On Wed, 2009-08-05 at 09:54 -0400, Eric Butera wrote: > On Wed, Aug 5, 2009 at 3:06 AM, Ashley Sheridan<ash@xxxxxxxxxxxxxxxxxxxx> wrote: > > On Tue, 2009-08-04 at 20:49 -0700, Steve wrote: > >> Daniel Brown wrote: > >> > Just as a heads-up, in case you guys weren't yet aware (cross-posting): > >> > > >> > Elance.com was the victim of an SQL injection attack earlier this > >> > summer (they apparently missed our billions of threads on sanity). > >> > According to their folks, only names, company names, phone numbers, > >> > and email addresses were taken. Whether or not that's true, I don't > >> > know, but that's beyond the scope of this warning. > >> > > >> > The most recent attempt to get more of your personal information > >> > comes from a (*possibly* legitimate) website named > >> > OutsourcingRoom.com. If you have been a member of Elance, you may > >> > have already received the message from OSR that claims that you signed > >> > up with them, and gives you a username and password. Now, I'm not > >> > here to tell you guys and gals what to do, but taking the facts into > >> > account - the stealing of private information by breeching the > >> > security of a competitor - it's entirely up to you as to whether or > >> > not you'll consider OSR a trustworthy business. Chances are, they'll > >> > not only charge you for using the service, but will also be so kind as > >> > to reuse (or redistribute) your private and financial information, > >> > should you be willing to give it to them. > >> > > >> > We've already received numerous hits on our network for > >> > OutsourcingRoom.com and one or two other shoddy attempts to gain more > >> > information. Today the emails seem to have picked up significantly, > >> > and appear to be not only valid, but professionally-crafted. > >> > Thankfully, we were anticipating such, after being alerted to the > >> > attack by Elance themselves. Perhaps a bit embarrassing for them, but > >> > it was a good move to mitigate the damage post-fact, in my opinion. > >> > > >> > That's it. Just trying to keep everyone from getting scammed and > >> > screwed. For more information, check Google, as always. ;-P > >> > > >> > > >> > >> I got that email. I was wondering what that was about. Thanks for the info! > >> > > Well, I try not to give out my details to too many people each month, > > and this month they were beat to it by a nice fellow in Nigeria who I'm > > helping out by letting him put some money into my account. Next month I > > had originally planned to invest in those berrys everyone is talking > > about and some watches, and then after that, I need to update my account > > details on Ebay (I forgot I even had an account with them!) as they keep > > asking me to go and do it because of a security update they've made. > > > > Ho hum... > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > Har har. This was not a mindless 411 scam. It is a bit different > when an actual site people use gets hacked and their personal > information stolen. I too received one of these emails and it was > very convincing. It has my exact username from the Elance site and > was crafted in such a way that it seems this new site was a partner > with Elance somehow. > > -- > http://www.ericbutera.us/ > Is there nothing that anybody can actually do about this? Where is the new company based? Are there laws in that country about this sort of thing? Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
