Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    Super Moderator Senior Pearl-Guide.com Pearl Expert jshepherd's Avatar
    Join Date
    Jun 2004
    Location
    Marina del Rey, CA
    Posts
    5,524

    Default DO NOT open email from CPAA today

    There is an email going out from CPAA that supposedly looks like it has a certificate attached. That attachment is a virus. Do NOT open it!

  2. #2
    Natural Pearl Senior Pearl-Guide.com Pearl Expert Purranha's Avatar
    Join Date
    Sep 2015
    Location
    New York, NY
    Posts
    1,485

    Default

    Thank you for the warning Jeremy!

  3. #3
    Pearl Enthusiast Senior Pearl-Guide.com Pearl Expert Pearl Dreams's Avatar
    Join Date
    Sep 2007
    Location
    Connecticut
    Posts
    6,618

    Default

    Wow! Thank you for the warning. I'll post it on Pricescope also.

  4. #4
    Super Moderator Senior Pearl-Guide.com Pearl Expert jshepherd's Avatar
    Join Date
    Jun 2004
    Location
    Marina del Rey, CA
    Posts
    5,524

    Default

    It looks like anyone who has communicated with BoPerry@cpaa.org is getting the email. A lot of people emailed him about their Pearls as One certificates and the email appears to have a certificate attached. It's not. It's a virus.

  5. #5
    Pearl Enthusiast Senior Pearl-Guide.com Pearl Expert Pearl Dreams's Avatar
    Join Date
    Sep 2007
    Location
    Connecticut
    Posts
    6,618

    Default

    I'll add that to my Pricescope thread.
    Last edited by Pearl Dreams; 09-21-2017 at 03:34 PM.

  6. #6
    Natural Pearl Senior Pearl-Guide.com Pearl Expert battah's Avatar
    Join Date
    Jun 2013
    Location
    DC
    Posts
    1,151

    Default

    Yikes, thanks for the heads up! So many viruses and phishing emails going around these days. Gmail considerately sorted that message to my junk folder.
    http://www.etsy.com/shop/LiliasTreasures

    Instagram: @LiliasTreasures

  7. #7
    Member
    Join Date
    Oct 2009
    Location
    California
    Posts
    92

    Default

    Thank you for the warning.

    If only these people could use their intelligence for good instead of evil.

  8. #8
    Rare Pearl Senior Pearl-Guide.com Pearl Expert
    Join Date
    Jan 2011
    Location
    South Australia
    Posts
    4,835

    Default

    Thank you for the warning !

  9. #9
    Administrator Senior Pearl-Guide.com Pearl Expert Kevin Canning's Avatar
    Join Date
    Aug 2004
    Location
    Victoria Canada, and Los Angeles, CA
    Posts
    1,813

    Default

    any other info.... I opened an attachment from Bo today
    Kevin Canning
    Pearls Of Joy
    www.PearlsOfJoy.com
    Read My Blog
    FaceBook Fan Page
    1-800-451-1411

  10. #10
    Rare Pearl Senior Pearl-Guide.com Pearl Expert CathyKeshi's Avatar
    Join Date
    Mar 2014
    Location
    Northeastern Pennsylvania, USA
    Posts
    3,154

    Default

    THANK YOU for the warning Jeremy! I am one who emailed Bo for my Pearls As One for a certificate, but either I didn't get this email or Safari filtered it out for me, whew ... Good luck, Kevin!
    Cathy

    CathyKeshi

  11. #11
    Museum Pearl Senior Pearl-Guide.com Pearl Expert JerseyPearl's Avatar
    Join Date
    Apr 2014
    Location
    New Jersey, of course!
    Posts
    5,042

    Default

    Run your virus scan program and have it delete the offender.

    I received the email, and thankfully, couldn't open the attachment!
    Etsy shop: OceansCove
    Instagram: OceansCove
    Facebook: Ocean's Cove Jewelry
    Amazon Handmade: Ocean's Cove
    Pinterest: OceansCove

  12. #12
    Natural Pearl Senior Pearl-Guide.com Pearl Expert
    Join Date
    Sep 2016
    Location
    Town
    Posts
    1,040

    Default

    Quote Originally Posted by Kevin Canning View Post
    any other info.... I opened an attachment from Bo today
    Me too. But I couldn't open the attachment. I got a message that the attachment is an older version of word document. So far my virus scan didn't find any virus. Fingers crossed.

  13. #13
    Inactive Senior Pearl-Guide.com Pearl Expert
    Join Date
    Dec 2009
    Posts
    1,880

    Default

    Quote Originally Posted by jshepherd View Post
    There is an email going out from CPAA that supposedly looks like it has a certificate attached. That attachment is a virus. Do NOT open it!
    Nearly 24 hours after this was posted, I received the email.

    The warning is appreciated, but inadequate. Bo's been hacked. His and our personal information has been compromised. My personal information (home address) was displayed in the offending attachment.

    What's worse, anyone that clicked on it has been hacked too, irrespective of whether it appears to run or not.

