russian guy making humble bundle gift links with an oldemail
Page 1 of 1
PickupArtist




Posts: 9710

PostPosted: Fri, 19th Feb 2021 14:46    Post subject: russian guy making humble bundle gift links with an oldemail
Just got an email from humble bundle with a tropico 3 gift link, before that i got a email from humble in russian , think i maybe used this email to gift myself something in the past, never used this email for my main humble account so i did some digging

No humble bundle account existed with said email addres, but when i went to register using another pc and going to humble bundle site via google (didnt click any links) it said purchases had been made with said email , i could still register the email, but no purchases show up in account details now that i registred it (using trow away details)

first email in russian:
You received this email because you were trying to reset the Humble Bundle password. Our records show that you have purchased items from us in the past, but have not yet created a Humble Bundle account with this email address.

second email was in english:
It looks like you have requested your Humble Bundle orders. If you did not initiate this request, please disregard this message.

Tropico 3 (gift)

wtf is their gameplan sending me gift links ? Its not even a gmail , its a bloody belgian isp email address so its super unlikely he wrote the wrong email by accident

Ive been noticing a lot of old game account emails recently on this email addres, i just dont get what they trying to accomplish

anyone want the tropico 3 gift link ? it looks legit

exmaple of other email of on the same day (lotro game account) :

Hello,

A request has been made to change the password for your Standing Stone Games Account. Please follow the link below to change your password:

whats the point of sending pasword reset emails to an email they dont control ...
Back to top
PickupArtist




Posts: 9710

PostPosted: Mon, 22nd Feb 2021 23:29    Post subject:
and the next batch of accounts mails today

teamviewer in chineze
"TeamViewer Account Activation" <AccountActivation-noreply@teamviewer.com>;
Thank you for registering a TeamViewer account. To activate your account, please click on the link below.


instagram

Hi,

Someone tried to sign up for an Instagram account with xxxx@xxxx.be

wtf is the point ? Is it bots just recycling emails ?

its been a whole range of sites, some i have had accounts, some i dont have, why on earth are they registring accounts with a 20y old email linked to a nation and a isp ... they have zero control over and not gmail accounts instead


or is the masterplan sending a bunch of real ones and then all of a sudden porn fake ones or something trying to trick me in clicking a link? thats a ton of work lol
Back to top
Frant
King's Bounty



Posts: 24433
Location: Your Mom
PostPosted: Tue, 23rd Feb 2021 07:38    Post subject:
Well, seems like some kind of elaborate phishing/trojan scheme to me. I wouldn't be surprised if someone's got plenty of detailed information about you and/or your accounts etc. at this point.

I'd get rid of that shit, change passwords on everything, scan your PC thoroughly, possibly get new email addresses and discard your old email accounts.


Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn!

"Thank you to God for making me an Atheist" - Ricky Gervais
Back to top
DXWarlock
VIP Member



Posts: 11422
Location: Florida, USA
PostPosted: Tue, 23rd Feb 2021 10:13    Post subject:
It might be an email account that either the current, or old password was gotten for.
So a bot is trying to use it to create accounts, reset accounts on 'brute force' password reset on other sites you have a reset for on that email, and login to get the emails.

If an email and password is on a list somewhere (even if old) bots can try 1000's of common sites a minute sending reset password using that email, and then tries to login with the email itself and parses out the reset links and runs them..locking you out of all the ones it was successful on.

I get a few a month of some bot somewhere that got my email address trying to reset my epic/blizzard/whatever login. But I change my email password every month or so..and they are helpless trying to get the reset emails.

And id check (if you have a way) if any other IP than yours accessed your account. Just because email is 'unread' doesnt mean they/a bot didn't read it. its a simple matter to set an email back to unread so the user 'thinks' no one got in to read them and make it suspicious new email you never seen are marked as read.


-We don't control what happens to us in life, but we control how we respond to what happens in life.
-Hard times create strong men, strong men create good times, good times create weak men, and weak men create hard times. -G. Michael Hopf

Disclaimer: Post made by me are of my own creation. A delusional mind relayed in text form.
Back to top
PickupArtist




Posts: 9710

PostPosted: Tue, 23rd Feb 2021 13:33    Post subject:
thats just it, the mail isnt compromised im 99% sure, and it needs a special ISP page to log into, super unlikely

if i wanted to i can claim all those accounts they made

i just dont get how its a mix of chineze, english, russian, all in the same day, its randoms just making accounts for the heck of it using an email they dont acces ...

also why would they not delete the emails such as activation links and warnings of logins, if they had acces, putting it on unread is just stupid , as its the email itself that raises suspicion

its just so weird and id like to have a peek into the mind of such script kiddies what they thought process is of making these accounts
Back to top
DXWarlock
VIP Member



Posts: 11422
Location: Florida, USA
PostPosted: Tue, 23rd Feb 2021 13:52    Post subject:
Its bots, more than likely it's in a loooong list of email address its hammering that it had an old password that was leaked at one time.
Quantity over quality. If they only manage to get into 1% of the email addresses they can hammer in a day off a list, to activate the accounts (or steal accounts with password reset) that's a crapload. Yours is just probably in the margin of loud noise of failed attempts they dont even notice its not working for yours particularly.

Think about it, if you had a email list 100,000 long, with logins worknig or not. And a bot network setup to hammer them all day everyday churning on every popular site that it might work to reset an account, or sign up for free accounts by the 1000's.
Would you notice (or care) any in particular didn't return a result at the end of the day if you got a output of 100's of accounts made, and 100s of existing accounts notifying of successfully reset?
And for free keys, same thing. They want quantity, not success rate per. They might be selling the keys or games. If they make/scam/signup bot trade 1000's of them. They dont really care if some can't be retrieved.


-We don't control what happens to us in life, but we control how we respond to what happens in life.
-Hard times create strong men, strong men create good times, good times create weak men, and weak men create hard times. -G. Michael Hopf

Disclaimer: Post made by me are of my own creation. A delusional mind relayed in text form.


Last edited by DXWarlock on Tue, 23rd Feb 2021 14:00; edited 3 times in total
Back to top
PickupArtist




Posts: 9710

PostPosted: Tue, 23rd Feb 2021 13:57    Post subject:
and my isp isnt any help they hiding behind EU GDRP "privacy" and cant tell me the last logins dates/times nor ip addresses, literally saying they arent allowed to know this data

so silly grrr, thats just a horrible security flaw to hide behind gdrp and having such massive security gap

i expect any isp provider to protect customer logins from strange logins !!!!!!!!!

i think ill go from 90% spam mail to 100% and move any last logins i had on this account over to gmail i guess. thats just unacceptable security
Back to top
Page 1 of 1 All times are GMT + 1 Hour
NFOHump.com Forum Index - The Bitching Session
Signature/Avatar nuking: none (can be changed in your profile)  


Display posts from previous:   

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group