Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Email Phishing or Xtra Account Password Hack?
outdoorsnz

674 posts

Ultimate Geek


#316014 8-Sep-2024 15:15
Send private message

Helping a friend via phone (not in person) on this.

 

So many related parties received the classic phishing email, "Sorry to ask, do you have a free moment over email? Please let me know! " from this person, and judging from the phone calls, quite a few have fallen for this already!!!

 

i.e. reported to them that friends received call from the warehouse assuming for gift card purchases etc.

 

I've looked at the source of the email and it looks like any other xtra email, mailed using Open-Xchange Mailer v7.10.6-Rev67

 

Assuming this is all spoofed using database from past hacks and they are being targeted.

 

We went through with them what emails have you recently view and links clicked etc, and only thing that came up was they thought they received an email from spark (or xtra) that mentioned something about being with them for a long time and program needs updating, and they clicked on an update button that did nothing. Which to me is a red flag.

 

They assure me no passwords etc were passed over.

 

The question is, has their xtra email account password been hacked or all 100% just been spoofed?

 

What would be the best advice here?

 

     

  1. Reset iphone / ipad?
  2. Change xtra account password
  3. Def call the bank and reset details there
  4. Change email address as guessing they will be on the target list

 

Thanks

Filter this topic showing only the reply marked as answer Create new topic
Goosey
2793 posts

Uber Geek

Subscriber

  #3280048 8-Sep-2024 17:28
Send private message

Yes to 1 & 2

 

unsure what relevance #3 would have?

 

as for 4, get them to get themselves a Gmail or outlook account and start the process of updating all services and subscriptions they have to point to that new email and for the added benefit, change their passwords for those services or subscriptions at the same time.

 

 

 

they don’t have to try and do this asap…just try one or two services and subscriptions a week until it’s done.

 

 

 

 



blu3max
3 posts

Wannabe Geek


  #3280657 10-Sep-2024 13:07
Send private message

Yeah we have just come across the same email client (Open Xchange) and exact same message on another xtra email account today.

 

 

 

Breach, guessed password, or spoofing?

 

 

 

It appears to be automated and in an info gathering stage.

richms
28064 posts

Uber Geek

Trusted
Lifetime subscriber

  #3280677 10-Sep-2024 14:34
Send private message

We had one with the same opening from an xtra address a couple of weeks back. When the staff replied saying how can I help, the reply was blocked and when looked at was a gift card buying scam one. Didnt even pretend to be from anyone here,




Richard rich.ms



outdoorsnz

674 posts

Ultimate Geek


  #3280955 11-Sep-2024 14:33
Send private message

This wasn't a PW account hack. Most likely clicked on email link and exposed through the active email session. Resolved now.

 

Good reminder, don't trust any email and don't click the link...

 

Thanks

richms
28064 posts

Uber Geek

Trusted
Lifetime subscriber

  #3288495 1-Oct-2024 11:00
Send private message

Another..

 

 

 

From: XXXXX <XXXXXX@xtra.co.nz> 
Sent: Saturday, 28 September 2024 2:46 PM
Subject: Keeping in touch :)

 

________________________________________
This Email is From an External Sender.                                        
________________________________________
This message came from outside your organization.Please be careful clicking links and opening attachments if you don't know this sender. Please report suspicious emails to the IT department.
________________________________________
-- 
Hello. I have a very important issue which I'll like you to help me out. 
Sorry to ask, do you have a free moment over email? Please let me know! 
Thanks 
  
XXXXX




Richard rich.ms

SirHumphreyAppleby
2838 posts

Uber Geek


  #3288499 1-Oct-2024 11:22
Send private message

outdoorsnz:

 

Good reminder, don't trust any email and don't click the link...

 

 

Verify the source of the e-mail before clicking the link.

rhy7s
616 posts

Ultimate Geek


  #3292992 4-Oct-2024 15:23
Send private message

outdoorsnz:

 

This wasn't a PW account hack. Most likely clicked on email link and exposed through the active email session. Resolved now.

 

Good reminder, don't trust any email and don't click the link...

 

Thanks

 

 

Just had one of these from a friend on Xtra. Can I get some more clarification on the details above? The scammer receives a reply sent to the Xtra address but then reaches out with the gift card scam from a Gmail account with the same username as the Xtra account. Do they have a session open to the Xtra account without having gained access to the password? Or have set up forwarding during the compromised session?

 
 
 
 

Shop now on AliExpress (affiliate link).
daveymg
20 posts

Geek


  #3309379 15-Nov-2024 14:12
Send private message

I've dealt with a few of these lately. The attacker appears to gain access to the xtra mailbox and sets a forward to a gmail address setup with the same username. They also change recovery info so the xtra user can't reset the pasword online and has to get resolution via the helpdesk.

 

I've just had a repeat email from someone who was previously hacked and has been through the process of changing the password etc. No idea though as to how the hack is being repeated.

Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

Logitech G522 Gaming Headset Review
Posted 18-Jun-2025 17:00

Māori Artists Launch Design Collection with Cricut ahead of Matariki Day
Posted 15-Jun-2025 11:19

LG Launches Upgraded webOS Hub With Advanced AI
Posted 15-Jun-2025 11:13

One NZ Satellite IoT goes live for customers
Posted 15-Jun-2025 11:10

Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00

Suunto Run Review
Posted 10-Jun-2025 10:44

Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50

HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40

Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06

Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57

AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55

Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14

New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08

Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04

Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright