Jump to content
You are a guest user Click to join the site

Welcome Guest

Welcome to drugbuyersguide, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of Drug Buyers Guide Forum by signing in or creating an account.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.

Protonmail warning message


milex
 Share

Recommended Posts

  • Members

  • Group:  Members
  • Topic Count:  2
  • Content Count:  66
  • Reputation:   70
  • Joined:  07/08/2017
  • Status:  Offline
  • Last Seen:  

If the scammer is using protonmail contact lists to try and phish customers, I've emailed several high profile vendors using their protonmail accounts in the past (most vendors from the email sources thread) and I haven't received any phishing emails to my protonmail account. So I think it's safe to assume this is probably localised to a very small number of DBG vendors (perhaps just one) and isn't cause to abandon using protonmail all together, but rather just be vigilant of suspicious emails.

More information is needed on which vendor account(s) have been compromised though.

Edited by milex
Link to comment
Share on other sites

  • Members

  • Group:  Members
  • Topic Count:  2
  • Content Count:  66
  • Reputation:   70
  • Joined:  07/08/2017
  • Status:  Offline
  • Last Seen:  

I think it's best to wait for the admins to contact all vendors with protonmail accounts to confirm which vendor(s) have had their accounts compromised. But instructing all vendors with protonmail accounts to change their email seems unnecessary in my opinion though. Protonmail is still a very safe and secure platform, the admins just need to identify the compromised account(s) and warn the vendor(s).

But that's just my opinion, I don't mean to step on anyone's toes. I'm sure we'll be updated soon.

Edited by milex
Link to comment
Share on other sites

  • Sapphire Sponsor

  • Group:  Sapphire Sponsor
  • Topic Count:  3
  • Content Count:  90
  • Reputation:   80
  • Joined:  03/20/2016
  • Status:  Offline
  • Last Seen:  

I have received two bogus emails in my Proton Mail account this past week.  The first one was the tutanota email with the bitly link that others received, and the other one appeared to be from DHL asking me to login to track and verify a package shipment.  It was bogus as well since I have not ordered anything being shipped by DHL.  

I do know I've given my Proton Mail address to only one person, a vendor on this site, in the past 6 to 8 months and that was about two weeks ago.  I am not saying this specific vendor shared/sold my address because I have no proof, but it would be interesting to find out how many others had the same experience after giving out their email address. 

If Proton Mail was aware of a large scale scamming operation on their sites, they would have at least asked everyone to change their passwords.  I've received no communication from them, but I did change my password to something a good bit stronger and turned on 2-Password Authentication.   You used to be required to implement 2-Password on Proton Mail but they removed that requirement over a year ago.  BTW, this is a little off topic, but almost ALL system hacks occurred because of compromised passwords.  

 

Edited by GungHo
Link to comment
Share on other sites

  • Members

  • Group:  Members
  • Topic Count:  2
  • Content Count:  66
  • Reputation:   70
  • Joined:  07/08/2017
  • Status:  Offline
  • Last Seen:  

@GungHo That seems pretty conclusive. It might be best to PM an admin to let them know which vendor it was. If this leak of DBG users is down to one vendor it could save a lot of time and hassle.

Link to comment
Share on other sites

  • Sapphire Sponsor

  • Group:  Sapphire Sponsor
  • Topic Count:  3
  • Content Count:  90
  • Reputation:   80
  • Joined:  03/20/2016
  • Status:  Offline
  • Last Seen:  

3 minutes ago, milex said:

@GungHo That seems pretty conclusive. It might be best to PM an admin to let them know which vendor it was. If this leak of DBG users is down to one vendor it could save a lot of time and hassle.

My thoughts exactly 🙂 Thanks!

 

Link to comment
Share on other sites

  • Moderators.

  • Group:  Moderators.
  • Topic Count:  12
  • Content Count:  2,034
  • Reputation:   2,124
  • Joined:  07/27/2019
  • Status:  Offline
  • Last Seen:  

Someone just reported that they got scammed via this protonmail situation.  Apparently the hacker responded to an email reply from within the same thread but from seemingly an entirely different email address.  Not near enough info to understand what's happening yet, but definitely a warning to check sender headers on all emails and/or hold off on ordering altogether until this gets figured out and aired out....stay safe everyone!

Edited by DoomKitty
Link to comment
Share on other sites

  • Opal Sponsor

  • Group:  Opal Sponsor
  • Topic Count:  3
  • Content Count:  115
  • Reputation:   96
  • Joined:  08/23/2014
  • Status:  Offline
  • Last Seen:  

Question:  for those of us who have received the phishing/scam emails (myself included),  would it be wise to at least change our pr0ton mail address since the scammer could theoretically continue to use our leaked email address even at a future time? I am thinking that is what the warning is telling us to do, but I am wondering if still using pr0ton is ok if I change the address? 


