Important: Recent Suspicious Messages to Sellers
Mark Rosenberg
Staff
We have recently become aware, that earlier today, an individual had created multiple accounts on our website, with the intention of messaging individual Sellers, indicating that they were having issues with a (non-existent) order. Furthermore, this individual indicated to the Sellers in question that they had contacted HipStamp Support, and HipStamp Support provided them with a zip file of screenshots of the order in question.
Please be advised that this individual is acting maliciously, and the information being provided by this individual is false. Furthermore, the URL which purports to have a zip file which needs to be downloaded - should absolutely not be downloaded - as the URL in question (hipstamp-support.com) is not owned or operated in anyway by HipStamp. If you have received a similar message as described, please ignore the message, and do not attempt to download any files from this individual, as we do not believe it is safe to do so.
We have contacted the domain registrar in question and asked that this domain name be deactivated. We have also de-activated the accounts this individual has opened with us, deleted the messages in question, and are taking further action to protect our Sellers and community. We will post further updates on this issue within our forums.
Please be advised that this individual is acting maliciously, and the information being provided by this individual is false. Furthermore, the URL which purports to have a zip file which needs to be downloaded - should absolutely not be downloaded - as the URL in question (hipstamp-support.com) is not owned or operated in anyway by HipStamp. If you have received a similar message as described, please ignore the message, and do not attempt to download any files from this individual, as we do not believe it is safe to do so.
We have contacted the domain registrar in question and asked that this domain name be deactivated. We have also de-activated the accounts this individual has opened with us, deleted the messages in question, and are taking further action to protect our Sellers and community. We will post further updates on this issue within our forums.
Comments
Just a quick update:
- Any of the original messages on HipStamp have since been removed (although obviously we can not remove the original email copies any Seller may have received).
- We have sent out an email to all Sellers notifying them of the information we previously posted in this thread.
- We have now taken a series of additional steps to prevent similar behavior from malicious individuals in the future.
Being a Mac user for the last 4 years, I have never had an anti virus on my system (although I keep some add-ons on my web browser, such as trafic light, wot, etc... that detect malware on internet pages and are meant to protect against fake web sites, etc...) Anyway, because I had opened the files and seen this JS java script run, I was a little worried about what it had done, and after changing all my passwords, etc... I have paid for and installed Norton for Mac, and I have now run a full scan of my computer - 100s of thousands of files scanned - Well, after a whole night running it has found not a single threat or malware, or virus on my computer, not even the odd tracking cookie. This, after 4 years using the computer without any form of anti virus other than the natural Mac safety protections. This, to me, goes a long way confirming the impression that Macs are a lot safer than Windows - But I am not complacent and I know that the security risks are growing for Mac users, so I'll be even more careful in the future.
The real danger of course is that when you download an attachment or click on a link, you immediately compromise your machine with any number of possible forms of malware, up to and including root kits that basically take over and own your machine, and all your data on your machine is compromised, or encrypted and held for ransom, one of my favorites. Well, not really.
The last ten years of my professional career in computing tech was spent trying to get the members in the larger organization I supported to listen to my advice on such emails, and educate them. It has gotten so bad now (I am retired, but recently spent two hours touring and getting an update from successor who took over six years ago), that the organization now sends such target spear phishing themselves to staff, to see who will fall for them, and educate them when they do. The embarrassment factor alone makes me wish I were still there to watch those who fall for the emails react when informed of what they have done.
By the way, KUDOS to Mark and HipStamp staff who were fast and on top of this. I bow to their professionalism and immediacy.
Joe
Justin here from HipStamp. We appreciate you alerting us to this. We are working to address this so it does not impact anyone else and should have it resolved shortly. If you receive the message posted above, please do not click the link in the message.
Regards,
Justin
Francois
Mine are from: lyuzutechanch1975, doparepub1978 and centfassnetna1978
I did open a ticket about this situation. I'm also doing a full computer scan to hopefully remove any badness.
Has anyone else received a similar email this morning? I figured Mark and the HipStamp team would like to see this!