Jump to content

Archived

This topic is now archived and is closed to further replies.

Marcos

"ESET" scam email targetting German users

Recommended Posts

Today (June 27, 2013), ESET has discovered a fake email message that’s being sent to internet users in Germany and which misuses our identity to gather personal and sensitive information. ESET is detecting and blocking this threat, so customers with an updated product are protected. We recommend that all users ensure their ESET software is updated as soon as possible. We have launched a full investigation into where the attack originated from (the spam campaign where the phishing emails are sent from) and have already gathered important data in the pursuit of shutting down the criminal website.

Share this post


Link to post
Share on other sites

as already posted on wilderssecurity:

Although there is a corresponding press release on eset.com/de, you will need 4 clicks to get linked to the news (if you know where to search about / press / news ). Recommend to put a direct link on the front page and have document updated 3 times a day with findings especially about the data leak.

Don't let it end in a comms desaster. Be positively agressive and open to the public!

edit.gif

Share this post


Link to post
Share on other sites
Guest ghjnkml,öä#-

Is this all Eset's got to say about the topic?!

How did these people end up with my COMPLETE Name and information about the my actual Eset-product in use?

This is a very bad statement, since it claims that the only thread to Eset-Costumer were the phishing-Mails.

What about the lack of security ESET seems to encounter on their databases?

I'm not very happy about the way Eset deals with this.

Share this post


Link to post
Share on other sites
Guest kolkata

 

How did these people end up with my COMPLETE Name and information about the my actual Eset-product in use?

Esets database security is very weak.  :angry:

Share this post


Link to post
Share on other sites
Guest rob-bot

I want to ask this question again..

"How did these people end up with my COMPLETE Name and information about the my actual Eset-product in use?"

ESET, please answer!

Share this post


Link to post
Share on other sites
Guest rob-bot

And still no more information yet. thats is a very good company policy.  :(

Share this post


Link to post
Share on other sites

We have launched a full investigation on how the incident occurred and will share more information soon, as it will be completed. As well we were tracing the origins of the attack and were able to shutdown the website that the criminal has been using and the fake form has been removed. We have notified German users about the fake e-mail via special e-mail message and the broader German public via our website and social media. We advised people who might have filled out the fake form with sensitive financial data to contact their financial institution immediately.

We are still continuing our investigation and are gathering important information to notify the affected.

Share this post


Link to post
Share on other sites
Guest rob-bot

Marcos, sorry. But this is not a answer to my question.  :(

Share this post


Link to post
Share on other sites
Guest Ragewind

What is even worse is that after the initial fake eset mail today I got my first third-party phishing attempt (blabla verify your paypal account blabla) to the mail I solely used for my eset account. Mistakes can happen, but I'm disappointed and hope you're duely embarassed.

 

 

Share this post


Link to post
Share on other sites
Guest dgfgdxfsd

Why did my post get deleted?!
Is this how you deal with unconvinient truths?

 

Since you are still not done "investigating", I presume the securitiy hole on your servers still exists!

I hope you are deeply emberassed.... ESET's a security firm, things like these should not happen.

Share this post


Link to post
Share on other sites

Here it is in English translated by Google Translate so take it for what it is.

 

 

Update 8 August - end of June were circulating fake emails from cyber criminals who abused the name of ESET for the theft of private information. This mainly affected ESET users from Germany who have been raised with first and last name in the email. You should enter in a web form sensitive data to supposedly prevent blocking ESET license.

 

The e-mails to the concerned ESET users were sent by a server standing abroad. These were broken out of strangers, and so misused for sending the emails.

Immediate reactions from ESET 
All ESET products have been updated and immediately stop since the danger. Furthermore ESET immediately allocated to research that led to the closure of the form of the criminal website. In addition, customers and partners were informed promptly.

Findings

  1. It is quickly evident that the traffic between users, partners and ESET at each time was absolutely sure.
  2. The customer data was not stolen from databases of the company ESET.
  3. As a source of customer data studies have identified the online shop of a distributor.
  4. Sensitive personal data is not stolen, such as credit card information.

Partners took action 
Due to lack of willingness on the part of the ISP to participate in penetration testing or a computer forensic analysis of the system for detection of vulnerabilities, the online shop owner decided to change providers. In cooperation with ESET and the new ISP intensive studies have been made to ensure the highest level of security. Among others, two penetration tests were carried out by a specialized IT security firm. Detected vulnerabilities have been fixed system and application side.

Perpetrators remain in the wild 
The backers are still unknown. In order to follow the track towards the attacker, ESET would need administrative access to the server misused. It contained the form for tapping of confidential customer data. ESET has not received permission "of course" by the local operator / ISP. So it is virtually impossible to determine the necessary information. 
To make matters worse, that there is little time for investigating the situation remained. The perpetrators have naturally little interest to leave traces after the unmasking. Obviously not engage in such cases, the currently available mechanisms.

Even if the data was not stolen from a ESET system, then ESET feels largely responsible for the data of its users. ESET has for this reason the shop owner strongly supported in all of the aforementioned activities.

 

 

Update 3 July - currently circulating fake emails from cyber criminals who misuse the name of ESET for the theft of private information. This mainly affects Internet users in Germany.

Title and subject of these emails usually read as follows:

  • Subject: "Please verify your account ESET"
  • Salutation: "Dear Customer Eset, (first name name)"

ESET is NOT sender of this e-mail.

If you receive such an email (have):

  • Delete this e-mail.
  • Update your ESET security solution used.

If you have already filled out the form:

  • Please contact immediately with your account holding bank or the issuer of your credit card linked.

All ESET products suppress since last Thursday (27.06.) This danger: Is your software up to date, you have nothing to fear.

New insights

ESET and its partners in Germany to investigate the circumstances surrounding the fake emails. Under the current state information of customers of an online store were stolen. This online store is operated by independent service providers.

We can confirm that our commitment to close the website and the fake, linked in the e-mail form on the last Friday (28.06.) Led. Further analysis revealed that no bank and credit card information of ESET users were stolen from the online shop. It is possible that once stole data for further actions can be used to access financial or other sensitive information. ESET generally advises all customers to ignore emails with prompts to enter sensitive information and delete immediately.

ESET user and reseller partners in Germany and through various channels - informed about this incident - from email to Facebook.

ESET affected users will be notified in a timely manner, and be more, reliable information. So far we can confirm that name, first name and email address were stolen. As already said, there was no access to banking and credit card information.

If you have any questions, please contact our Technical Support. We will be happy to help you!

 

 

Share this post


Link to post
Share on other sites

"Partners took action 
Due to lack of willingness on the part of the ISP to participate in penetration testing or a computer forensic analysis of the system for detection of vulnerabilities, the online shop owner decided to change providers."

 

Kudos to the distributor for changing ISP's in the matter. (a good business model to follow)

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...