|
 |
| | | Author: | chetzler  | | Posted: | Mar 21, 2024 10:19 | | Subject: | WARNING! Login from new device phishing emai | | Viewed: | 329 times | | Topic: | Problem | |
|
| I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
|
|
| | | | | |
| | | | | Author: | Erikmax | | Posted: | Mar 21, 2024 10:42 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 60 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
Had the same about one week ago and also placed a warning in the forum. These
warnings cannot be repeated too much and I think there must be a permanent warning
for this on the welcome page. it certainly will prevent a lot of trouble. Not
everyone reeds the forum and not everyone is aware of this.
|
|
|
| | | | | |
| | | | | Author: | UTLF | | Posted: | Mar 21, 2024 10:43 | | Subject: | (Cancelled) | | Viewed: | 57 times | | Topic: | Problem | |
|
| | (Cancelled) |
|
| | | | | | | | | |
| | | | | | | Author: | Llewyn | | Posted: | Mar 21, 2024 11:01 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 46 times | | Topic: | Problem | |
|
| In Problem, UTLF writes:
| | Somehow, a large list of Bricklink account emails was acquired within the last
few months
|
Not necessarily in the last few months, there have been waves of spam targeted
at sellers several times previously - I know I had several around April 2022
purporting to be from a genuine store here about bulk purchasing, and there were
a lot of comments from others about the same thing.
It's very easy to get sellers' emails at least, all it needs is a little
automation rather than any hacking. Every time someone sends you a contact message
enquiring about an item in your store, if they request a copy to their email
I believe it will include the seller's address. I think we all get obvious
timewaster enquiries from time to time and just dismiss them.
I'd be very curious if people with only buyer privileges have also had these
spam messages.
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | rsjarobinson | | Posted: | Mar 22, 2024 08:44 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 43 times | | Topic: | Problem | |
|
| In Problem, Llewyn writes:
| | In Problem, UTLF writes:
| | Somehow, a large list of Bricklink account emails was acquired within the last
few months
|
Not necessarily in the last few months, there have been waves of spam targeted
at sellers several times previously - I know I had several around April 2022
purporting to be from a genuine store here about bulk purchasing, and there were
a lot of comments from others about the same thing.
It's very easy to get sellers' emails at least, all it needs is a little
automation rather than any hacking. Every time someone sends you a contact message
enquiring about an item in your store, if they request a copy to their email
I believe it will include the seller's address. I think we all get obvious
timewaster enquiries from time to time and just dismiss them.
I'd be very curious if people with only buyer privileges have also had these
spam messages.
|
I am a buyer only and I have gotten several of these emails in the last several
days. I have only been on the platform for about a year so if there was a release
of emails it is fairly new.
|
|
|
| | | | | | | | | |
| | | | | | | Author: | Saitobricks.ca | | Posted: | Mar 21, 2024 11:17 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 40 times | | Topic: | Problem | |
|
| In Problem, UTLF writes:
| | This is becoming quite worrisome; what I want to know is how/when did these hackers
get access to a list of emails? Was it during the Nov. 2023 "attack"
that we were told had no sign of any hack taking place?
It's just strange how these emails are going to Bricklink users in particular,
using a false Bricklink login page - if it was a case of leaked emails on another
platform, it would be normal email spam like online casinos, "you won X gift
card or prize", etc.
Somehow, a large list of Bricklink account emails was acquired within the last
few months
How?
|
A bad buyer who has been collecting data on sellers, when they make orders.
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | UTLF | | Posted: | Mar 21, 2024 15:28 | | Subject: | (Cancelled) | | Viewed: | 47 times | | Topic: | Problem | |
|
| | (Cancelled) |
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | Author: | Saitobricks.ca | | Posted: | Mar 21, 2024 15:33 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 34 times | | Topic: | Problem | |
|
| In Problem, UTLF writes:
| | | | A bad buyer who has been collecting data on sellers, when they make orders.
|
Let me guess, Mr. Evil from Ukraine that was banned back in August? 
|
How can they know for sure that he is gone and that he was the source of ALL
the problems?
He could just put down a fake address, make a new E-mail and go by a different
user name. Not that hard to return for more trouble.
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | Author: | 1001bricks | | Posted: | Mar 21, 2024 15:34 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 44 times | | Topic: | Problem | |
|
| In Problem, UTLF writes:
| | | | A bad buyer who has been collecting data on sellers, when they make orders.
|
Let me guess, Mr. Evil from Ukraine that was banned back in August?
|
I don't think it's appropriate to mention an invaded Country, right now
in war, and BrickLink decision to merge a few parts in their Catalog.
