 Poster: A snowHead
|
You might have received an email suggesting your booking will be cancelled within 24 hours unless you confirm the booking.
DONT confirm it's a scam/phishing, I think a third party feedback system has been hacked, I've passed this onto sunweb.
They've confirmed they are aware of the problem.
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
|
@Little Martin, cheers!
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
|
Got an email from Sunweb with a warning about the scam a couple of hours ago.
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
That’s interesting, I booked an EasyHotel in Zurich a couple of weeks ago and got the same email. I couldn’t work out how a scammer could get all the booking details so I assume it was somebody working at the hotel. Link to a review site sounds much more likely.
It seems odd to me that somebody managed to hack a third party system then wasted the effort by using a clearly very dodgy email address.
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
| Valkyrie wrote: |
| wasted the effort by using a clearly very dodgy email address. |
It only seems dodgy for those who know what to look for.
Perhaps the scammers did it on purpose? If only the least informed respond, those are the easiest target.
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
|
@Little Martin, it will be really helpfull to put a photo here , how this email looks like.
|
|
|
|
|
|
|
|
Here's the one I got - the accommodation will be different for other people.
The reason why I think it's from a review system, is the lack of info they only know email and accommodation, which suggests sunweb use an external system to gather feedback but only pass over the email and accommodation to request it. The email headers all point to "wantyourfeedback . com", a Wordpress site which is likely the weak link.
|
|
|
|
|
|
|
|
|
Classic phishing with the note about urgency…. ‘Within the next 24 hours’
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
| Little Martin wrote: |
Here's the one I got - the accommodation will be different for other people.
The reason why I think it's from a review system, is the lack of info they only know email and accommodation, which suggests sunweb use an external system to gather feedback but only pass over the email and accommodation to request it. The email headers all point to "wantyourfeedback . com", a Wordpress site which is likely the weak link. |
interesting.
Thanks for the info.
Whats the email the used? wantyourfeedback@XXXX ?
|
|
|
|
|
|
|
|
|
I had the spam email. Interestingly it referenced the hotel I have currently booked with Sunweb next Easter. Guessing Sunweb has been hacked
|
|
|
|
|
|
snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
|
|
Sunweb have now declared a data breach.
|
|
|
|
|
|
And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
|
| NickyJ wrote: |
| Sunweb have now declared a data breach. |
Where? I don't see anything on their website, or any news sources.
|
|
|
|
|
|
|
|
|
I received an email from them
|
|
|
|
|
|
You know it makes sense.
|
We want to inform you that, after a thorough investigation, we have identified a data breach in one of our systems. This breach has now been fully contained, and the affected system has been closed.
What happened
During this incident, some customer data was compromised. The data includes:
• Contact details (including name, email address, home address, phone number and date of birth)
• Booking information (in most cases): including travel dates, flight and hotel details and other services booked
We want to reassure you that no bank or credit card details were accessed or compromised.
Following this breach, criminals have sent phishing emails. These emails looked like booking confirmations and asked customers to click on a link and make a payment.
Your booking is secure and will not be cancelled. We will never ask you to confirm your booking or payment via an external link.
What you can do
• Be cautious with unexpected emails, texts, or calls that ask you to click a link, share information, or make a payment.
• Always check carefully who the sender is.
• Do not share passwords, bank details, or personal codes.
• If you have doubts about a message, please contact us directly via our official website or app.
What are we doing
• The breach has been fully contained and the system closed.
• Additional security measures have been implemented to prevent this from happening again.
• We will report the breach to the relevant Supervisory Authority, in line with privacy regulations.
Please check our Questions & Contact page for ways to contact us if needed. We are very sorry for any concern this incident
|
|
|
|
|
|
Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
|
|
Eek, I'm not sure I like the idea of there being info on the dark web which gives me address and when I'm going to be on holiday. I doubt they're going to individual properties to rob them...but the idea that they might is not fun
|
|
|
|
|
|
Poster: A snowHead
|
|
That email to me contained my booking reference. I hadn't received the email another snowhead did but I did get the generic one on that same day which was around how to spot fraudulent message purporting to be from Sunweb
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
I got the same (mine was in German for a stay in saalbach, so had to translate it).
It was only the ‘you have 24 hours to comply’ part that raised my suspicion and then noticed the mail address was very dodgy - if it wasn’t for that I might well have been suckered and clicked through.
I whatsapped it to sunweb y’day and they confirmed it was a breach.
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
| SnoodyMcFlude wrote: |
| Eek, I'm not sure I like the idea of there being info on the dark web which gives me address and when I'm going to be on holiday. I doubt they're going to individual properties to rob them...but the idea that they might is not fun |
I guess they may look to find someone to sell that information to, but unlikely your local petty/house-breaking criminal is on the dark web, or be prepared to pay for the info (via Bitcoin, or whatever).
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
|
There I was saying I had received the phishing email... I had but it was trapped in my spam folder!
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
| zedzed_uk wrote: |
| SnoodyMcFlude wrote: |
| Eek, I'm not sure I like the idea of there being info on the dark web which gives me address and when I'm going to be on holiday. I doubt they're going to individual properties to rob them...but the idea that they might is not fun |
I guess they may look to find someone to sell that information to, but unlikely your local petty/house-breaking criminal is on the dark web, or be prepared to pay for the info (via Bitcoin, or whatever). |
If I were an enterprising house-breaking thief, it might be worth the money to get a list of booking and hit a bunch of empty houses each week!
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
| abc wrote: |
| zedzed_uk wrote: |
| SnoodyMcFlude wrote: |
| Eek, I'm not sure I like the idea of there being info on the dark web which gives me address and when I'm going to be on holiday. I doubt they're going to individual properties to rob them...but the idea that they might is not fun |
I guess they may look to find someone to sell that information to, but unlikely your local petty/house-breaking criminal is on the dark web, or be prepared to pay for the info (via Bitcoin, or whatever). |
If I were an enterprising house-breaking thief, it might be worth the money to get a list of booking and hit a bunch of empty houses each week! |
If I was an enterprising criminal, I'd go on the dark web with a completely "made up" list of addresses & holidays dates, and pretend to be the hackers that stole the data, and then look to sell it to a house-breaking criminal for £5k in Bitcoin 
|
|
|
|
|
|
|
|
| zedzed_uk wrote: |
| abc wrote: |
| zedzed_uk wrote: |
| SnoodyMcFlude wrote: |
| Eek, I'm not sure I like the idea of there being info on the dark web which gives me address and when I'm going to be on holiday. I doubt they're going to individual properties to rob them...but the idea that they might is not fun |
I guess they may look to find someone to sell that information to, but unlikely your local petty/house-breaking criminal is on the dark web, or be prepared to pay for the info (via Bitcoin, or whatever). |
If I were an enterprising house-breaking thief, it might be worth the money to get a list of booking and hit a bunch of empty houses each week! |
If I was an enterprising criminal, I'd go on the dark web with a completely "made up" list of addresses & holidays dates, and pretend to be the hackers that stole the data, and then look to sell it to a house-breaking criminal for £5k in Bitcoin |
Why go so small?
Why not pretend you got a list of hacked bank account and sell it for a whole lot more?
|
|
|
|
|
|
|
|
FAQ
