email Misery

Good morning all,

If for whatever reason, you should receive a message from [color:"red"]BAREBOATS BVI[/color] that contains an attachment or asks you to open a link, [color:"red"]DO NOT OPEN EITHER ONE![/color]

My email address has been spoofed by spammers and I am currently dealing with a ridiculous number of "undeliverable" messages as well as messages from companies replying to the spam messages sent out. This is clearly yet another attack on Bareboats BVI. The motive remains a complete mystery.

The email itself is harmless, but I have no idea what may be in the attachment.

So ... just a heads up, throw the message in the trash and forget about it. It isn't from me and I don't send attachments to anyone unless I tell them it is coming first.

It seems this particular spammer has been very, very busy this morning. My phone hasn't stopped ringing with people asking how they can help me! Meanwhile, I have been pressing "delete" pretty much every 2 seconds since 7:00 a.m. and it is now 10:20 a.m.

Sigh.

Good luck.

Thanks ... just trying to do damage control at this point.

You should be able to stop it by changing your email password.

I doubt it's a specific attack on bareboats BVI. It's a typical virus attack where your server got infected and the virus is trying to spread itself via your address book. You probably should isolate the system from the internet until you get a IT guy in to clean everything. Any personal data for you or customers may have been compromised. That is the usual point of this type of attack. Sad world we live in where you have people who do this kind of garbage.

The messages are not being sent to my client list or my address book and my computer is fine. I have several firewalls set up and it (my computer) has already been checked over.

The messages were (and still are) being sent worldwide to travel agencies, other yacht charter companies, hotels and anyone in the hospitality industry.

I have spent the entire day responding to people who "think" they are responding to me. This is one of the messages sent ... but it is changed (slightly) to suit the particular business the spammer is sending to:

-------------------

Hello,

Can you please quote the attached for us,a group of 8 people (All adult) are going on vacation on a yacht

Kindly quote us your best price as this is for our repeating client.

Hope to hear from you soon.

-------------------

I have received phone calls from travel agencies, hotels, insurance companies, livery houses, air charter services, and yacht charter companies (I have never dealt with) in Singapore, Laos, Islamabad, Portugal, England, France, the Maldives, Canada, the U.S. ... and the list goes on. They also sent a raft of emails to people in various businesses in the BVI.

If this isn't an attack on Bareboats BVI, I really don't know what to make of it. I have had over 3,000 undeliverable (bounceback) messages since 7:00 am, untold phone calls and emails from people asking me to resend my message in PDF format because they can't open the attachment.

I have been busy all day deleting the "undeliverable" messages and trying to respond to all emails sent by those who were taken in by the scam and wrote back to me.

I haven't come across any client emails at all. I am still ploughing through the dross.

I have also been deleting all the messages online before they get to my email programme on my computer.

Just another day in paradise!

At least it is a day in paradise... We'll be there tomorrow.

The only way to avoid stuff like this is to make sure you have an SPF record set up. Even then, it is still possible because not all servers look for SPF records, but if you don't have one, it makes this kind of spam much easier.

Yep, we got to our AgapeCottages account this morning and I don't think we would have been in your address book as it's a fairly new email account.

Good Luck,
Jason

We received it too.

Good luck.

In all likelihood they have hijacked another computer far away. Then they borrowed your email(like borrowing your name). That spoof only makes it look like you sent the email. In reality your computer and email account never touched it until it was returned to you.

In the snail mail world. This would be the same thing and mailing thousands of letter with another person's return address.

There is very little you can do to stop this. Someone who can read headers may be able to figure out that ISP the hijacked computer is actually related to allowing you to try and contact that ISP to intervene on that machine/IP address.

The only way to protect yourself here is to limit where you share your email address. Each time you put an email address on a forum or use it as a login you are at risk. Many create a second email to use when they must share their email address in the public. Would you put your phone number on the internet? Treat the email you use for your business of personal two way communications the same.

The spew will likely continue until the other machine hijacked is cleaned or disconnected from the internet.

Root cause someone found your email address laying around, hijacked another computer with tons of email addresses, stole all those email addresses, and is using the hijacked computer to spew many, many fraudulent emails. YOu are getting the emails that bounce back to your return address. The ones that get through look like leads to the recipient and they are calling or emailing you to get the business. Unless someone gets a ransom note? These are likely kids in a coffee shop having fun.

This has happened to my business about once a year for the last several years.

I agree with Ron's assessment of what's going on. ONLY your email address is being used - no hack to your website, your address book, or your email account.

You're only seeing the return bounces, exactly as Ron said.

I disagree with Ron, in that there is usually an agenda with these things. Perhaps the secret lies in the 'attachment'. Have you looked at it? It could be something as innocuous as an advertisement for boner pills, or flat belly pills or some such silliness.

It could also be an executable file intended to do harm, slurp data, install malware - a true virus. Although most every responsible computer owner has antivirus protection that will stop it, every now and again one will get through - making it worth their while.

The good news is that will stop, in my experience, almost as quickly as it started. You should be all done with it in a couple of days.

My IT guy wants me to remove all email addresses from our website to stop this kind of 'harvesting'. So far, to his chagrin, I've resisted.

Hang in there. This too shall pass.

Liane in the past has had her website attacked and not sure if cloned is the correct term. But if I recall was redirecting traffic to another brokerage. I don't remember the story too well, so it would not surprise me if this was a direct attack.