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | Author: | UTLF | | Posted: | Mar 21, 2024 15:55 | | Subject: | (Cancelled) | | Viewed: | 45 times | | Topic: | Problem | |
|
| | (Cancelled) |
|
| | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | Author: | 1001bricks | | Posted: | Mar 21, 2024 16:13 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 41 times | | Topic: | Problem | |
|
| In Problem, UTLF writes:
| | | | I don't think it's appropriate to mention an invaded Country, right now in war, and BrickLink decision to merge a few parts in their Catalog.
|
That's not even close to what I was referring to: https://www.bricklink.com/message.asp?ID=1423027
|
Sorry, but then it's very certainly not a person from Ukraine, who
as a majority have very probably something better and more urgent to do than
attempt to hack a LEGO items site 
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | Author: | Saitobricks.ca | | Posted: | Mar 21, 2024 16:19 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 37 times | | Topic: | Problem | |
|
| In Problem, 1001bricks writes:
| | In Problem, UTLF writes:
| | | | I don't think it's appropriate to mention an invaded Country, right now in war, and BrickLink decision to merge a few parts in their Catalog.
|
That's not even close to what I was referring to: https://www.bricklink.com/message.asp?ID=1423027
|
Sorry, but then it's very certainly not a person from Ukraine, who
as a majority have very probably something better and more urgent to do than
attempt to hack a LEGO items site
|
You never know, just because he lives in Ukraine dosen't mean he is not bad.
Bad people are everywhere!
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | | | Author: | SylvainLS | | Posted: | Mar 21, 2024 16:41 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 39 times | | Topic: | Problem | |
|
| In Problem, Saitobricks.ca writes:
We don’t know that. The most we know and can say is the person who registered
chose Ukraine for the country field.
|
|
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | Author: | UTLF | | Posted: | Mar 21, 2024 16:46 | | Subject: | (Cancelled) | | Viewed: | 30 times | | Topic: | Problem | |
|
| | (Cancelled) |
|
| | | | | |
| | | | | Author: | Erikmax | | Posted: | Mar 21, 2024 10:44 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 43 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
|
Had the same about one week ago and also placed a warning in the forum. These
warnings cannot be repeated too much and I think there must be a permanent warning
for this on the welcome page. it certainly will prevent a lot of trouble. Not
everyone reads the forum and not everyone is aware of this.
| |
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
|
|
|
| | | | | |
| | | | | Author: | Saitobricks.ca | | Posted: | Mar 21, 2024 10:46 | | Subject: | Re: WARNING! Login from new device phishing email | | Viewed: | 43 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
|
That's how most get scammed, by chance they are waiting for a e-mail and
the scam shows up and they click it thinking all's good.
Double check everything! When I login from a new tab, I poke around a little
to see if it's real.
|
|
| | | | | |
| | | | | Author: | SylvainLS | | Posted: | Mar 21, 2024 11:06 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 51 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | […]
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon.
|
But what kind of “substantive action” can BrickLink take?
Buy the website names that may look like bricklink.com? The 3 millions of them
(org, .net, .«country», etc., briklink, brickslink, bricklinck, etc., brıcklınk.com¹,
briϲklink.com², etc.)?
MFA? They did that with OTP.
Mandatory OTP? They did that last week. It’s annoying and people are opting
out (like you did at first).
Send messages? They did that.
But they only talked about “brickslink” (or was it “bricklinks”?) and you almost
got caught by one of the 2,999,999 others. Should they send a list of the 3
millions possibilities?
Put a warning on the front page? One that can also be faked and diverted by
phishers?
Okay, what they could do is have a 24/7 helpdesk and quick procedures to at least
block an account… but then how do you ensure these procedures are fast and secure
and not abused? Another round of passwords and MFA? Another procedure that
can be copied / faked on a phishing website like they copied the OTP one?
In the end, phishing is a problem that can’t be avoided without the user being
diligent, without the user taking action.
———
¹ Dotless i.
² Greek sigma instead of c.
|
|
|
| | | | | | | | | |
| | | | | | | Author: | Mr_Rofl | | Posted: | Mar 21, 2024 11:16 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 44 times | | Topic: | Problem | |
|
| Maybe we can contact Pierogi from scammer payback or Jim Browning to make an
item about this kind of scam. And put the video out on the website with a warning.
I`m not saying I will not fall for it, but I always save my username and password
in my browser. If the browser does not automatically come with my credentials,
then I go in maximum save guard. Usually closing all tabs from that website and
typing in the correct url to see what is wrong with my saved credentials.
In Problem, SylvainLS writes:
| | In Problem, chetzler writes:
| | […]
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon.
|
But what kind of “substantive action” can BrickLink take?