    The email originated from a computer in Chile (lafetechocolat.com) likely an inadvertent go-between and hosted by a GoDaddy server (secureserver.net). I've done a cursory examination of the attachment with a Hex editor (so I can look at the headers and links, without actually running it)

    The attachment contains an .xml file that does not install surreptitious software, instead scans the document folders and forwards personal files and contacts to email addresses which appear encrypted to avoid trace routing by average users.

    Later today, I will run this on a virtual machine (a restore-able quarantine), so I can open it with a disassembler and examine the source code to determine precisely what it's doing.

    To anyone that ran it, the damage is done. They have your info and any info you have on others. However, because the CPAA is registered organization, they have the burden of adequately warning anyone who may be compromised with a reasonable explanation how they allowed themselves to be hacked and follow up with a report of action taken.

    Not impressed. I take exception to my personal information being unlawfully accessed. Likewise, it's not my job to fix people's negligence. Once I have examined the source code and determined it's purpose, will file a complaint with the Office of the Privacy Commissioner in Canada and submit a report to my lawyer of record.


    Received: (qmail 8326 invoked by uid 30297); 22 Sep 2017 07:02:13 -0000
    Received: from unknown (HELO p3plibsmtp02-09.prod.phx3.secureserver.net) ([68.178.213.9])
    (envelope-sender <icavieres@lafetechocolat.com>)
    by p3plsmtp18-02-25.prod.phx3.secureserver.net (qmail-1.03) with SMTP
    for <dave@lagoonislandpearls.ca>; 22 Sep 2017 07:02:13 -0000
    Received: from mail.lafetechocolat.cl ([190.196.209.115])
    by p3plibsmtp02-09.prod.phx3.secureserver.net with bizsmtp
    id CX2B1w0232VvxZq01X2CBy; Fri, 22 Sep 2017 00:02:13 -0700
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.lafetechocolat.cl (Postfix) with ESMTP id 807A143B551
    for <dave@lagoonislandpearls.ca>; Fri, 22 Sep 2017 04:06:38 -0300 (CLT)
    Received: from mail.lafetechocolat.cl ([127.0.0.1])
    by localhost (mail.lafetechocolat.cl [127.0.0.1]) (amavisd-new, port 10032)
    with ESMTP id bV-ocbLmH38c for <dave@lagoonislandpearls.ca>;
    Fri, 22 Sep 2017 04:06:34 -0300 (CLT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.lafetechocolat.cl (Postfix) with ESMTP id 2F7A843AE02
    for <dave@lagoonislandpearls.ca>; Fri, 22 Sep 2017 04:02:08 -0300 (CLT)
    X-Virus-Scanned: amavisd-new at mail.lafetechocolat.cl
    Received: from mail.lafetechocolat.cl ([127.0.0.1])
    by localhost (mail.lafetechocolat.cl [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id uqZimmIxhSmW for <dave@lagoonislandpearls.ca>;
    Fri, 22 Sep 2017 04:02:07 -0300 (CLT)
    Received: from localhost (unknown [65.40.118.4])
    by mail.lafetechocolat.cl (Postfix) with ESMTPSA id 22DBC4305A4
    for <dave@lagoonislandpearls.ca>; Fri, 22 Sep 2017 03:58:13 -0300 (CLT)
    Date: Fri, 22 Sep 2017 06:53:40 +0000
    To: dave@lagoonislandpearls.ca
    From: Bo Perry <boperry@cpaa.org>
    Subject: Re: The Final Exam
    Message-ID: <ba5713868a2a09ad341dad88a4a45899@127.0.0.1>
    X-Mailer: Outlook
    In-Reply-To: <_____________________________@dave> // removed by me
    References: <_____________________________@dave> // removed by me
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="b1_ba5713868a2a09ad341dad88a4a45899"
    X-Nonspam: None

  14. #14
    Pearl Enthusiast Senior Pearl-Guide.com Pearl Expert Pearl Dreams's Avatar
    Join Date
    Sep 2007
    Location
    Connecticut
    Posts
    6,618

    Default

    Kevin, in the light of what Dave has posted, and given that you clicked on the email, has P-G also been hacked?

  15. #15
    Administrator Senior Pearl-Guide.com Pearl Expert Kevin Canning's Avatar
    Join Date
    Aug 2004
    Location
    Victoria Canada, and Los Angeles, CA
    Posts
    1,813

    Default

    Quote Originally Posted by Pearl Dreams View Post
    Kevin, in the light of what Dave has posted, and given that you clicked on the email, has P-G also been hacked?
    No, there's zero risk of that. I've quarantined that computer and run 3 different scans. I believe I was lucky in that I use google docs and it wouldn't load the file at all.

    As well the website is hosted in a server cloud by a very large hosting company - these guys don't let anything get through.

    If anybody loaded the file, definetly get checked out - but we're good at Pearl Guide HQ
    Kevin Canning
    Pearls Of Joy
    www.PearlsOfJoy.com
    Read My Blog
    FaceBook Fan Page
    1-800-451-1411

Similar Threads

  1. Tiffany to open Iridesse
    By jshepherd in forum Pearling Industry News
    Replies: 2
    Last Post: 10-06-2004, 03:08 AM