PlanetCatfish.com

I have recently received several phishing emails to an address used only on this website. May I ask that you check your security?

Biscuit wrote:I have recently received several phishing emails to an address used only on this website. May I ask that you check your security?

We take security seriously. We use the commonly used PHPBB forum software for our forum / user authentication functions and this is always patched to the latest release. Our live database (which holds the email addresses used to register) can only be connected to from a limited range of IP addresses. I don't think the email address is made readable anywhere within PHPBB unless you select the option to show it (e.g. your profile page).

I also assume you are using no public WiFi / secure email transports etc?

So, I am unsure how the email address is being used.

One thought is it could be a guess. Users using cotse.net may be more susceptible to phishing emails due to their sense of protection and so if I was a scumbag phisher then I'd target it. Might be an idea to have an email that's not guessable? PlanetCatifsh figures highly in search engine rankings, so it's possible that the email address was just simply constructed.

However, I'd like to have a deeper look into it if you don't mind? Could you forward one of the emails to me at [email protected]?

Cheers,

Jools

Sent to your email as requested.

My email got bounced back - due to phishing.

Original Phishing email headers (my email address xxx out):

Return-Path: <[email protected]>
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0 tests=FORGED_OUTLOOK_HTML,
FORGED_OUTLOOK_TAGS,HEADER_FROM_DIFFERENT_DOMAINS,HTML_IMAGE_ONLY_24,
HTML_MESSAGE,INVALID_MSGID,MIME_HTML_ONLY,RP_MATCHES_RCVD,T_REMOTE_IMAGE
Received: from cpanel04.myhostcenter.com (cpanel04.myhostcenter.com [199.204.248.104])
by mailhost.cotse.com (8.14.8/8.14.5) with ESMTP id s5BCrcW7057977
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <[email protected]>; Wed, 11 Jun 2014 08:53:38 -0400 (EDT)
(envelope-from [email protected])
Received: from greatwes by cpanel04.myhostcenter.com with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1Wui1u-000AK5-Ab
for [email protected]; Wed, 11 Jun 2014 08:53:26 -0400
To: [email protected]
Subject: Online and Mobile Banking Commitment
From: Santander UK plc <[email protected]>
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
Content-Transfer-encoding: 8bit
Reply-To: Santander UK plc <>
Message-ID: <b64ca9bfa2918edfde8309ed6014512a@>
X-Priority: 1
X-MSmail-Priority: High
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Date: Wed, 11 Jun 2014 08:53:26 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel04.myhostcenter.com
X-AntiAbuse: Original Domain - xxx.cotse.net
X-AntiAbuse: Originator/Caller UID/GID - [33013 32009] / [47 12]
X-AntiAbuse: Sender Address Domain - cpanel04.myhostcenter.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/greatwes/public_html/mmiler.php
X-Source-Dir: forresttoolanddie.com:/public_html
X-Cotse-Filters: Default delivery, no intercepts, 0 tags added

Thanks, OK, nothing useful in there. So, I can't really say if the email address was harvested or created. Is there anything else, specifically, you'd like us to check out?

Cheers,

Jools

I suppose Jools, that the proof of the pudding would be whether anyone else received the same type of spam. However they'd only probably notice if they used tracking email addresses. Because of my systems, it's very rare that I get spam, hence why it's noticeable to me to receive anything like this.