Buy the website names that may look like bricklink.com? The 3 millions of them
(org, .net, .«country», etc., briklink, brickslink, bricklinck, etc., brıcklınk.com¹,
briϲklink.com², etc.)?
MFA? They did that with OTP.
Mandatory OTP? They did that last week. It’s annoying and people are opting
out (like you did at first).
Send messages? They did that.
But they only talked about “brickslink” (or was it “bricklinks”?) and you almost
got caught by one of the 2,999,999 others. Should they send a list of the 3
millions possibilities?
Put a warning on the front page? One that can also be faked and diverted by
phishers?
Okay, what they could do is have a 24/7 helpdesk and quick procedures to at least
block an account… but then how do you ensure these procedures are fast and secure
and not abused? Another round of passwords and MFA? Another procedure that
can be copied / faked on a phishing website like they copied the OTP one?
In the end, phishing is a problem that can’t be avoided without the user being
diligent, without the user taking action.
———
¹ Dotless i.
² Greek sigma instead of c.
|
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | Saitobricks.ca | | Posted: | Mar 21, 2024 11:26 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 31 times | | Topic: | Problem | |
|
| In Problem, Mr_Rofl writes:
| | Maybe we can contact Pierogi from scammer payback or Jim Browning to make an
item about this kind of scam. And put the video out on the website with a warning.
|
That's a fantastic idea! I watch Jim's channel and he's good!
If you have not seen Jim Browning you should see what he's got going on.
Maybe if enough of us comment on his videos about this he will look into it.
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | SylvainLS | | Posted: | Mar 21, 2024 11:27 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 44 times | | Topic: | Problem | |
|
| In Problem, Mr_Rofl writes:
| | Maybe we can contact Pierogi from scammer payback or Jim Browning to make an
item about this kind of scam.
|
Didn’t know of any of them… but I’m hungry now: https://en.wikipedia.org/wiki/Pierogi
| | And put the video out on the website with a warning.
I`m not saying I will not fall for it, but I always save my username and password
in my browser. If the browser does not automatically come with my credentials,
then I go in maximum save guard. Usually closing all tabs from that website and
typing in the correct url to see what is wrong with my saved credentials.
|
Yeah, as Chetzler said, when you wake up and see these messages, you’re not at
your best.
That’s why you need to get those checks ingrained, so the alert pops up automatically
in your brain, foggy or not.
But only you can do that.
|
|
|
| | | | | | | | | |
| | | | | | | Author: | zorbanj | | Posted: | Mar 21, 2024 11:24 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 45 times | | Topic: | Problem | |
|
| Whatever is being done for lego.com itself. I've never gotten phishing emails
related to lego.com.
In Problem, SylvainLS writes:
| |
But what kind of “substantive action” can BrickLink take?
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | Saitobricks.ca | | Posted: | Mar 21, 2024 11:27 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 29 times | | Topic: | Problem | |
|
| Your right, they don't have problems, so why do we have to suffer?
In Problem, zorbanj writes:
| | Whatever is being done for lego.com itself. I've never gotten phishing emails
related to lego.com.
In Problem, SylvainLS writes:
| |
But what kind of “substantive action” can BrickLink take?
|
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | SylvainLS | | Posted: | Mar 21, 2024 11:31 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 39 times | | Topic: | Problem | |
|
| In Problem, zorbanj writes:
| | Whatever is being done for lego.com itself. I've never gotten phishing emails
related to lego.com.
|
But is that really because LEGO did something BrickLink didn’t do?
Besides, BrickLink is being helped by LEGO’s security team.
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | Author: | macebobo | | Posted: | Mar 21, 2024 12:37 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 61 times | | Topic: | Problem | |
|
| In Problem, SylvainLS writes:
| | Besides, BrickLink is being helped by LEGO’s security team.
|
Let us hope this goes better than what "Award winning Lego support" team
is doing to help out the help desk.
|
|
| | | | | | | | | |
| | | | | | | Author: | yorbrick | | Posted: | Mar 21, 2024 12:06 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 35 times | | Topic: | Problem | |
|
| | | MFA? They did that with OTP.
Mandatory OTP? They did that last week. It’s annoying and people are opting
out (like you did at first).
|
The OTP doesn't work anyway, as the scammers can get the user to send the
OTP code to them.
|
|
| | | | | | | | | |
| | | | | | | Author: | chetzler | | Posted: | Mar 21, 2024 12:27 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 56 times | | Topic: | Problem | |
|
| In Problem, SylvainLS writes:
| | In Problem, chetzler writes:
| | […]
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon.
|
But what kind of “substantive action” can BrickLink take?
|
I don’t know, that’s above my pay grade. It’s not my job to solve the problems
of a billion dollar multinational company, but I have trouble accepting that
LEGO is powerless to do anything. As others have pointed out, this level of
insecurity in simply not found to this degree in other online arenas: not in
any of my online banking or investment portals, not in any medical billing portals,
not in any government/tax portals, not in other online marketplaces I use, not
even at LEGO.com. BrickLink stands out as a site that is starting to make me
a little nervous.
