FPL email spam

[adamm]

What is your policy on releasing customer information to third parties or partners? In the past couple months, I have noticed a couple spam emails sent directly to my email. The only reason I'm outing FreePhoneLine is because the email I used to sign up for FPL is a virtual email forwarder and was created SOLELY to sign up for your service. It is not advertised or listed ANYWHERE else nor is it used to send or receive emails from anyone except your service. So please let me know if you have an explanation for this because I do not. Below is a copy of the most recent spam email I received:

-----Original Message-----
From: KP Support [mailto:donotreply@accessfund.org]
Sent: Sunday, September 18, 2011 7:55 AM
To: --
Cc: fpl1@my-personal-website-domain.ca
Subject: Profitez d'un traitement Royale.

Vous Pouvez Devenir Ce Que Vous Avez Envie De Devenir

Gagnez dès maintenant 1800eur de bonus de bienvenue et soyez le Roi.

Rejoignez le meilleur club VIP en ligne dès maintenant.

h--p://www.clubdreamkp.com/fr/
----------------------

The sent date is also interesting, especially since I received the email today.

[adamm]

I did a quick search in my spam folder and was not happy with what I saw. 24 spam emails sent to my fpl1@ email address since March 17 (which is probably the last time I cleaned out my spam folder)

Here are just a few snippets (I would urge whoever is reading this not to click the links)

-----Original Message-----
From: KingsPalace [mailto:nonreply@aabb11.com]
Sent: Saturday, March 17, 2012 4:10 AM
To: fpl1@--
Subject: [SPAM] Tu veux 1800EUR? profite-en alors.

Il est enfin temps pour vous, de gagner un max d'argent en ligne.

Rejoignez Kings Palace le N°1 et reçevez un traitement digne d'un Roi.

Notre équipe est là pour vous et à votre entière écoute.

http://www.alphalifekp.net/fr/

-----Original Message-----
From: Kings Palace [mailto:noreply@debacle.eng.sun.com]
Sent: Sunday, March 18, 2012 12:37 AM
To: fpl1@--
Subject: [SPAM] Apprenez A Devenir Un Roi.

Ne laissez pas passer cette opportunité énorme de jouer parmis les plus gros flambeur du web.

Montrez leur de quoi vous êtes capable et gagnez un maxium d'argent devant leur nez.

Recevez 1800EUR pour vous éclater.

http://www.alphalifekp.net/fr/

-----Original Message-----
From: no-reply [mailto:do_not_reply@adamslibrary.org]
Sent: Monday, March 19, 2012 12:26 AM
To: fpl1@--
Subject: [SPAM] Gagnez sans risque maintenant.

Recevez enfin un traitement digne d'un joueur V.I.P.

Rejoignez Kings Palace et éclatez vous réellement dans un lieu super.

http://www.topgrandvipkp.net/fr/

I said it before and I'll say it again, this email was used only to sign up for FreePhoneLine and has never been used to send or receive emails other that from FreePhoneLine directly (in fact, the email is a virtual email forwarder so it cannot be used to send emails at all), nor has it been advertised anywhere that I gave permission for.

The trend of Kings Palace (KP) is quite obvious through ALL 24 emails. I do not know what it has to do with fongo or free phone line, but it is prevalent in just about all the 24 spam emails sent to this specific address since March 17

[dibsmft]

I have had the same emails on one of my accounts in particular. They seem to have been widely broadcast
"X-Spam-Flag: YES
X-Spam-Level: xxxx
X-Spam-Checker-Version: SpamAssassin 3.002004 (2008-01-01)
X-Spam-Status: Yes, hits=4.6 required=4.0
tests=RDNS_NONE,URIBL_JP_SURBL
version=3.2.4
X-Spam-Report: 3.8 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: ultraluckykp.com]
* 0.8 RDNS_NONE Delivered to trusted network by a host with no rDNS
X-Scanned-By: MIMEDefang 2.67 on 134.153.232.49

Vous Pouvez Devenir Ce Que Vous Avez Envie De Devenir"

I very much doubt if Fongo has anything to do with the SPAM.

[Jake]

The only thing I would say here is yes it is very strange that your FPL only email got spam mail, I think mine has as well but I generally just ignore it, or if it gets really annoying I just junk the email address. I like you tend to set up specific emails for certain companies so I know where spam comes from.

From what you have shown it doesn't look like 24 different people have your email address, rather just one that sent 24 different emails.

My spam filters tend to do a good job of keeping things clean. I remember what things were like 10 years ago (Love Bug anyone?)

If the emails continue, just junk the address and change it in your FPL admin to something else. Hopefully it won't happen again.

