A scam email was sent out to a number of our sellers on 12th July 2017 via our messaging system.
This email did not come from Folksy, Folksy was not hacked, Folksy has not infected anybody, and our database and all information stored in it is secure.
Our messaging system was used to send an email with a link that, if clicked, may have been malicious and contained a virus. This email was sent out through the normal process of creating a Folksy user account and sending a message to sellers (more details below). At no point were our systems penetrated, and no sensitive information or portions of our system were seen by the scammers.
The content of the email looked similar to the below:
Invalid order / Mistake Order
Hi dear seller about a few days ago,I bought your stuff, but I still do not get this position in my account, although i have this transaction in my paypal account. I called Folksy client support, they advised me to contact you attached a screenshots of my paypal and folksy accounts.
Here are screenshots:
Please help me understand about the situation.
What are the risks?
If you received the email and didn’t click the link then there are no risks at all. If you did click the link, then the risk is still low – see below for what to do next.
Please note that neither Folksy nor its database have been hacked.
No financial data for buyers or sellers is held by Folksy and so could never be hacked
All Folksy passwords are encrypted and secure, and so could never be hacked
What do I need to do?
A. If you have not clicked on the link in the email:
You don't need to do anything
Opening the email or replying to the email will not have compromised any of your personal information
You can delete the email
B. If you have clicked on the link in the email:
If the file failed to open, or was blocked by your firewall, or the code failed to run, it is very unlikely to have caused any damage to your system or compromised any of your details. However, because at this stage we are unsure how serious the risk is, we would advise the following as a precautionary measure:
Run a full security scan on your computer or device with an appropriate, up-to-date security solution.
Update the software on your device or computer to the latest versions (software and app updates contain vital security upgrades that help keep your devices secure). Find out how to do that here https://www.cyberaware.gov.uk/software-updates
Change your Folksy password. Do this by going to https://folksy.com signing in and navigating to 'change password/email' on your Dashboard. If you've forgotten your password, use the 'forgot password?' link on the sign-in screen
Change your email password
Tell us if you saw anything strange when you clicked on the link or if you notice anything related that worries you. You can do that here https://folksy.uservoice.com/
What do we know about the email and what are we doing about it?
The link in the email appears to contain malicious code written in PHP. We have analysed the link and it is a portion of unreadable PHP code intended to run in the browser. Initial analysis shows it was targeted at Windows Operating Systems, but we don’t yet know what its intention was. We’re continuing to investigate.
We have reported the domain that the link to the code is hosted on to the registrar and to the anonymising service that domain is using to hide behind.
As soon as we became aware of the scam, we disabled Folksy messaging to stop more emails being sent out.
The Folksy messaging system is now back up with additional protections in place.
We emailed everyone who had received the email and put warnings out on social media and on the Folksy forum, to alert all Folksy sellers as quickly as possible.
How did it happen?
Sadly scam emails happen all the time, but we don’t often see them on Folksy as we ensure messages can only be sent to sellers from a registered Folksy account and we also have spam filters in place and limit the number of messages user accounts can send.
In this case, we believe an automated script was used to register as a new Folksy user with a randomly generated, fake email address, browse to a number of active shops and click the “Contact” link for those shops. This enabled them to send quite a large number of emails to sellers in a short time from multiple fake accounts before we became aware of the activity and immediately shut down the messaging system to stop it.
The messaging system is now back up and running with additional protections in place. Currently, those protections consist of limiting people to sending only one email per minute, and scanning the content of the email to make sure there are no external links in them. This does mean some legitimate messages may get blocked. If that happens to a message you want to send, you will be informed by email that the message was blocked, and you can then contact our Support team who can advise you on how to get the message to send successfully.
Where to go for more information and help:
How to spot scam and phishing emails: http://www.actionfraud.police.uk/fraud-az-vishing
Government advice on protecting yourself online: http://www.cyberaware.gov.uk/
How to keep safe online: https://www.getsafeonline.org/