I understand the gummy spam is probably a low security concern, but it should
represent a HUGE image concern. If our brick-and-mortar business had hawkers
out front all day handing out flyers to our customers, I’d be derelict in my
duties if I wasn’t chasing them off and taking steps to make sure they didn’t
return. If I couldn’t even do that much, how much faith should our customers
have that we would address more serious concerns? It really looks like BL management
simply does not care about a public-facing piece of their website.
I do know that, at my primary business, if our customers were being inundated
with spam and fishing attempts, we’d have a lot of angry customers and that would
result in a lot of bad word of mouth around the community if we didn’t figure
out a way to rectify the situation quickly. Worse yet, if one of our employee’s
response was a bunch of excuses followed up with, “eh, what do want us to do?
You need to look out for yourself!” that employee would probably be fired and
we’d be in serious danger of going out of business.
|
|
|
| | | | | |
| | | | | Author: | Tracyd | | Posted: | Mar 21, 2024 11:42 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 52 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
I feel slighted I have none.
From a cybersecurity standpoint you never click a link in a text or an email
about suspicious activity. You go straight to how you normally access the site
and see if there is a message there, if it is legitimate, you can then do what
is needed. Even if there isn't you might consider change your password. I
keep getting texts that my bank account is in jeopardy from a bank that I haven't
had an account with for 15 years, needless to say I don't click that link.
I have even gotten texts from PayPal about a dire issue, but when I access PayPal
normally there is nothing there. Thinking before you click is always your first
action. My job sends out test phishing emails. While some look official they
are never using a correct email address and are for things that I expect to be
notified of before an email requiring action.
|
|
|
| | | | | |
| | | | | Author: | yorbrick | | Posted: | Mar 21, 2024 12:07 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 46 times | | Topic: | Problem | |
|
| | | Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
|
It must be a different one, as the .net one that goes to bricklink-com.co doesn't
really look anything like the frontpage of BL. No BDP banner, no "Browse"
box. Plus the login box is very different as it is a full page rather than a
pop-up. Also none of the buttons like "remember this login" tickbox work
if you click them.
|
|
|
| | | | | |
| | | | | Author: | randyf | | Posted: | Mar 21, 2024 13:46 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 83 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur. I have a strong feeling that a user here that was
very upset about the decisions made is having some "fun" at BrickLink's
expense.
And judging from the people who are receiving phishing emails (e.g I'm not),
the phisher is probably part of an online BrickLink group somewhere else (Facebook?
Discord?) that all of you are also part of or maybe they ordered from all of
the phishees in the past and already have all of your contact information to
use.
|
|
| | | | | | | | | |
| | | | | | | Author: | yorbrick | | Posted: | Mar 21, 2024 14:10 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 61 times | | Topic: | Problem | |
|
| In Problem, randyf writes:
| | In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur. I have a strong feeling that a user here that was
very upset about the decisions made is having some "fun" at BrickLink's
expense.
And judging from the people who are receiving phishing emails (e.g I'm not),
the phisher is probably part of an online BrickLink group somewhere else (Facebook?
Discord?) that all of you are also part of or maybe they ordered from all of
the phishees in the past and already have all of your contact information to
use.
|
I checked earlier, the .net site is about two months old and the bricklink-com.co
just two weeks. Whether it is linked to merges, I don't know. Haven't
some people mentioned high value sets being added? That suggests financial fraud
rather than just messing about.
|
|
|
| | | | | | | | | |
| | | | | | | Author: | chetzler | | Posted: | Mar 21, 2024 14:15 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 55 times | | Topic: | Problem | |
|
| In Problem, randyf writes:
| | In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur. I have a strong feeling that a user here that was
very upset about the decisions made is having some "fun" at BrickLink's
expense.
|
That feels like a stretch. The people that tend to get upset about some of BL’s
unpopular decisions (myself included) get upset because they love BrickLink.
I’d have trouble believing that one of those people would put in the time and
effort required to launch a phishing scheme that damages the thing they love
and at the same time subjects their fellow members to the collateral damage.
| |
And judging from the people who are receiving phishing emails (e.g I'm not),
the phisher is probably part of an online BrickLink group somewhere else (Facebook?
