(Topic ID: 198485)

Attention! Virus e-mails being sent from Stern Pinball spoofed e-mails!


By capguntrooper

2 years ago



Topic Stats

  • 102 posts
  • 58 Pinsiders participating
  • Latest reply 8 months ago by fliperz
  • Topic is favorited by 2 Pinsiders

You

Linked Games

Topic Gallery

There have been 16 images uploaded to this topic. (View topic image gallery).

Screen Shot 2018-11-07 at 11.03.52 (resized).png
probably dangerous (resized).jpg
0195046D-413C-4181-B7DF-9D5D5FE9E3C0 (resized).jpeg
~.pdf (PDF preview)
Screenshot_2017-10-10-12-39-38 (resized).png
38294750-B8EC-4BB9-BDDE-227AEAAA2AC2 (resized).png
well-why-dont-you-cry-about-it (resized).jpeg
Screen Shot 2017-10-03 at 16.40.36 (resized).png
Screen Shot 2017-09-26 at 18.12.46 (resized).png
Screenshot_20170926-113801.jpg
zzzzzzvirus (resized).jpg
Screen Shot 2017-09-25 at 2.57.11 PM (resized).png
vt2 (resized).png
vt (resized).png
Screen Shot 2017-09-20 at 11.09.22 (resized).png
Screen Shot 2017-09-20 at 11.08.57 (resized).png

There are 102 posts in this topic. You are on page 2 of 3.
#51 2 years ago

I got one as well from Chas. Looking at the header the IP originated from Jordan.

#52 2 years ago
Quoted from flynnibus:

Are you even looking at the headers to see if they are coming from Stern mail servers?
We all know once the names/contacts are harvested, spoofing will go on for ages even after the original target is cleaned up.

All the follow on emails are spoofing yes, it does not matter if they are coming from Stern or not. This thread serves as a warning that fellow pinside members may receive an email like this and to NOT open it or the links.

See original email for details, AGAIN Stern was hacked, this was confirmed and people who were in Sterns email lists are subject to a cyber threat. It is fine if you want to follow the "What difference does it make anymore" mentality, but I will continue to promote awareness to fellow pinside members here in order to prevent their cyber threats against them.

#53 2 years ago

I got an email from homepin the other day filled with expletives and the F and N word all over it and thought they were hacked too.

Turns out it was just Mike saying hello.

#54 2 years ago

Damn Equifax!!

-2
#55 2 years ago

This doesn't mean stern was hacked. What is means is that someone who has you in their address book was hacked, who also had Stern in their address book, and the virus emails everyone randomizing the to and from. This happened recently to me, a friend 'sent' the email but the actual from address was a German webmail provider.

#56 2 years ago
Quoted from Richthofen:

This doesn't mean stern was hacked. What is means is that someone who has you in their address book was hacked, who also had Stern in their address book, and the virus emails everyone randomizing the to and from. This happened recently to me, a friend 'sent' the email but the actual from address was a German webmail provider.

Wrong. AGAIN, see original post. Confirmed Stern was hacked. If it was an employee of Stern or Stern Servers makes no difference. Your argument is akin to calling a palm a hand or a side arm a pistol. The threat is there still and this thread serves as a PSA

#57 2 years ago
Quoted from capguntrooper:

Wrong. AGAIN, see original post. Confirmed Stern was hacked. If it was an employee of Stern or Stern Servers makes no difference. Your argument is akin to calling a palm a hand or a side arm a pistol. The threat is there still and this thread serves as a PSA

Bingo....

Obviously Stern is lacking Cyber-Security measures to prevent these problems. Not a dig on Stern, many small companies fail to implement adequate protection and policies.

#58 2 years ago
Quoted from purplemunkydishw:

I got an email from homepin the other day filled with expletives and the F and N word all over it and thought they were hacked too.
Turns out it was just Mike saying hello.

Apparently it's a longstanding cultural thing down here in Australia?

It's news to me anyway....

-4
#59 2 years ago
Quoted from capguntrooper:

All the follow on emails are spoofing yes, it does not matter if they are coming from Stern or not. This thread serves as a warning that fellow pinside members may receive an email like this and to NOT open it or the links.
See original email for details, AGAIN Stern was hacked, this was confirmed and people who were in Sterns email lists are subject to a cyber threat. It is fine if you want to follow the "What difference does it make anymore" mentality, but I will continue to promote awareness to fellow pinside members here in order to prevent their cyber threats against them.

What are you the white knight here to save people? Looking for a trophy? You made the awareness... the thread is out there. The sloppy reporting, loose terminology, etc just comes across as hyper. I shade from calling it hysteria because you claim to have some background, but this is getting ridiculous.