Liane does an amazing job as a broker, her website definitely beats any of the charter companies in BVI. <a href="bareboatsbvi.com" target="_blank">Bareboatsbvi</a>

Something I didn't realize until a few years ago that she can still get you all the discounts that you can get directly from the charter companies, repeat customer etc. She gets paid by the brokerage fee all the companies retain for booking direct. The huge pluses is she has been aboard every boat she brokers and is an awesome advocate when something goes wrong.

In 2004 when our boat had a head issue, we knew about it from her before we knew about it from the charter company.

What a great testimonial! Nice!

I repeat - change your email password - I was hit with one of these a year ago and as soon as I logged out and changed my email password the crazy traffic stopped.

As I mentioned before, an SPF record can greatly aid in limiting this. Looking at the SPF for bareboatsbvi.com, it ends with a ?all - This should be -all as long as the SPF record lists all valid servers that mail can come from. This would prevent a problem like this from occurring. At least with any mail server that checks for SPF - which is the majority today.

If someone has taken control over your actual email account that would work. If the perp has only stolen your name(email address) and is using another account somewhere else. Changing your own password or login will do nothing.

Your plan would be the same thing as changing the front door lock on your house, when someone is mailing out snail mail garbage using your return address across town or the country.

The IP address in the headers may give an hint as to where the stuff is actually coming from.

Changing SPF can have unexpected results for some marketing companies. You need someone who fully understands your outbound marketing efforts.

For the intellectually curious. Here are the SPF checker results:

The following rules for the host name Bareboatsbvi.com were found. A total of 3 queries (as defined by RFC4408) were performed for fetching SPF and related records.

The DNS lookups for SPF took 244msec.

Allow if the IP matches an A or AAAA record of Bareboatsbvi.com

88.208.233.149

Allow if the IP matches an MX record of Bareboatsbvi.com
mail.bareboatsbvi.com.

88.208.233.149

Allow if the IP matches an A or AAAA record of bareboatsbvi.com

88.208.233.149

Allow all from the ip 88.208.233.149
Neutral all IPs which do not match any previous rule

Got the same E-Mail for the South Sound Villa <img src="http://www.traveltalkonline.com/forums/images/graemlins/duh.gif" alt="" />

As I noted in my original message and as repeated by several others, this was a SPOOFING incident ... or in other words, an imposter used my name and our company name to send out what may have been a virus or malware to unsuspecting victims. Nobody got into my computer or website.

The spammer obviously got an email from me and then turned around, used my standard signature and "reply" address to send out thousands of messages throughout the BVI and all over the world.

The messages went to hotels, villas, yacht charter companies, air charter companies, insurance companies, livery companies and even sky-diving and adventure tour outfits.

As has been correctly surmised, it was the "undeliverable bouncebacks" that had me hitting the delete button for 6 and a half hours. However, at the same time, I was receiving messages from all over the world who were responding to "my inquiry" and wanting more details. Sigh. I responded to over 1500 people explaining the situation.

I also received an endless string of phone calls from many businesses all over the map for a full 30 hours after this mass email mailing went out. Needless to say, I got absolutely nothing else done during that time ... including sleep.

My apologies to all those that got taken in by the messages sent [color:"red"]purportedly[/color] from me, but as you know by now, I had nothing to do with it. I can only guess that they used my name and email address, knowing that people would be likely to open the attachment. To answer the question as to what was in the attachment, I have no clue. I don't make a habit of opening attachments that [color:"red"]I KNOW were deliberately sent by spammers[/color]! I do not need to satisfy my curiosity ... thanks very much.

I posted the warning here, on my personal Facebook page, and 4 times on the BVI Community Bulletin Board ... in an effort to let people know not to open the attachment and to just throw it away.

My computer is fine, there were no breaches of any kind, my address book was not attacked. There are just several thousand more people in the world who have now heard of Bareboats BVI ... but not in a good way.

Anyway, it is over for now. I only received 4 or 5 dozen messages today. I have responded to all of the companies who got sucked in and have told them it was a spoof thing. They all understood, so hopefully, that will be the end of it.

To Mike Kneafsey: Thanks very much for the kind words ... and yes, the Bareboats BVI website was basically cloned without my knowledge. It was also attacked by a "drug" spammer who managed to breach my web host's security, downloaded the whole site, added invisible text and links (white text on a white background)... pointing to websites selling Viagra and other nonsense. They did this on every single page of the site and then uploaded it again. I had no idea for over a year.

To the uninitiated, the spammer was piggy-backing on our website's excellent reputation and ranking in Google. Those links (even though invisible) would boost the credibility to the spammers drug site because links from our website pass along what Google refers to as "Page Rank". Page rank is basically a "vote" system and is one of the major things that dictates "the best, most relevant and most trusted" websites Google shows you for specific keywords you type in when you search.

There have been several other minor attacks on our site, but the two I have outlined devastated our business as our ranking in Google basically disappeared in a matter of months ... along with our site's long-standing excellent reputation.

Because the site was cloned by one guy and hacked by another, we received various different penalties from Google, (and all the other search engines) from which the site has never recovered. The site has since been completely redesigned, rewritten and rebuilt using an updated format. We also made it mobile friendly and lightning fast ... but alas, nothing has worked. It appears it will never recover at this point and I don't have it in me to do it all over again, using a different URL.

Such is life! I yearn for the day I will be able to retire and won't have to even look at another computer or website as long as I live!

Ushi, I am coming ... some day! I am so jealous that she has retired! <img src="http://www.traveltalkonline.com/forums/images/graemlins/Grin.gif" alt="" />