Discord?) that all of you are also part of or maybe they ordered from all of
the phishees in the past and already have all of your contact information to
use.
|
I’m not active in any online groups.
|
|
|
| | | | | | | | | |
| | | | | | | Author: | 1001bricks | | Posted: | Mar 21, 2024 14:22 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 56 times | | Topic: | Problem | |
|
| In Problem, randyf writes:
| | In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur.
|
Coincidence != causality.
There has been attempts before this, and probably hundreds we don't know
about, or thousands during those 24 yrs of BrickLink.
Apart this, hackers seem to be high on steroids; many many places including our
French Administration couple weeks ago, PayPal is asking me VERY often to 2FA
(while normally it's once per year maybe), etc.
|
|
| | | | | | | | | | | | | | |
| | | | | | | | | Author: | Saitobricks.ca | | Posted: | Mar 21, 2024 15:48 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 43 times | | Topic: | Problem | |
|
| In Problem, Admin_Russell writes:
| | In Problem, randyf writes:
| | In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur. I have a strong feeling that a user here that was
very upset about the decisions made is having some "fun" at BrickLink's
expense.
|
Interesting theory. But the scammers that caused the November 3 incident are
the same ones that caused the problems last night, and the variant merge project
was not exposed to the public before January 2024.
As much as companies tend not to boast about the number of online attacks they
receive, we do see a remarkable increase in scammer activity across the board
- throughout many companies and across different industries. To us, it does not
feel like BrickLink is being singled out.
|
Does there happen to be a plan in the works to stop this activity?
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | Author: | Admin_Russell | | Posted: | Mar 21, 2024 15:58 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 97 times | | Topic: | Problem | |
|
|
BrickLink
ID CardAdmin_Russell
|
Location:  USA, California |
| Member Since |
Contact |
Type |
Status |
| May 9, 2017 |
 |
Admin |
|
|
| BrickLink Administrator |
|
| In Problem, Saitobricks.ca writes:
| | In Problem, Admin_Russell writes:
| | In Problem, randyf writes:
| | In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur. I have a strong feeling that a user here that was
very upset about the decisions made is having some "fun" at BrickLink's
expense.
|
Interesting theory. But the scammers that caused the November 3 incident are
the same ones that caused the problems last night, and the variant merge project
was not exposed to the public before January 2024.
As much as companies tend not to boast about the number of online attacks they
receive, we do see a remarkable increase in scammer activity across the board
- throughout many companies and across different industries. To us, it does not
feel like BrickLink is being singled out.
|
Does there happen to be a plan in the works to stop this activity?
|
Yes. In fact, most of what is being done to prevent this type of fraud is being
done behind the scenes, and BrickLink members are not aware that it is happening.
|
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | Author: | Saitobricks.ca | | Posted: | Mar 21, 2024 16:03 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 48 times | | Topic: | Problem | |
|
| In Problem, Admin_Russell writes:
| | In Problem, Saitobricks.ca writes:
| | In Problem, Admin_Russell writes:
| | In Problem, randyf writes:
| | In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur. I have a strong feeling that a user here that was
very upset about the decisions made is having some "fun" at BrickLink's
expense.
|
Interesting theory. But the scammers that caused the November 3 incident are
the same ones that caused the problems last night, and the variant merge project
was not exposed to the public before January 2024.
As much as companies tend not to boast about the number of online attacks they
receive, we do see a remarkable increase in scammer activity across the board
- throughout many companies and across different industries. To us, it does not
feel like BrickLink is being singled out.
|
Does there happen to be a plan in the works to stop this activity?
|
Yes. In fact, most of what is being done to prevent this type of fraud is being
done behind the scenes, and BrickLink members are not aware that it is happening.
|
What percentage of spam would you say has been stopped behind the scenes?
|
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | Author: | popsicle | | Posted: | Mar 21, 2024 19:13 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 60 times | | Topic: | Problem | |
|
| In Problem, Admin_Russell writes:
| | In Problem, Saitobricks.ca writes:
| | In Problem, Admin_Russell writes:
| | In Problem, randyf writes:
| | In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur. I have a strong feeling that a user here that was
very upset about the decisions made is having some "fun" at BrickLink's
expense.
|
Interesting theory. But the scammers that caused the November 3 incident are
the same ones that caused the problems last night, and the variant merge project
was not exposed to the public before January 2024.
