security breach?
edit - appears the data probably does originate from HIDS4U, have cross-referenced against an old post on the TVR section and have matched names of those that say they've purchased previously from HIDS4U to names that appear in the DB.
edit - appears the data probably does originate from HIDS4U, have cross-referenced against an old post on the TVR section and have matched names of those that say they've purchased previously from HIDS4U to names that appear in the DB.
Edited by Your Dad on Thursday 24th August 14:09
Your Dad said:
Dodgy website content now removed.
Great news!Your Dad said:
@fwaggie: Have you/will you inform the ICO, as there appears to have been a breach of your personal data?
I've just had a look at the ICO website, and the closest thing I can find is "Report a Concern".Following that through it asks me:-
- Have I reported my concern?
- Have I heard anything back?
Is there a different link / category or report I can use for data breach?
If you select Y & Y you'll get to the page that gives downloadable form that you can fill in and submit - https://ico.org.uk/concerns/handling/y/y/y
Might be worth using the live chat function or giving them a call (0303 123 1113) if in doubt.
Might be worth using the live chat function or giving them a call (0303 123 1113) if in doubt.
Not the first time HIDS4U have been compromised. I still get spam emails coming to my email address (I create a different alias for each company I sign up to, so I know they were the source - e.g. hids4u@domain.com).
No doubt I'm on this list of 4000 customers.
Disappointing.
edit: I also emailed HIDS4U and told them about a possible breach the last time I received a spam email to that email address, and was told "I can assure you we do not sell any data on but I have passed this on to our IT team to investigate". Useless.
No doubt I'm on this list of 4000 customers.
Disappointing.
edit: I also emailed HIDS4U and told them about a possible breach the last time I received a spam email to that email address, and was told "I can assure you we do not sell any data on but I have passed this on to our IT team to investigate". Useless.
Edited by Durzel on Thursday 24th August 16:08
Durzel said:
Not the first time HIDS4U have been compromised. I still get spam emails coming to my email address (I create a different alias for each company I sign up to, so I know they were the source - e.g. hids4u@domain.com).
Disappointing.
You're in the compromised list too, sorry.Disappointing.
Just received an email from HIDS4U warning customers about the scam emails and asking them to take action if they have entered any credit card details.
They say the data breach was from a few years ago (5 to 7 years ago), no CC details were stored, nor are they now stored, and they "introduced a number of security measures some time ago" and will look to see what can be done at this time.
Good on them for acting on it.
I'll fill in the details on that ICO form later today.
They say the data breach was from a few years ago (5 to 7 years ago), no CC details were stored, nor are they now stored, and they "introduced a number of security measures some time ago" and will look to see what can be done at this time.
Good on them for acting on it.
I'll fill in the details on that ICO form later today.
Durzel said:
Yeah, got the same email. At least they took ownership of it.
edit: Interestingly I got this email after I'd asked them to delete my account and any data they store about me, which they confirmed they had done.... so...
Hah, they'll just claim the emails were sent out before they deleted your details, and it took <whatever time period> to work their way through sending the squillions of emails!edit: Interestingly I got this email after I'd asked them to delete my account and any data they store about me, which they confirmed they had done.... so...
I got this email at about 14.00 today and thought it looked iffy so sent an email to HIDS asking for advice. I didn't get a reply but just now a general email, from the real HIDS, came through explaining the situation.
The irony is that good old BT, put the phishing email straight into my inbox and the genuine email went into spam, although BT's usage of spam controls is a whole different thread.
The irony is that good old BT, put the phishing email straight into my inbox and the genuine email went into spam, although BT's usage of spam controls is a whole different thread.
Ditto all of the above.
Details are much fresher than 5 years ago (i only bought my kit a few months ago) and whilst that CSV didn't have the password in it, doesn't meant they didn't get it ... only that they didn't need it to run their PHP so probably ommited it so as not to tip their hand.
I would still change passwords on email as a precaution and any sites you shared same password (if you did - which you really shouldn't be doing ... good a time as any to break the habit).
P.s ironically, hids4u's genuine email also went in my spammail
Details are much fresher than 5 years ago (i only bought my kit a few months ago) and whilst that CSV didn't have the password in it, doesn't meant they didn't get it ... only that they didn't need it to run their PHP so probably ommited it so as not to tip their hand.
I would still change passwords on email as a precaution and any sites you shared same password (if you did - which you really shouldn't be doing ... good a time as any to break the habit).
P.s ironically, hids4u's genuine email also went in my spammail
Gassing Station | General Gassing | Top of Page | What's New | My Stuff