I got one as well from Chas. Looking at the header the IP originated from Jordan.

I got an email from homepin the other day filled with expletives and the F and N word all over it and thought they were hacked too.

Turns out it was just Mike saying hello.

Damn Equifax!!

This doesn't mean stern was hacked. What is means is that someone who has you in their address book was hacked, who also had Stern in their address book, and the virus emails everyone randomizing the to and from. This happened recently to me, a friend 'sent' the email but the actual from address was a German webmail provider.

Bingo....

Obviously Stern is lacking Cyber-Security measures to prevent these problems. Not a dig on Stern, many small companies fail to implement adequate protection and policies.

Apparently it's a longstanding cultural thing down here in Australia?

It's news to me anyway....

What are you the white knight here to save people? Looking for a trophy? You made the awareness... the thread is out there. The sloppy reporting, loose terminology, etc just comes across as hyper. I shade from calling it hysteria because you claim to have some background, but this is getting ridiculous.

You keep saying "confirmed by stern!"

What, that maybe one or more people got some malware? Or was it their infrastructure was compromised? Yet you keep trying to save the world from this "confirmed hack"

Please stop abusing the word

LMAO! Bruh, we get it. Go back to your Stern Army. Quit being a keyboard warrior and grow a set and call capguntrooper a liar since that is what you are hinting at. If cap said he got a call from Pat Powers I will take him at his word, the guy is still in the Army and just got back from Afghanistan for like his 5th time or something. What have you done in your life that would earn you the consideration he deserves? I am going to take him at his word when he said he talked to Pat, if you want to man up and call him a liar go for it, but cap's track record here has been nothing but helpful here and you are just trying to stir the pot and talk smack SJW. I for one appreciate the heads up Capguntrooper, keep on keepn on bro.

I got hit with an email also

You haven't confirmed Stern was hacked until you know their systems were broken into and accessed by people purposefully trying to break into Stern.

All you know is at least one Stern employee got some malware that harvested email addresses. That is not being hacked. Malware is a common occurrence in today's society. Worthy of a PSA. You're going overboard.

No one said you're a liar. So far you're just a little hysterical about some common malware. If you continue to repeat bad information now that you've been told the correct information then you would be a liar. Ignorance is easily remedied with some education but it's up to you to fix it.

You aren't even understanding the conversation

LMAO, dude they went cried to a mod on your own post, that is hilarious! Just goes to show ya can't argue with stupid, just put em on ignore, they aint worth your time, everyone else who has liked and commented here has your back and it just shows these two clowns are just Stern Army goons. What did you do to make them cry? Maybe they feel left out cuz they didn't get an email....LMAO!

Reminds me of everyone saying they got hacked when someone copies their Facebook profile . Repeating bad information doesn't improve it. But hey that's what they were told! Lol

We still haven't seen an actual SMTP mail header which is the evidence we need. An image of the email from someone's inbox without the header is not helpful.

This is what an example mail header looks like:

Return-Path: <[email protected]>
X-SpamCatcher-Score: 1 [X]
Received: from [136.167.40.119] (HELO dc.edu)
by fe3.dc.edu (CommuniGate Pro SMTP 4.1.8)
with ESMTP-TLS id 61258719 for [email protected]; Mon, 23 Aug 2004 11:40:10 -0400
Message-ID: <[email protected]>
Date: Mon, 23 Aug 2005 11:40:36 -0400
From: Taylor Evans <[email protected]>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0

-Jay

Got one too.

Fore those that have NFI what we mean and use gmail:
- go into the message in a web browser
- in the top right corner there's a down arrow menu, click that
- select "Show Original"
In the bottom part of the screen, the raw email is displayed. The headers start at the first line of the email and run to the first completely blank line. Copy/paste the headers into a post here - go through and edit out your email address with something like [me] instead.

I just got my email from Stern. I feel special that I was included on this list.

So let me get this straight. Your mad cuz the OP's choice of words as opposed to a technical term that some people here won't understand? I think its you, who do not "understand" the conversation.

well-why-dont-you-cry-about-it (resized).jpeg

Payment sent. Must have slipped my mind.

Looks like the spammers are still at it. I just received this email this morning. It looked suspicious, so I deleted it .
I haven't contacted Stern about anything for well over a year .

__________________________________________________________________________________________________

new order upcoming
Tue, Oct 10, 2017 10:02 AM
Hello,

Thank you for your enquiry, please find your quotation attached.

http ronchapple . com/Statement/

Thanks for your business!

[email protected]

[Moderator edit]: changed link to be non-clickable.

