Warning: Scam email from HIDS4U

Warning: Scam email from HIDS4U

Author
Discussion

fwaggie

Original Poster:

1,544 posts

142 months

Wednesday 23rd August 2017
quotequote all
Hi all,

Please be mindful of emails that seem to come from HIDS4U that claim they are giving you a free dash cam (because you're a loyal customer) just for the price of postage.

I've just received one, and it has a link where I can "update my address" which takes me to a hacked webpage on the website of the Orthopaedic and Neurological Rehabilitation Centre in Texas, USA. The hacked website I've no doubt would ask me for my credit card details to pay the postage.

For the techies amongst you, you can see the files that make up this hacked website by looking at
https :// www.onr-inc.com / cli / www.hids4u.co.uk / (URL mangled to protect people, even though this URL just gives a directory file listing)

It contains a file that has details of over 4000 customers, the hids4u.csv file, emails, names, delivery address and phone numbers. Doesn't seem to contain passwords though thankfully.

Maybe someone that knows PHP can pull the PHP files to bits and try and find out where they're sending the captured details?

I used 'preview' in Safari to look at the website and it looks very convincing, with my correct name, delivery address, phone number and email. I've no doubt that following pages would ask for the postage and ask for credit card numbers, etc.

I've sent a message to HIDS4U letting them know, but if you get one of these scams, ignore it, and if you have already paid the 'postage', cancel your credit card ASAP.


The email scam itself had a few thing about it that made it look fishy, there wasn't any obvious "Pay postage here" link, just one link to confirm delivery address, plus the email subject is "Special Delivery" with a reference number - how can they have a reference number for a delivery when I haven't paid for delivery yet?



Cheers,
Richard

Your Dad

1,431 posts

125 months

Thursday 24th August 2017
quotequote all
You might want to ask HIDS4U when they're going to inform the ICO of a possible data breach.

r11co

6,244 posts

172 months

Thursday 24th August 2017
quotequote all
Your Dad said:
You might want to ask HIDS4U when they're going to inform the ICO of a possible data breach.
Phishing - probably no data breach has happened.

fwaggie

Original Poster:

1,544 posts

142 months

Thursday 24th August 2017
quotequote all
r11co said:
Fishing - probably no data breach has happened.
They have the details of over 4000 customers, how would they get that information? (I noticed that a few email addresses are of the form "hids4u@<persons email address>" which is typical of people shopping somewhere taking junk email precautions, these aren't just 4000 random peoples details)

Your Dad

1,431 posts

125 months

Thursday 24th August 2017
quotequote all
Anyone here on PH ordered from HIDS4U and want to check if their personal details appear in a suspected security breach?

edit - appears the data probably does originate from HIDS4U, have cross-referenced against an old post on the TVR section and have matched names of those that say they've purchased previously from HIDS4U to names that appear in the DB.

Edited by Your Dad on Thursday 24th August 14:09

Advertisement

Your Dad

1,431 posts

125 months

Thursday 24th August 2017
quotequote all
Dodgy website content now removed.

@fwaggie: Have you/will you inform the ICO, as there appears to have been a breach of your personal data?

fwaggie

Original Poster:

1,544 posts

142 months

Thursday 24th August 2017
quotequote all
Your Dad said:
Dodgy website content now removed.
Great news!

Your Dad said:
@fwaggie: Have you/will you inform the ICO, as there appears to have been a breach of your personal data?
I've just had a look at the ICO website, and the closest thing I can find is "Report a Concern".

Following that through it asks me:-
  • Have I reported my concern?
(yes I have, I used their online message system to let them know)
  • Have I heard anything back?
Answered 'no' to this one and it says "follow up with the organisation" and there's no other options.

Is there a different link / category or report I can use for data breach?

Your Dad

1,431 posts

125 months

Thursday 24th August 2017
quotequote all
If you select Y & Y you'll get to the page that gives downloadable form that you can fill in and submit - https://ico.org.uk/concerns/handling/y/y/y

Might be worth using the live chat function or giving them a call (0303 123 1113) if in doubt.

Durzel

7,405 posts

110 months

Thursday 24th August 2017
quotequote all
Not the first time HIDS4U have been compromised. I still get spam emails coming to my email address (I create a different alias for each company I sign up to, so I know they were the source - e.g. hids4u@domain.com).

No doubt I'm on this list of 4000 customers.

Disappointing.

edit: I also emailed HIDS4U and told them about a possible breach the last time I received a spam email to that email address, and was told "I can assure you we do not sell any data on but I have passed this on to our IT team to investigate". Useless.

Edited by Durzel on Thursday 24th August 16:08

Your Dad

1,431 posts

125 months

Thursday 24th August 2017
quotequote all
Durzel said:
Not the first time HIDS4U have been compromised. I still get spam emails coming to my email address (I create a different alias for each company I sign up to, so I know they were the source - e.g. hids4u@domain.com).

Disappointing.
You're in the compromised list too, sorry.

Durzel

7,405 posts

110 months

Thursday 24th August 2017
quotequote all
Your Dad said:
You're in the compromised list too, sorry.
Any chance you can send me my details so I know how current it is please?

Your Dad

1,431 posts

125 months

Thursday 24th August 2017
quotequote all
Durzel said:
Any chance you can send me my details so I know how current it is please?
Just PM'd you a number.

Your Dad

1,431 posts

125 months

Thursday 24th August 2017
quotequote all
@Durzel - correct.

Durzel

7,405 posts

110 months

Thursday 24th August 2017
quotequote all
Cheers.

Have emailed HIDS4U asking them to remove my details, for what it's worth (i.e. nothing - horse and stable door spring to mind). I've sent you a reply by the way asking if you can provide me with the rest of the details.

Your Dad

1,431 posts

125 months

Thursday 24th August 2017
quotequote all
Replied.

fwaggie

Original Poster:

1,544 posts

142 months

Thursday 24th August 2017
quotequote all
Just received an email from HIDS4U warning customers about the scam emails and asking them to take action if they have entered any credit card details.

They say the data breach was from a few years ago (5 to 7 years ago), no CC details were stored, nor are they now stored, and they "introduced a number of security measures some time ago" and will look to see what can be done at this time.

Good on them for acting on it.


I'll fill in the details on that ICO form later today.

Durzel

7,405 posts

110 months

Thursday 24th August 2017
quotequote all
Yeah, got the same email. At least they took ownership of it.

edit: Interestingly I got this email after I'd asked them to delete my account and any data they store about me, which they confirmed they had done.... so...

fwaggie

Original Poster:

1,544 posts

142 months

Thursday 24th August 2017
quotequote all
Durzel said:
Yeah, got the same email. At least they took ownership of it.

edit: Interestingly I got this email after I'd asked them to delete my account and any data they store about me, which they confirmed they had done.... so...
Hah, they'll just claim the emails were sent out before they deleted your details, and it took <whatever time period> to work their way through sending the squillions of emails!

Denis O

2,043 posts

185 months

Thursday 24th August 2017
quotequote all
I got this email at about 14.00 today and thought it looked iffy so sent an email to HIDS asking for advice. I didn't get a reply but just now a general email, from the real HIDS, came through explaining the situation.

The irony is that good old BT, put the phishing email straight into my inbox and the genuine email went into spam, although BT's usage of spam controls is a whole different thread.

MrJingles705

408 posts

85 months

Friday 25th August 2017
quotequote all
Ditto all of the above.

Details are much fresher than 5 years ago (i only bought my kit a few months ago) and whilst that CSV didn't have the password in it, doesn't meant they didn't get it ... only that they didn't need it to run their PHP so probably ommited it so as not to tip their hand.

I would still change passwords on email as a precaution and any sites you shared same password (if you did - which you really shouldn't be doing ... good a time as any to break the habit).

P.s ironically, hids4u's genuine email also went in my spammail