NatWest : Helpful Banking
Dear Valued Member ;
To prevent unauthorized access to your accounts, your online service has been temporarily locked. No further log in attempts will be accepted.
This is a procedure that automatically occur when an invalid information is submitted during the log in process.
Please follow the provided steps below to confirm your identity
and restore your online access:
© Legal Info – Security
© 2005-2012 National Westminster Bank Plc
This is a standard NatWest phish. It doesn't originate from Cableforum.co.uk or its servers, but it is sent to an address ONLY used for Cableforum, so it must have leaked out somehow.
So.. dutifully I pop across to Cableforum.co.uk and (changing my password en route) find the appropriate forum. It seems that the problem has already been spotted:
Here's one example:
So I received this email today:
Date: Fri, 2 Nov 2012 10:15:08 -0400
From: NatWest Online [email@example.com]
Subject: Please Review Your Contact Details!!!
Dear Valued Member ;
To prevent unauthorized access to your accounts, your online service has been
+temporarily locked. No further log in attempts will be accepted.
The email was sent to an address I've only used to register on Cable Forum and is a series of random characters that spammers wouldn't just 'guess'. Just wondering if anyone else has had this email?
That's odd. That's exactly the same as me. And then there's another one:
I had two emails sent to both the addresses registered here on Cable Forum. Not sure why the earlier thread was so hastily closed?
Slightly off topic, why can I not edit my email address here?
When I attempt to change it I get this: The email address you entered is already in use. If you have forgotten your password, please click here.
I have not forgotten my password, I was trying to change it as well as my email.
These are very precise reports from people using unique sign-on addresses. You'd think that would be pretty good evidence. So, armed with that you'd expect a concerned "we'll look into it" response. But instead the replies are:
Spammers don't "pick" anything. Their software generates emails at random and, yes, that includes strings_of_gibberish @yourdomain.and
This site has not sold your email address.
This site has not been hacked, cracked or compromised.
Threads of the same topic that have been closed should not be re-opened/re-created no matter what the circumstances are.which prompted a response from the original reporter:
This issue cropped up several months ago and I will repeat what was said then...
We do not believe our systems have been compromised. There was no evidence to suggest an intrusion or breach took place. If anyone has any *Strong* Evidence to suggest other wise then contact us using the contact link below.
The only spam I had was today, didn't have any earlier. I did get an explanation from the mod that closed it about how he didn't feel the thread was useful and that it would attract unwanted replies. But I think preventing people from discussing the issue stinks of a cover up (whether it is or not).What's worse is that this isn't the first time that this has been reported. Here's another one:
It would be much better to at least post a link to that thread, or some sort of explanation of what they think is happening rather than a dismissive knee-jerk response that it didn't happen when three people have claimed to receive the same email (and Osem says it happened before). All I want is an explanation about what happened and a promise that security of MY data is important but I don't feel like I'm getting that.
Today I received a not-so-subtle phishing email pretending to come from Santander, sent to my one-off email address associated with my cableforum account. I registered my account in 2009 and it's the first time I get spam/phish on this address. I don't really care if CF was hacked since I used a unique pw/email, but maybe a warning to other users would be the polite thing to do...
But going back even further shows this thread with a lot of evidence that an email address leak has occured. One person who seems to know their stuff points:
Your database has been dumped and the damage is done as far as spam is concerned
now the question is are you
1) going to stick your head in the sand and thow around accusations
2) man up and fix the problem
One of the Cableforum team shows just how far they can bury their head in the sand
But seriously, all in all, getting back to the main issue, there is about 5 people receiving it to their CF registered e-mail address and reporting it here so far. Co-incidence, yes but a very weak one.How many people do you think use unique emails for each site? Not many. That sort of evidence is very, very strong.. especially with multiple reports. That comment got this withering rebuke:
It's not a co-incidence at all. The emails are clearly of the same content and arrived within a small interval of each other and to CF-specific registered email addresses. If you're saying this is purely by chance and that all these email addresses were just "guessed" up by some automated program, then you're in denial.But another member of the CF team shows that they just don't understand it at all:
Given the extremely weak evidence provided and this appearing to only affect a very small number of members i.e less than 10, we do not believe that our systems have been breached and as a result we believe this to be the actions of brute force spamming.Really? All these people with unique email addresses report the same spam. And it just gets dismissed?
But if you have the same problem.. forget it. All threads have been closed, creating new threads on the matter has been banned. In denial much?
Clearly there has been a problem for several months, although it isn't clear when such an address leak occurred or what data was taken with it. You should always assume that the passwords have been compromised and change it, plus change it anywhere that you re-use the same password.
Sadly, crap like this happens to good websites. And the best way to deal with it is to be honest and 'fess up so that members can act accordingly. Nobody likes to think that there site has been compromised, but in this case it clearly has been to some unknown extent.
I emailed Cableforum.co.uk to advise them (since new forum threads are banned). Let's see if I get a response..
Update: and other incidents are here and here.. so this isn't really an isolated problem.
Update 2: predictably, raising the issue just gets the thread closed with the phrase "There is nothing to discuss and I am not interested in wild theories and stupid accusations that some how there is a cover up." Which just shows that there is a cover up..
Update 3: and what is really ridiculous is that Cableforum mods are denying it, despite the fact that their site was recently hacked. And it isn't the first time, either.