Author: | CCBricks | Posted: | Mar 21, 2024 21:12 | Subject: | Re: WARNING! Login from new device phishing emai | Viewed: | 53 times | Topic: | Problem | |
|
| Well, I'll be one of the first to say that I did click the link. I noticed
the .com.co and knew something wasn't right. I'm not happy
with myself, but I immediately went in and changed the password...three times.
I'm going to say that I got lucky (extremely) and caught it at the right
time.
I did a download of my inventory with BrickStore to compare totals. This is what
I found: the total number of items (parts) is off by 4 and the dollar amount
is off by $2.56. This is possibly due to a couple of lots that I have retained
that are not zeroed out. I also looked at the "newest items" to see
if any were added, which I can confirm nothing was added. I also verified the
lot totals were correct (main store and stock rooms).
I strongly suggest every seller download BrickStore and performing a back up,
especially each day, or after sales. I usually do one a day. It is super easy
to "jump the gun" as I did, and it caught me off guard.
Hopefully BrickLink will post a banner on the main page to warn EVERY user about
this. As of this post, I didn't see anything, so BL should jump on the ball,
like yesterday.
Brian
In Problem, chetzler writes:
| I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.
Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory
BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.
I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.
I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.
|
|
|
Message is in Reply To: Message Has 1 Reply: 51 Messages in this Thread. (Message tree supressed because there are more than 50 messages in this thread) show message tree
Entire thread on one page This message and all its replies on one page
|
|