I thought that pr0ton mail in itself seemed to be a safe email provider. It seems that the leak of a lot of our addresses could have happened with any email provider if the vendor who was hacked/scammed clicked a bogus link or was hacked in some other way?  Or am I incorrect about that? Genuinely asking as I do not know.


I am glad that the warning is posted on DBG as it seems like there may be people who do not know about phishing methods/ scam links and so on. I know I have a LOT more to learn and plan on reading up!!  I am thankful that the admins are on it and are sharing the info for our protection!! Just trying to decide whether to switch to tutan0ta or just a new pr0tonmail address...

Edited by pixiechic
Link to comment
Share on other sites

  • Moderators.

  • Group:  Moderators.
  • Topic Count:  12
  • Content Count:  2,034
  • Reputation:   2,124
  • Joined:  07/27/2019
  • Status:  Offline
  • Last Seen:  

Mere speculation but if it's true that a malicious agent is capable of responding within an email thread from an entirely different email address (and email provider!) then I would say Protonmail itself has been in some way compromised, possibly just at the browser level but still compromised.  I mean only a user that's been phished (i assume as i haven't heard of this particular attack) could be compromised but that could be any vendor (or member) at any time, which would effectively make Protonmail unsafe in terms of this specific attack, hence Admins warning.  Has anyone heard of this kind of attack?!

 

Edited by DoomKitty
Link to comment
Share on other sites

  • Members

  • Group:  Members
  • Topic Count:  2
  • Content Count:  66
  • Reputation:   70
  • Joined:  07/08/2017
  • Status:  Offline
  • Last Seen:  

41 minutes ago, DoomKitty said:

Mere speculation but if it's true that a malicious agent is capable of responding within an email thread from an entirely different email address (and email provider!) then I would say Protonmail itself has been in some way compromised, possibly just at the browser level but still compromised.  I mean only a user that's been phished (i assume as i haven't heard of this particular attack) could be compromised but that could be any vendor at any time, which would effectively make Protonmail unsafe, hence Admins warning.  Has anyone heard of this kind of attack?!

I could well be an elaborate Man-in-the-browser attack (MITB) setup by someone in the DBG community. First phishing a vendor account to obtain a contact list of DBG users, then sending out phishing emails which install the MITB malware. I don't understand exactly how it would work, but MITB malware can be used to modify webpages and possibly hijack email exchanges (making you think you're sending an email to one account when actually it's been sent to another). I'd urge anyone who has clicked on a suspicious link they received in their protonmail account to download Malwarebytes and run a scan.

However if this is happening when using the protonmail iPhone/Android app then that is very scary indeed.

Link to comment
Share on other sites

  • Sapphire Sponsor
lookinforthebiscuits

  • Group:  Sapphire Sponsor
  • Topic Count:  0
  • Content Count:  134
  • Reputation:   164
  • Joined:  11/21/2018
  • Status:  Offline
  • Last Seen:  

Only just saw this thread, but I'm reposting below what I posted in the other thread on this:

I've also been receiving the phishing emails in my Protonmail account. There were quite a few at the end of last week and a few this week.

I stand to be corrected on this, but it's very unlikely that Protonmail itself has been compromised. That would be big news if it had. What's far more likely is that a vendor(s) email account was compromised, the email addresses contained in the address book were harvested and those addresses were spammed with these phishing emails. Clicking on any of the links/opening any of the attachments in those emails likely means either your device was infected with malware and/or your Protonmail account has been compromised. Either way, it's a big problem for all of us.

All members (and vendors for that matter) should ensure they are free of malware and change their mail account passwords asap.

Link to comment
Share on other sites

  • V.I.P Member
sweetmelissa589

  • Group:  V.I.P Member
  • Topic Count:  10
  • Content Count:  543
  • Reputation:   181
  • Joined:  03/16/2019
  • Status:  Offline
  • Last Seen:  

@lookinforthebiscuits  Changed my password.. nothing fishy on my account so far...  Fingers crossed!

Link to comment
Share on other sites

  • Moderators.

  • Group:  Moderators.
  • Topic Count:  12
  • Content Count:  2,034
  • Reputation:   2,124
  • Joined:  07/27/2019
  • Status:  Offline
  • Last Seen:  

@milex An MitB attack does sound likely but why would they have to use a different email address to send within protonmail? Why not just hijack the browser and send from browser as normal?  I am not up to date on a lot of existing attacks, tho i know theres been a lot of work on trying to fully compromise Protonmail as its one of the preferred email of choice of a lot of human rights activists....

@lookinforthebiscuits  The problem with the theory that it's simply a compromised password associated with a vendor account is the same as i mentioned above: the scam emails are within existing email threads but come from an entirely different email address and provider.  If it was a mere account takeover the hacker would just send from the account as normal which we've seen a lot recently in the RC community. 

Link to comment
Share on other sites

  • Admin pinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...