You keep saying "confirmed by stern!"

What, that maybe one or more people got some malware? Or was it their infrastructure was compromised? Yet you keep trying to save the world from this "confirmed hack"

Please stop abusing the word

#60 2 years ago
Quoted from flynnibus:

What are you the white knight here to save people? Looking for a trophy? You made the awareness... the thread is out there. The sloppy reporting, loose terminology, etc just comes across as hyper. I shade from calling it hysteria because you claim to have some background, but this is getting ridiculous.
You keep saying "confirmed by stern!"
What, that maybe one or more people got some malware? Or was it their infrastructure was compromised? Yet you keep trying to save the world from this "confirmed hack"
Please stop abusing the word

LMAO! Bruh, we get it. Go back to your Stern Army. Quit being a keyboard warrior and grow a set and call capguntrooper a liar since that is what you are hinting at. If cap said he got a call from Pat Powers I will take him at his word, the guy is still in the Army and just got back from Afghanistan for like his 5th time or something. What have you done in your life that would earn you the consideration he deserves? I am going to take him at his word when he said he talked to Pat, if you want to man up and call him a liar go for it, but cap's track record here has been nothing but helpful here and you are just trying to stir the pot and talk smack SJW. I for one appreciate the heads up Capguntrooper, keep on keepn on bro.

#61 2 years ago

I got hit with an email also

-2
#62 2 years ago
Quoted from capguntrooper:

Wrong. AGAIN, see original post. Confirmed Stern was hacked.

You haven't confirmed Stern was hacked until you know their systems were broken into and accessed by people purposefully trying to break into Stern.

All you know is at least one Stern employee got some malware that harvested email addresses. That is not being hacked. Malware is a common occurrence in today's society. Worthy of a PSA. You're going overboard.

#63 2 years ago
Quoted from fliperz:

LMAO! Bruh, we get it. Go back to your Stern Army. Quit being a keyboard warrior and grow a set and call capguntrooper a liar since that is what you are hinting at. If cap said he got a call from Pat Powers I will take him at his word, the guy is still in the Army and just got back from Afghanistan for like his 5th time or something. What have you done in your life that would earn you the consideration he deserves? I am going to take him at his word when he said he talked to Pat, if you want to man up and call him a liar go for it, but cap's track record here has been nothing but helpful here and you are just trying to stir the pot and talk smack SJW. I for one appreciate the heads up Capguntrooper, keep on keepn on bro.

LOL thanks man, SJW, good one.

Quoted from YeOldPinPlayer:

You haven't confirmed Stern was hacked until you know their systems were broken into and accessed by people purposefully trying to break into Stern.
All you know is at least one Stern employee got some malware that harvested email addresses. That is not being hacked. Malware is a common occurrence in today's society. Worthy of a PSA. You're going overboard.

PFFFT, not overboard at all. AGAIN, try reading posts before throwing out false accusations. I confirmed the Hack as per Patrick Powers who CALLED ME PERSONALLY to confirm Stern being hacked, it don't get anymore confirmed than that, but hey I guess Patrick is also a liar too. In any case I have another source CONFIRMING the hack, will I share that with you? HECK NO, I like my job and have nothing to prove. Hey man if it makes you feel better you can call it purple pony malware, I really don't care.

FYI: "HACKED - to use a computer to gain unauthorized access to data in a system." email address from another persons computer is data stolen....sooooooooo yeah HACKED, go ahead and stick with purple pony so your feelings don't get hurt though.

-2
#64 2 years ago
Quoted from capguntrooper:

I confirmed the Hack as per Patrick Powers who CALLED ME PERSONALLY to confirm Stern being hacked, it don't get anymore confirmed than that, but hey I guess Patrick is also a liar too.

No one said you're a liar. So far you're just a little hysterical about some common malware. If you continue to repeat bad information now that you've been told the correct information then you would be a liar. Ignorance is easily remedied with some education but it's up to you to fix it.

-3
#65 2 years ago
Quoted from fliperz:

LMAO! Bruh, we get it. Go back to your Stern Army. Quit being a keyboard warrior and grow a set and call capguntrooper a liar since that is what you are hinting at. If cap said he got a call from Pat Powers I will take him at his word, the guy is still in the Army and just got back from Afghanistan for like his 5th time or something. What have you done in your life that would earn you the consideration he deserves? I am going to take him at his word when he said he talked to Pat, if you want to man up and call him a liar go for it, but cap's track record here has been nothing but helpful here and you are just trying to stir the pot and talk smack SJW. I for one appreciate the heads up Capguntrooper, keep on keepn on bro.