As much as companies tend not to boast about the number of online attacks they
receive, we do see a remarkable increase in scammer activity across the board
- throughout many companies and across different industries. To us, it does not
feel like BrickLink is being singled out.
|
Does there happen to be a plan in the works to stop this activity?
|
Yes. In fact, most of what is being done to prevent this type of fraud is being
done behind the scenes, and BrickLink members are not aware that it is happening.
|
Makes sense. That being the case however, would not this suggestion slide perfectly
into the space between understandings: https://www.bricklink.com/message.asp?ID=1460563
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | randyf | | Posted: | Mar 21, 2024 16:02 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 54 times | | Topic: | Problem | |
|
| In Problem, Admin_Russell writes:
| | In Problem, randyf writes:
| | In Problem, chetzler writes:
| | I don’t know why BrickLink has suddenly become such a juicy target.
|
All of it started fairly shortly after all of the extremely unpopular part merges
started to actually occur. I have a strong feeling that a user here that was
very upset about the decisions made is having some "fun" at BrickLink's
expense.
|
Interesting theory. But the scammers that caused the November 3 incident are
the same ones that caused the problems last night, and the variant merge project
was not exposed to the public before January 2024.
As much as companies tend not to boast about the number of online attacks they
receive, we do see a remarkable increase in scammer activity across the board
- throughout many companies and across different industries. To us, it does not
feel like BrickLink is being singled out.
|
Good to know. Let's just hope that our beloved BrickLink can make it through
largely unscathed. I am sure I am not the only one that doesn't want a repeat
of November 2023 to happen, but everytime someone falls for one of these things,
we get closer to that happening again. I do feel bad for those getting targeted,
but people need to be cautious.
|
|
|
| | | | | | | | | |
| | | | | | | Author: | cosmicray | | Posted: | Mar 21, 2024 16:45 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 58 times | | Topic: | Problem | |
|
| In Problem, randyf writes:
| | And judging from the people who are receiving phishing emails (e.g I'm not),
the phisher is probably part of an online BrickLink group somewhere else (Facebook?
Discord?) that all of you are also part of or maybe they ordered from all of
the phishees in the past and already have all of your contact information to
use.
|
I have not received these phishing emails. That said, I am not a member of any
online BL groups, other than reddit, where I visit infrequently. So there may
be something to this theory.
Nita Rae
|
|
| | | | | | | | | |
| | | | | | | Author: | waltzking | | Posted: | Mar 21, 2024 19:16 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 62 times | | Topic: | Problem | |
|
| As someone not in any LEGO groups (or at least not using my BL email address),
and am still getting the scam emails, I am certain it related to either the hack
or fake contact/orders on BL that can harvest seller emails. Had a lot of these
orders, immediate cancel request, and no contact there after a few months back.
I know it was to phish my seller info as often as the pattern was repeated exactly.
But even messages we reply to can do this as the system still lonks our email
to those. It really should not do this unless an order is placed, or even confirmed
as paid by the system (instant or seller marked). Simply put, contact info should
remain better protected until a transaction is deemed legit. BL is largely an
open book for all seller info if the party wanting to phish it knows how the
site works.
Waltzking
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | chetzler | | Posted: | Mar 21, 2024 19:34 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 66 times | | Topic: | Problem | |
|
| In Problem, waltzking writes:
| | As someone not in any LEGO groups (or at least not using my BL email address),
and am still getting the scam emails, I am certain it related to either the hack
or fake contact/orders on BL that can harvest seller emails. Had a lot of these
orders, immediate cancel request, and no contact there after a few months back.
I know it was to phish my seller info as often as the pattern was repeated exactly.
But even messages we reply to can do this as the system still lonks our email
to those. It really should not do this unless an order is placed, or even confirmed
as paid by the system (instant or seller marked). Simply put, contact info should
remain better protected until a transaction is deemed legit. BL is largely an
open book for all seller info if the party wanting to phish it knows how the
site works.
Waltzking
|
Is there any need at all for buyers/sellers to see each other's email contact
info even on legitimate orders? Maybe I've been using instant checkout and
the pay now button for so long I have forgotton, but it has been a while since
a buyer has made a payment directly to my email address. Since BrickLink implemented
sales tax collection, all (at least all of my) payments are negotiated through
PayPal Marketplace.
Maybe other payment methods require an email address.
I know some people send photos via email (if only we could attach photos to a
BL message!).
I'd be perfectly happy to have "public-facing email address" be an
option that I can enable/disable at will.
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | Author: | waltzking | | Posted: | Mar 21, 2024 20:06 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 60 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | In Problem, waltzking writes:
| | As someone not in any LEGO groups (or at least not using my BL email address),
and am still getting the scam emails, I am certain it related to either the hack
or fake contact/orders on BL that can harvest seller emails. Had a lot of these
orders, immediate cancel request, and no contact there after a few months back.
I know it was to phish my seller info as often as the pattern was repeated exactly.
