2. tech-talk
  3. 119246-8104

Has Audiogon Been Hacked?

I received what looks like a phishing email masquerading as Audiogon but sent from info@chronozentrum.com, not from audiogon.com. It reads:

Protect your Account

Starting with 15th January 2015 we will add a new security filter designed for your protection.

If any suspicious activity will be detected on your account, our system will lock it down and will ask some security questions regarding the current payment method (credit card/ debit card) added to your account.

It is mandatory that you confirm today your payment information attached to your Audiogon account. Like this our systems will be fully updated and we will be able to keep you safe in the future.

If you don't have any payment method set into your account the chances of your account being automatically locked by our systems is considerable high.

Confirming your payment method for your account is free of charge and your card will not be debited in any way, is going to be safe kept for your protection.

Confirm my card

But the URL on the Confirm my card link is in Spain: http://safeaudiogon.esy.es/sign-in.

Add to that, the security certificates are all invalid once I login separately (directly at audiogon.com).

If it a real email, it violates all the anti-phishing rules, as described above.

Oh, and I would have submitted it through the Contact, but the link gives me yet another invalid security certificate.

Brian.

bkrpdx
bkrpdx OP
24 posts
 
I will confess that I was using Safari on iPad (though up to date) when I received the security certificate errors; trying it now on Chrome on Windows 10, I receive none.

What really concerns me is this: Typically these types of phishing emails are sent to generally acquired email lists pretending to look like a common vendor - e..g. eBay or Target - on the hope of catching people who just happen to do business with that vendor. But this one is an Audiogon spoof sent TO AUDIOGON's user list. How do I know this? I own several domains with thousands of email accounts (all forwarded). So for each company/organization with which I have a relationship, I create a unique email address. That way, I know who Is selling my information, and I can also block people easily.

The email above was sent to my Audiogon-specific email account. Which means it was much more sophisticated and more dangerous than the usual phish.. Although, as geoffkait astutely points out, in addition to the factors I mentioned, the poor English is another good indicator it is not real, I am sure some people will fall for it. And, if they got my email address from Audiogon, who knows what else they got?

Brian.
Admin
Audiogon Official
Audiogon has taken down this recent phishing scam.  The best way to avoid falling for this type of scam is to never login into your Audiogon account using a link in an email.  Always go to the website and then login. Please notify customer support if you receive any suspicious email so we can take it down as soon as possible.  

Thank you for your assistance in taking down these scams.
bkrpdx OP
24 posts
 
Thank you, sarahkendall.

I am a bit confused. How did Audiogon "take[] down this recent phishing scam?" It was an email, not a post. Did you manage to get the Spanish site it linked to taken down?

Of bigger concern is how did the phishers get Audiogon's email database, what other data besides email addresses did they get, and what is Audiogon doing to prevent/remedy the situation?

Regards,

Brian.
geoffkait's avatar
geoffkait
23,365 posts
 
Who is sarahkendall and why does he/she only have one post?  

skiroe's avatar
Ag insider logo xs@2x
skiroe
131 posts
 
I have had some recent contact with staff and Sarah had replied to me via email and  was helpful.    Sometimes it may take multiple messages to resolve an issue and sometimes because of some sort of change in the organization  some info may be missing depending on how long you have been on Audiogon as in the record of purchases/sales will not be accessible on your account page .   This happened to my account..  Also,  dates of when one first began using the site were in error.    Sarah was able to compile a list of my sales/purchases from info that was available from their records and sent it to me.    Considering the changes and juggling that seems to have been part of a revamping for lack of a better term  I wonder  what precautions are being taken?    How did that phisher obtain user names?   I got one too and trashed it.  I actually got a couple of them.  
More to discover