You aren't even understanding the conversation

#66 2 years ago
Quoted from capguntrooper:

LOL thanks man, SJW, good one.

PFFFT, not overboard at all. AGAIN, try reading posts before throwing out false accusations. I confirmed the Hack as per Patrick Powers who CALLED ME PERSONALLY to confirm Stern being hacked, it don't get anymore confirmed than that, but hey I guess Patrick is also a liar too. In any case I have another source CONFIRMING the hack, will I share that with you? HECK NO, I like my job and have nothing to prove. Hey man if it makes you feel better you can call it purple pony malware, I really don't care.
FYI: "HACKED - to use a computer to gain unauthorized access to data in a system." email address from another persons computer is data stolen....sooooooooo yeah HACKED, go ahead and stick with purple pony so your feelings don't get hurt though.

LMAO, dude they went cried to a mod on your own post, that is hilarious! Just goes to show ya can't argue with stupid, just put em on ignore, they aint worth your time, everyone else who has liked and commented here has your back and it just shows these two clowns are just Stern Army goons. What did you do to make them cry? Maybe they feel left out cuz they didn't get an email....LMAO!

-5
#67 2 years ago
Quoted from YeOldPinPlayer:

No one said you're a liar. So far you're just a little hysterical about some common malware. If you continue to repeat bad information now that you've been told the correct information then you would be a liar. Ignorance is easily remedied with some education but it's up to you to fix it.

Reminds me of everyone saying they got hacked when someone copies their Facebook profile . Repeating bad information doesn't improve it. But hey that's what they were told! Lol

#68 2 years ago

We still haven't seen an actual SMTP mail header which is the evidence we need. An image of the email from someone's inbox without the header is not helpful.

This is what an example mail header looks like:

Return-Path: <example_from@dc.edu>
X-SpamCatcher-Score: 1 [X]
Received: from [136.167.40.119] (HELO dc.edu)
by fe3.dc.edu (CommuniGate Pro SMTP 4.1.8)
with ESMTP-TLS id 61258719 for example_to@mail.dc.edu; Mon, 23 Aug 2004 11:40:10 -0400
Message-ID: <4129F3CA.2020509@dc.edu>
Date: Mon, 23 Aug 2005 11:40:36 -0400
From: Taylor Evans <example_from@dc.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0

-Jay

#69 2 years ago

Got one too.

#70 2 years ago
Quoted from jrobinso99:

Return-Path: <example_from@dc.edu>
X-SpamCatcher-Score: 1 [X]
Received: from [136.167.40.119] (HELO dc.edu)
by fe3.dc.edu (CommuniGate Pro SMTP 4.1.8)
with ESMTP-TLS id 61258719 for example_to@mail.dc.edu; Mon, 23 Aug 2004 11:40:10 -0400
Message-ID: <4129F3CA.2020509@dc.edu>
Date: Mon, 23 Aug 2005 11:40:36 -0400
From: Taylor Evans <example_from@dc.edu>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0

Fore those that have NFI what we mean and use gmail:
- go into the message in a web browser
- in the top right corner there's a down arrow menu, click that
- select "Show Original"
In the bottom part of the screen, the raw email is displayed. The headers start at the first line of the email and run to the first completely blank line. Copy/paste the headers into a post here - go through and edit out your email address with something like [me] instead.

#71 2 years ago

I just got my email from Stern. I feel special that I was included on this list.

#72 2 years ago
Quoted from flynnibus:

Reminds me of everyone saying they got hacked when someone copies their Facebook profile . Repeating bad information doesn't improve it. But hey that's what they were told! Lol

So let me get this straight. Your mad cuz the OP's choice of words as opposed to a technical term that some people here won't understand? I think its you, who do not "understand" the conversation.

well-why-dont-you-cry-about-it (resized).jpeg

#73 2 years ago

Payment sent. Must have slipped my mind.

#74 2 years ago

Looks like the spammers are still at it. I just received this email this morning. It looked suspicious, so I deleted it .
I haven't contacted Stern about anything for well over a year .

__________________________________________________________________________________________________

new order upcoming
Tue, Oct 10, 2017 10:02 AM
Hello,

Thank you for your enquiry, please find your quotation attached.

http ronchapple . com/Statement/

Thanks for your business!

Chas.Siddiqi@sternpinball.com

[Moderator edit]: changed link to be non-clickable.

#75 2 years ago

If someone posts the email headers, I can investigate to see where the emails might be originating from.

