Discussion Forum: Problem: Message 1460705
 Previous Message   Next Message 
 Author: Hardstone View Messages Posted By Hardstone
 Posted: Mar 22, 2024 07:39
 Subject: Re: WARNING! Login from new device phishing emai
 Viewed: 54 times
 Topic: Problem
Cancel Message
Cancel
Reply to Message
Reply
BrickLink
ID Card

Hardstone (118)

Location:  USA, Florida
Member Since Contact Type Status
May 10, 2013 Contact Member Buyer
Buying Privileges - OK
In Problem, chetzler writes:
  I had a couple of these this in my inbox this morning. They looked completely
legitimate. I did login in to BL from my work computer yesterday. When I have
logged in from work before, I have never gotten an email like this, but I thought
that maybe it was a new security feature.

Anyway, with a very official looking email in hand, I clicked the suggested logout
from all devices link and had just about entered my credentials in the new window
to log back in when I noticed two minor things that seemed just a bit off. I
won’t mention those things in case the fraudsters are reading. I looked at the
URL and it was very close to BrickLink’s (it was not the .net one that was mentioned
before). Needless to say, I immediately changed my PW and reenabled the one-time
PIN (I had turned it off because I was being repeatedly prompted for a new PIN
over very short time spans even when I hadn’t logged out). I’ll also be downloading
my inventory

BE DILIGENT! I’m a pretty suspicious person when it comes to online activity,
but, in my groggy state when I woke up this morning, I almost fell for a phishing
scheme presented as a very authentic looking email.

I don’t know why BrickLink has suddenly become such a juicy target. These people
have no hope of accessing any of my monetary accounts. I assume the goal is
to gain access to a legitimate shop so they can list high-dollar items to scam
other members.

I don’t envy the task that management has ahead of them, but they need to take
some substantive action soon. This is not a primary income stream for me, so
at some point, when all the gummy spam, phishing attempts, and slow helpdesk
response times become too much, I may simply close my store for a while. I don’t
need the extra headache of worrying about online security for a part-time job.
Had I fallen victim to this phishing attempt, I’m really not sure how much effort
I would have put into trying to recover my account. BrickLink just feels like
a dicier selling proposition lately.

I almost feel tempted to mess with these people a bit by following the link,
then entering "BIGSC" as the username and "AMMER" as the password.
Maybe even submitting random jumbles of letters, numbers, and quotation symbols
as both the username and password.

Message is in Reply To:

View Thread WARNING! Login from new device phishing emai - chetzler (2352)
I had a couple of these this in my inbox this morning. They looked completely legitimate. I did login in to BL from my work computer yesterday. When I have logged in from [...]
(3 months ago, Mar 21, 2024, to Problem)

Message Has 1 Reply:

View Thread Re: WARNING! Login from new device phishing emai - yorbrick (1185)
[...] I did a few yesterday with fake details. They instantly ask you for the OTP once you have entered the account details, so presumably they are not being read by a human [...]
(3 months ago, Mar 22, 2024, to Problem)

51 Messages in this Thread.
(Message tree supressed because there are more than 50 messages in this thread)
show message tree

 Previous Message   Next Message 

Entire thread on one page
This message and all its replies on one page