If someone posts the email headers, I can investigate to see where the emails might be originating from.

Otherwise, just posting the text of the message doesn't do much good.

Some German sites. It’s like grandpa always said: “Don’t ever trust a German”

38294750-B8EC-4BB9-BDDE-227AEAAA2AC2 (resized).png

Will this screen shot work.

Screenshot_2017-10-10-12-39-38 (resized).png

The email headers contain all the technical gibberish. What you are showing are just the "from" email addresses, which can easily be spoofed.

I'm not sure that the headers can be revealed with the iOS mail app, though.

I opened in Gmail on my Mac and saw all the header information but I don’t really want to screenshot and put my IP and email information all over Pinside.

0195046D-413C-4181-B7DF-9D5D5FE9E3C0 (resized).jpeg

Im learning . How about this?

~.pdf

Your Received: headers show the email originated from IP 212.41.96.38, which resolves to solnet.ch. ch is assigned to Switzerland. The spammer could have an account there, could have compromised a machine that has an account there, Solnet could have a vulnerable system that allowed unauthorized usage.

Note that sheratonparco.com is probably faked. The domain is real but likely doesn't use Solnet for their email.
https://whois.icann.org/en/lookup?name=sheratonparco.com

First of all, thanks for the heads-up, capguntrooper!

I hope you don't mind, I have edited the thread title a bit - to better reflect what is happening here. The term "hacked" seems slightly off as we're looking at a fairly simple e-mail worm sending out e-mails with infected attachments (Word Macros?) from spoofed Sternpinball.com from addresses.

If you wanna know more, I found some info explaining this practice here: https://www.mailguard.com.au/blog/new-macro-word-malware-email-scams-hidden-in-zip-file-attachments

So, not exactly hacked - but someone at Stern got infected with some malware.

That is exactly what I meant in post #2 Thanks Robin !

I would have expected that Stern sends a warning message to all their contacts in their adress book.
Should not have been too difficult to do so.

Received today one if these mails in german language.

I got one the other day also.

WE got one today. From Chaz @ Stern. So they are still being sent out.

An address book. Every email program uses one.
https://securelist.com/threats/email-worm/

Robin said it in his post. Last line: "So, not exactly hacked - but someone at Stern got infected with some malware."

This is not being hacked. You could argue that is like tomato tomato but it is very different. People are saying they are hacked all the time as in fact they just clicked on something they should not have clicked as it is hard to understand for most people how this infecting takes place. Most of the time when I encounter something like this the user says they did not click on anything, until I show them what they did.

Ya, they were hacked.

Look, maybe I'm wrong in assuming that this is just a stolen e-mail address book from a Stern employee laptop. I'm certainly no cyber security specialist. I have no details about this, nor did anyone point me to this thread. I simply stumbled on the thread and felt the thread title a bit sensationalist, hence my renaming. A little housekeeping, if you will.

Personally, I think the term "hacked" is odd as -to me- this appears to be a simple case of an e-mail worm. Real 'hackers' usually have other goals than harvesting e-mail addresses. But I don't doubt that Pat Powers told you they were hacked. I just think that the term 'hacked' is overused a bit nowadays.

Look, regardless who's right and what the exact term is: it's good that you put up a warning to people to watch out for weird emails seemingly coming from Stern.

I have been around computers since back when "hacker" was a compliment. Before you could buy IBM PCs and Macintoshes these brave pioneers would hack together their own computer designs using discrete components. Breaking into mainframes was called "cracking."

Another cool word whose meaning has been ruined by overgeneralization, a la "awesome."

Cool, I always thought "cracking" was about removing the protection from software. I grew up with computers in the eighties (c64, 386, amiga). It seems like a lot of these words change meaning over the decades.

cracking = removing protections from software (usually serial numbers)
hacking = gaining entry into a system without permission
phishing = trying to extract information through deceptive measures (which can lead to a "hack" or identity theft)

But these are probably all out of date terms now

No you're correct. I was briefly in "Paranoimia" way back then with the Amiga. Our rival was the hated "Quartex"... lol Boy that takes me back. Talk about misspent youth

got this email today...be careful!

probably dangerous (resized).jpg

I got one last week.

I got one from Chas in October about him paying my due balance and sending me the receipt. Was wondering if it was a spoof.

I did get another one and hovered over the email and it had .ru at the end. No I did not click on it . sent to spam and deleted.

SOOOOOOO, by these definitions, Stern was hacked and the email addresses that were stollen are being used as phishing scam? That or Stern is selling off our info to third parties to pay for ghosting play fields.