But even messages we reply to can do this as the system still lonks our email
to those. It really should not do this unless an order is placed, or even confirmed
as paid by the system (instant or seller marked). Simply put, contact info should
remain better protected until a transaction is deemed legit. BL is largely an
open book for all seller info if the party wanting to phish it knows how the
site works.
Waltzking
|
Is there any need at all for buyers/sellers to see each other's email contact
info even on legitimate orders? Maybe I've been using instant checkout and
the pay now button for so long I have forgotton, but it has been a while since
a buyer has made a payment directly to my email address. Since BrickLink implemented
sales tax collection, all (at least all of my) payments are negotiated through
PayPal Marketplace.
Maybe other payment methods require an email address.
I know some people send photos via email (if only we could attach photos to a
BL message!).
I'd be perfectly happy to have "public-facing email address" be an
option that I can enable/disable at will.
|
Indeed, there is very little reason it needs to be shared at all. eBay and Amazon
(and other sites too) never share seller address with a buyer, and especially
not their emails. Email addresses can be handy at times (pics, custom instruction
files, etc.), but should be a voluntary thing to give, not granted without our
active consent to each case. It is a BIG security issue (and one I've brought
up to support numerous times) and what leads to all the recent spam and phishing.
If such non-imperative info was hidden, there would be no way to harvest it
for these attacks, baring an actual database hack. Sadly it all seems to fall
on def ears with the community suffering the consequences.
Waltzking
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | Author: | randyf | | Posted: | Mar 22, 2024 03:06 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 57 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | In Problem, waltzking writes:
| | As someone not in any LEGO groups (or at least not using my BL email address),
and am still getting the scam emails, I am certain it related to either the hack
or fake contact/orders on BL that can harvest seller emails. Had a lot of these
orders, immediate cancel request, and no contact there after a few months back.
I know it was to phish my seller info as often as the pattern was repeated exactly.
But even messages we reply to can do this as the system still lonks our email
to those. It really should not do this unless an order is placed, or even confirmed
as paid by the system (instant or seller marked). Simply put, contact info should
remain better protected until a transaction is deemed legit. BL is largely an
open book for all seller info if the party wanting to phish it knows how the
site works.
Waltzking
|
Is there any need at all for buyers/sellers to see each other's email contact
info even on legitimate orders? Maybe I've been using instant checkout and
the pay now button for so long I have forgotton, but it has been a while since
a buyer has made a payment directly to my email address. Since BrickLink implemented
sales tax collection, all (at least all of my) payments are negotiated through
PayPal Marketplace.
Maybe other payment methods require an email address.
I know some people send photos via email (if only we could attach photos to a
BL message!).
I'd be perfectly happy to have "public-facing email address" be an
option that I can enable/disable at will.
|
You have some very good points here. The whole communication architecture on
BrickLink is definitely in need of some upgrades. They may want to start looking
into it sooner rather than later.
For example, every transaction I have on eBay has everything done through the
eBay platform. There is never any communication outside of the platform between
myself and anyone that I purchase something from. In that way, the user on the
other end remains completely anonymous. It would be a good model to look into.
|
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | Author: | yorbrick | | Posted: | Mar 22, 2024 03:21 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 60 times | | Topic: | Problem | |
|
| | |
You have some very good points here. The whole communication architecture on
BrickLink is definitely in need of some upgrades. They may want to start looking
into it sooner rather than later.
For example, every transaction I have on eBay has everything done through the
eBay platform. There is never any communication outside of the platform between
myself and anyone that I purchase something from. In that way, the user on the
other end remains completely anonymous. It would be a good model to look into.
|
That is partly so they can monitor communication and partly (probably mostly)
to stop deals being done outside of eBay. Anonymity is just a by-product. Here,
any businesses selling on ebay (or elsewhere) are required to have their identity
and address shown before a buyer decides to buy.
|
|
|
| | | | | |
| | | | | Author: | pashah | | Posted: | Mar 21, 2024 14:20 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 66 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
It would be great if BrickLink allowed sellers to have multiple emails on file:
- a public-facing email with which to contact customers (when sending/receiving
pictures, etc.)
- a non-public-facing email used for two-factor authentication and for seller
account admin purposes (including log in notifications). it makes no sense to
have two-factor authentification if the public-facing email is exposed in a phishing
attack
|
|
|
| | | | | |
| | | | | Author: | cosmicray | | Posted: | Mar 21, 2024 16:55 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 79 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
|
There are a couple of takeaways from that ... first, steer away from the need
to reply IMMEDIATELY to anything you see prior to your first cup of java, tea,
or whatever. Second, do not trust any link that comes in an email, unless a site
is sending you a validation link, has told you it was just sent, and you just
received it. Everything else, including smishing attempts within SMS texts should
be considered suspect dangerous, and unreliable.