Otherwise, just posting the text of the message doesn't do much good.

#76 2 years ago

Some German sites. It’s like grandpa always said: “Don’t ever trust a German”

38294750-B8EC-4BB9-BDDE-227AEAAA2AC2 (resized).png

#77 2 years ago
Quoted from ForceFlow:

If someone posts the email headers, I can investigate to see where the emails might be originating from.
Otherwise, just posting the text of the message doesn't do much good.

Will this screen shot work.

Screenshot_2017-10-10-12-39-38 (resized).png

#78 2 years ago

The email headers contain all the technical gibberish. What you are showing are just the "from" email addresses, which can easily be spoofed.

I'm not sure that the headers can be revealed with the iOS mail app, though.

#79 2 years ago

I opened in Gmail on my Mac and saw all the header information but I don’t really want to screenshot and put my IP and email information all over Pinside.

0195046D-413C-4181-B7DF-9D5D5FE9E3C0 (resized).jpeg

#80 2 years ago
Quoted from ForceFlow:

The email headers contain all the technical gibberish. What you are showing are just the "from" email addresses, which can easily be spoofed.

Im learning . How about this?

~.pdf

#81 2 years ago

Your Received: headers show the email originated from IP 212.41.96.38, which resolves to solnet.ch. ch is assigned to Switzerland. The spammer could have an account there, could have compromised a machine that has an account there, Solnet could have a vulnerable system that allowed unauthorized usage.

Note that sheratonparco.com is probably faked. The domain is real but likely doesn't use Solnet for their email.
https://whois.icann.org/en/lookup?name=sheratonparco.com

#82 2 years ago
Quoted from capguntrooper:

!!!!!ATTENTION PINSIDE MEMBERS!!!!!
DO NOT, for any reason open invoice emails sent to your email from Stern Pinball and PLEASE do not forward them to your distributors. Delete without opening!

First of all, thanks for the heads-up, capguntrooper!

I hope you don't mind, I have edited the thread title a bit - to better reflect what is happening here. The term "hacked" seems slightly off as we're looking at a fairly simple e-mail worm sending out e-mails with infected attachments (Word Macros?) from spoofed Sternpinball.com from addresses.

If you wanna know more, I found some info explaining this practice here: https://www.mailguard.com.au/blog/new-macro-word-malware-email-scams-hidden-in-zip-file-attachments

So, not exactly hacked - but someone at Stern got infected with some malware.

#83 2 years ago
Quoted from robin:

to better reflect what is happening here

That is exactly what I meant in post #2 Thanks Robin !

#84 2 years ago

I would have expected that Stern sends a warning message to all their contacts in their adress book.
Should not have been too difficult to do so.

Received today one if these mails in german language.

#85 2 years ago

I got one the other day also.

#86 2 years ago

WE got one today. From Chaz @ Stern. So they are still being sent out.

-2
#87 2 years ago
Quoted from robin:

First of all, thanks for the heads-up, capguntrooper!
I hope you don't mind, I have edited the thread title a bit - to better reflect what is happening here. The term "hacked" seems slightly off as we're looking at a fairly simple e-mail worm sending out e-mails with infected attachments (Word Macros?) from spoofed Sternpinball.com from addresses.
If you wanna know more, I found some info explaining this practice here: https://www.mailguard.com.au/blog/new-macro-word-malware-email-scams-hidden-in-zip-file-attachments
So, not exactly hacked - but someone at Stern got infected with some malware.

Robin,

If you want to change my title this is your forum and I have no choice in the matter. However the title was absolutely correct. Stern was hacked and Patrick Powers himself called me and confirmed it by using those exact words. What is happening now is a spoof scam from all the data that was acquired from the hack and that has been farmed out to additional scammers. Some people who have bought from Stern are unfamiliar with technical aspects of what is happening but have a general knowledge of what the word HACK means and will use that in a Google search to inquire about an odd invoice they have received from Stern, bringing them to this thread.

For anyone who has read through this thread will by now understand how a spoof scam works, but a key ingredient that is left out in this discussion is the "HOW". Without violating any details of the investigation that is still ongoing I can provide a question to the community which will give you the "HOW" since a few here do not want to take my word about the call from Stern Head I received or the other confirmed call from Stern verifying this as well.

QUESTION: How does a Spoof Scammer farm out all these emails from SEVERAL members here to the hundreds if not thousands more we do not know about? What is the common denominator of where all our emails would have been housed on the same server for a spoof of this size to affect so many? I will give you a hint, it's not Pinside.

