Page 1 of Have Santander been compromised?

General Forum

Have Santander been compromised?

RJS (undefined) posted this on Monday, 8th September 2014, 07:59

So, the other day Snaps gets an email from Halifax, and worries it's spam, which turns out to be a real email from Halifax.
Well today, in a flip-reverse-situation, I get spam email with a virus attached, and the email address is the one I only use on Santander. Which is worrying.

I use a different email address on every single website, the prefix remains the same, just the postfix changes which works great for me because it means if I start getting spam from somewhere, I know where it came from and can easily block that one email address on my server and change it on that one website (or just never visit that website again if it's clearly incapable of basic security).

So far, this has only happened with my PayPal address, which isn't surprising as a lot of sellers on eBay think that if you buy something from them, they can add you to their junk lists.

But this one today, allegedly (but obviously not really) from bhlive.co.uk, contained e-tickets (but obviously not really, it was a virus) for Peter Pan at the Bournemouth Pavilion Theatre...

...to my Santander address. The question is, how did they get this email address that I only use for my Santander online bank account?


Editor
DVD REVIEWER
MYREVIEWER.COM

My Flickr Photostream

RE: Have Santander been compromised?

r8sso (Elite) posted this on Monday, 8th September 2014, 08:49

Do these spammers guess email addresses too? i.e. do they take well known names like paul.smith and just send mails to paul.smith @hotmail, @gmail etc... in the hope they get a hit?

RE: Have Santander been compromised?

RJS (undefined) posted this on Monday, 8th September 2014, 09:24

Quote:
r8sso says...
"Do these spammers guess email addresses too? "

There was a time when they did, but these days there is no point. There are so many freely available lists from compromised systems floating about, they don't need to bother.


Editor
DVD REVIEWER
MYREVIEWER.COM

My Flickr Photostream

RE: Have Santander been compromised?

admars (Elite) posted this on Monday, 8th September 2014, 11:29

I thought they did that (email guessing) as well, as recently on another forum, some ppl started accusing the mods of hushing up a security breach as emails they only use for that forum started to receive spam. the mods assured them there had been no breach and that it was probably email guessing software.

RE: Have Santander been compromised?

RJS (undefined) posted this on Monday, 8th September 2014, 12:26

Quote:
admars says...
"the mods assured them there had been no breach and that it was probably email guessing software"

Here is the thing about forum software... it's rarely installed and used by people smart enough to discover a security breach. And a smart hacker would be in and out without a trace anyway, so the best any mod can say is, to the best of their knowledge nobody has breached their system.

Anyone that says its impossible, and definitely 100% hasn't happened, is just demonstrating their lack of knowledge about security, unless that is they've invented the first intrusion-impossible-system.

When there are huge databases of genuine email addresses floating around for dirty cheap prices, and plenty of ways to get them for free, it doesn't make sense that someone would waste time generating random combinations of names to guess addresses that will have a much lower hit rate.

Maybe somebody somewhere still does that, but I suspect if there are, and they do, they are about as clueless as the mods of the forum that assume if a few of their users start getting spammed, that this came from guessing software. :/

Unlike in the movies and 24, when someone has access to your system, big red alarms don't go off and tell you. Chances are unless you are running very sophisticated intrusion detection systems, or the person who compromises your system tells you, you'll honestly never know.


Editor
DVD REVIEWER
MYREVIEWER.COM

My Flickr Photostream

RE: Have Santander been compromised?

Blue John (Elite) posted this on Monday, 8th September 2014, 12:40

I had the bhlive email too, but to an account that I use for general stuff, ie not the private one for banking, family, etc

Seems we're not the only ones:
http://www.bournemouthecho.co.uk/news/11458780.Don_t_open_Peter_Pan_ticket_emails__warn_BH_Live_as_virus_sent_to_thousands_nationwide/?ref=var_0

Cheers

Si

My Collection (including the ones that belong to the kids!)

RE: Have Santander been compromised?

Snaps (Elite) posted this on Monday, 8th September 2014, 13:26

Have a look at the Horizon ep in the earlier thread I posted.

Covers what Rob is talking about, even gives prices asked for the info.

Snaps



My new Flash Fiction blog. All my own work
500ish




I used to be with it, but then they changed what `it` was.
Now, what I`m with isn`t it, and what`s `it` seems weird and scary

RE: Have Santander been compromised?

bandicoot (Elite) posted this on Monday, 8th September 2014, 17:01

I never use online banking as its too iffy.

RE: Have Santander been compromised?

Si Wooldridge (Reviewer) posted this on Monday, 8th September 2014, 17:47

Quote:
bandicoot says...
"I never use online banking as its too iffy."

I'll be honest, I view on-line banking in the same way...


---------

Si Wooldridge
Reviewer

http://synth.myreviewer.com

RE: Have Santander been compromised?

Peter Hill (Harmless) posted this on Tuesday, 16th September 2014, 19:42

Today (16th sept 2014) I got an E-mail straight into my Santander folder. The filter uses "to:euqinu.eman[at]ku.oc.psiym.emantsohym" address that is only used for the Santander account. So either I have been hacked or they have. Yes given the name you might guess it. This has so far identified genuine hacks on Celotex and LastFm and there have been no lucky guesses in last 6 years.

Later in filter list, any other E-mail that has Santander in the To: CC: etc gets filed in spam and forwarded as pish.

This was a demand for money - telling me that there had been previous reminders was a big fatal flaw in the pish.

We are writing to you about fact, despite previous reminders, there remains an outstanding amount of GBP 256.53 in respect of the invoice(s) contained in this letter . This was due for payment on 15 August, 2014.
Our credit terms stipulate full payment within 3 days and this amount is now 14 days overdue.The total amount due from you is therefore GBP 300.80

from
misty.puckett@ .es

links to some Japanese site (don't open this!)
NOTttp://src.esther.jp/items/agtzfmVzdGhlci1qcHIRCxIESXRlbRiAgICAoOipCgw/20140413152510/invoice_unn.html

src.esther.jp seems to be a genuine on-line clothing store.

This item was edited on Tuesday, 16th September 2014, 21:28

Go back to General Forum threads, or All Forum threads