The whole paradigm of social engineering attacks is to make you react without
thinking it all the way thru. Take the slow paranoid path, log into the site
using a known good bookmark, and ignore any links that come via dangerous paths
(no matter how real they appear).
Nita Rae
|
|
|
| | | | | |
| | | | | Author: | CCBricks | | Posted: | Mar 21, 2024 21:12 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 51 times | | Topic: | Problem | |
|
| Well, I'll be one of the first to say that I did click the link. I noticed
the .com.co and knew something wasn't right. I'm not happy
with myself, but I immediately went in and changed the password...three times.
I'm going to say that I got lucky (extremely) and caught it at the right
time.
I did a download of my inventory with BrickStore to compare totals. This is what
I found: the total number of items (parts) is off by 4 and the dollar amount
is off by $2.56. This is possibly due to a couple of lots that I have retained
that are not zeroed out. I also looked at the "newest items" to see
if any were added, which I can confirm nothing was added. I also verified the
lot totals were correct (main store and stock rooms).
I strongly suggest every seller download BrickStore and performing a back up,
especially each day, or after sales. I usually do one a day. It is super easy
to "jump the gun" as I did, and it caught me off guard.
Hopefully BrickLink will post a banner on the main page to warn EVERY user about
this. As of this post, I didn't see anything, so BL should jump on the ball,
like yesterday.
Brian
In Problem, chetzler writes:
| | I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
|
|
|
| | | | | | | | | |
| | | | | | | Author: | 1001bricks | | Posted: | Mar 21, 2024 21:22 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 60 times | | Topic: | Problem | |
|
| In Problem, CCBricks writes:
| | Well, I'll be one of the first to say that I did click the link. I noticed
the .com.co and knew something wasn't right. I'm not happy
with myself, but I immediately went in and changed the password...three times.
I'm going to say that I got lucky (extremely) and caught it at the right
time.
|
Thanks to be honest!
You've got a pretty quick and sane reaction, that's VERY fine, congratulations!
Remember to check if you used this pass somewhere else, and then change it there...
| | I did a download of my inventory with BrickStore to compare totals. This is what
I found: the total number of items (parts) is off by 4 and the dollar amount
is off by $2.56. This is possibly due to a couple of lots that I have retained
that are not zeroed out. I also looked at the "newest items" to see
if any were added, which I can confirm nothing was added. I also verified the
lot totals were correct (main store and stock rooms).
|
Yes, also some parts may be in the 10 min checkout "reservation" and/or
minor glitches.
As you said a $2 discrepency (I'm sure you can explain later on) isn't
a problem.
| | I strongly suggest every seller download BrickStore and performing a back up,
especially each day, or after sales. I usually do one a day.
|
Absolutely - I repeat it like every week in forum, but hey?
And/or, at the MINIMUM download your Inventory in XML, as BrickStore can open
it later on:
https://www.bricklink.com/invExcel.asp
| | Hopefully BrickLink will post a banner on the main page to warn EVERY user about
this.
|
Yep, but for this we'd need an internal Notification system...
That is VERY needed in fact and IMO.
|
|
|
| | | | | |
| | | | | Author: | Hardstone | | Posted: | Mar 22, 2024 07:39 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 51 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
I almost feel tempted to mess with these people a bit by following the link,
then entering "BIGSC" as the username and "AMMER" as the password.
Maybe even submitting random jumbles of letters, numbers, and quotation symbols
as both the username and password.
|
|
|
| | | | | | | | | |
| | | | | | | Author: | yorbrick | | Posted: | Mar 22, 2024 09:32 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 68 times | | Topic: | Problem | |
|
| | | I almost feel tempted to mess with these people a bit by following the link,
then entering "BIGSC" as the username and "AMMER" as the password.
Maybe even submitting random jumbles of letters, numbers, and quotation symbols
as both the username and password.
|
I did a few yesterday with fake details. They instantly ask you for the OTP once
you have entered the account details, so presumably they are not being read by
a human but just automatically scraped and submitted to bricklink to generate
the OTP passcode request to be sent to your email, which the scammed user is
then meant to give to the scammer through their website.
|
|
| | | | | |
| | | | | Author: | rainbowmist | | Posted: | Mar 22, 2024 18:53 | | Subject: | Re: WARNING! Login from new device phishing emai | | Viewed: | 64 times | | Topic: | Problem | |
|
| In Problem, chetzler writes:
| | I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
Had one last night and it went right to my spam folder. Could tell right away
it was not from Bricklink.
|
|
|
|
|
|
Netherlands, Zuid-Holland
Canada, British Columbia
United Kingdom, England
France, Provence-Alpes-Côte d'Azur