It seems perhaps a few members here may have PM'd you in petition to change the thread when it was not needed, again, your site so whatever you say is law. If you would like you can PM me and I can provide you my work number to a secure line where I can provide you with additional details that I am not permitted to discuss in an open forum.

-1
#88 2 years ago
Quoted from capguntrooper:

What is the common denominator of where all our emails would have been housed

An address book. Every email program uses one.
https://securelist.com/threats/email-worm/

-1
#89 2 years ago
Quoted from capguntrooper:

QUESTION: How does a Spoof Scammer farm out all these emails from SEVERAL members here to the hundreds if not thousands more we do not know about?

Robin said it in his post. Last line: "So, not exactly hacked - but someone at Stern got infected with some malware."

This is not being hacked. You could argue that is like tomato tomato but it is very different. People are saying they are hacked all the time as in fact they just clicked on something they should not have clicked as it is hard to understand for most people how this infecting takes place. Most of the time when I encounter something like this the user says they did not click on anything, until I show them what they did.

#90 2 years ago

Ya, they were hacked.

#91 2 years ago

Look, maybe I'm wrong in assuming that this is just a stolen e-mail address book from a Stern employee laptop. I'm certainly no cyber security specialist. I have no details about this, nor did anyone point me to this thread. I simply stumbled on the thread and felt the thread title a bit sensationalist, hence my renaming. A little housekeeping, if you will.

Personally, I think the term "hacked" is odd as -to me- this appears to be a simple case of an e-mail worm. Real 'hackers' usually have other goals than harvesting e-mail addresses. But I don't doubt that Pat Powers told you they were hacked. I just think that the term 'hacked' is overused a bit nowadays.

Look, regardless who's right and what the exact term is: it's good that you put up a warning to people to watch out for weird emails seemingly coming from Stern.

#92 2 years ago

I have been around computers since back when "hacker" was a compliment. Before you could buy IBM PCs and Macintoshes these brave pioneers would hack together their own computer designs using discrete components. Breaking into mainframes was called "cracking."

Another cool word whose meaning has been ruined by overgeneralization, a la "awesome."

#93 2 years ago

Cool, I always thought "cracking" was about removing the protection from software. I grew up with computers in the eighties (c64, 386, amiga). It seems like a lot of these words change meaning over the decades.

#94 2 years ago
Quoted from robin:

Cool, I always thought "cracking" was about removing the protection from software. I grew up with computers in the eighties (c64, 386, amiga). It seems like a lot of these words change meaning over the decades.

cracking = removing protections from software (usually serial numbers)
hacking = gaining entry into a system without permission
phishing = trying to extract information through deceptive measures (which can lead to a "hack" or identity theft)

But these are probably all out of date terms now

#95 2 years ago
Quoted from robin:

Cool, I always thought "cracking" was about removing the protection from software. I grew up with computers in the eighties (c64, 386, amiga). It seems like a lot of these words change meaning over the decades.

No you're correct. I was briefly in "Paranoimia" way back then with the Amiga. Our rival was the hated "Quartex"... lol Boy that takes me back. Talk about misspent youth

2 months later
#96 2 years ago

got this email today...be careful!

probably dangerous (resized).jpg

#97 2 years ago

I got one last week.

#98 2 years ago

I got one from Chas in October about him paying my due balance and sending me the receipt. Was wondering if it was a spoof.

1 week later
#99 2 years ago

I did get another one and hovered over the email and it had .ru at the end. No I did not click on it . sent to spam and deleted.

3 weeks later
#100 2 years ago
Quoted from TheHueManatee:

cracking = removing protections from software (usually serial numbers)
hacking = gaining entry into a system without permission
phishing = trying to extract information through deceptive measures (which can lead to a "hack" or identity theft)
But these are probably all out of date terms now

SOOOOOOO, by these definitions, Stern was hacked and the email addresses that were stollen are being used as phishing scam? That or Stern is selling off our info to third parties to pay for ghosting play fields.

Promoted items from the Pinside Marketplace
From: $ 40.00
Lighting - Interactive
Professor Pinball
$ 5,899.00
Pinball Machine
Classic Game Rooms
From: $ 99.99
$ 22.00
Cabinet - Sound/Speakers
ModFather Pinball Mods
6,200 (OBO)
Sale Pending!
Binghamton, NY
There are 102 posts in this topic. You are on page 2 of 3.

Hey there! Got a moment?

Great to see you're enjoying Pinside! Did you know Pinside is able to run thanks to donations from our visitors? Please donate to Pinside, support the site and get anext to your username to show for it! Donate to Pinside