[adamm]

@Jake: well yeah I know it wasn't 24 different people. It's obviously one person (or company) spamming my address (this is also backed up by a quick google search of Kings Palace Casino). The question how they got my fpl-specific email address. The answer is not to just trash my fpl address and make a new one, nor is it to just allow my spam filter to take care of it. That doesn't solve the problem. And for FPL/fongo to not admit that there something going on is wrong too, whether it's a compromised database or something else, they should at least admit to the situation.

I find it hard to believe it's a coincidence. I get lots of junk emails to my main email address and I have over 50 different virtual addresses. If it were coincidence and the spammer just happened to figure out my FPL address, they'd also figure out several other unrelated accounts. It's TOO coincidental to be a coincidence

@dibsmft: I'm not saying no one else is getting these spams. In fact if you check out Kings Palace on facebook, there are a lot of ppl complaining about spam. Also a google search with some of the email contents shows other instances of ppl getting this same spam. As I said to Jake, the question is HOW they got this specific email. To add to this, I have 2 different FPL accounts, using two different unique virtual email address that are only used for FPL and both of them are being spammed. Often times, the two FPL email addresses would be grouped together in the CC field of the same email. Feel free to explain that. And I would love to hear from FPL on this matter

[dibsmft]

Places to look if you are really concerned might be the email button to the right. When it is used the email address appears to be concealed but it could be a weak point. The other is the same thing via your id. Both use the user list. Perhaps there is a weak point there.

[adamm]

yes, the forum is a potential security hole, but the only way a spammer would get a hold of the email is by compromising the database... again, fongo should be aware of this and inform their customers. I don't think it's the forum as I explained that 2 different addresses used for FPL are being spammed specifically and I only have one of those addresses registered with the forum. I understand spam is a messy subject and you can get it from just about anywhere, but my fpl addresses have never been exposed by me. Do you have any other viable explanations.

[TheHardy]

Maybe I am the one that shouldn't be saying this, but has anyone considered the login connection to the authentication/registration server? Traffic is going to a KNOWN address --- and your login to your FPL account _IS_ your email account name ... we know that the password is encoded, but is your EMAIL address (aka user name) ... ???

Just something to consider.

Also, FWIW, I am the website admin for the website for the company I work for -- I have several "TEST" email account that are NEVER used for ANYTHING -- they were set up just to be set up -- not used for registration or anything at all -- 100% dormant -- and _THEY_ get "kings place" spam ...

They are LEGIT accounts, and I also SAVE all "non-directed" email as well, just to filter spam out and see where it comes from, and it is only 2 of my "dormant" accounts -- both, tho, are common first names @"the_domain" ... the less common ones, or in another combination do NOT have spam coming in to them.

Just an observation from where I am sitting.

How "unique" are the accounts that you are being spammed on?

Now then -- I agree that Fongo SHOULD go over their system and database with a fine tooth comb and see if there is unauth access. Maybe even, seeing as they are growing, have an outside firm check them out. There may be a vulnerability that even FONGO itself has overlooked.

But even though your evidence is very detailed and seemingly overwhelming, it is not 100% definitive.

[adamm]

My evidence is so specific that 3 totally separate email addresses set up with 3 totally separate fpl accounts (only 1 account is mine, the others are other family members) and I see spam emails with all 3 email addresses specifically in the TO and CC lines of the email. So 1 email with the 3 fpl email accounts as the recipients -- ONLY those 3 email accounts. And those email accounts are used for nothing other than registering for fpl. And only 1 address, mine, was registered with these forums, so I don't think it's a forum specific issue.

[TheHardy]

My evidence is so specific that 3 totally separate email addresses set up with 3 totally separate fpl accounts (only 1 account is mine, the others are other family members) and I see spam emails with all 3 email addresses specifically in the TO and CC lines of the email. So 1 email with the 3 fpl email accounts as the recipients -- ONLY those 3 email accounts. And those email accounts are used for nothing other than registering for fpl. And only 1 address, mine, was registered with these forums, so I don't think it's a forum specific issue.

Interesting. I think that the spammer is maybe harvesting off web-hosting MAILSERVERS ... and the reason I say this, is that I am the web-admin for the company website and I have tinkered around, creating temp mailboxes, deleting them, and having a 'catch-all' ... I am getting spam to some very specific email addresses as well (although common names @company.website --- such as jeff@company.website, mike@company.website) ....

I 100% know that these accounts are NOT in use for anything, as I am the only one that has the passwords --- BUT they are catching spam!!! I have forwarded my concerns to my hosting company for further investigation, along with fwd's of the emails and paths, trace info etc.

Sending you a PM as well ...

But I would think that THIS might be the weak link. FPL has said their services are secure ... they MAY not be -- but as I say, for DEAD accounts that are NOT used anywhere, I am catching spam --- so MINE is not FPL ....