phishing message penetrating into my phone and computer

[+Hynr]

I am finding that all message (including recent phishing) in the message center are penetrating though to my mobile phone. I consider this a security issue which I need addressed and I am posting it here because I expect that others are also concerned.

 

The pathway that seems to be allowing the malware to penetrate to my Android phone appears to be the free Android Geocaching App. I see no way to turn messaging off in the app. I also can find no way to deactivate the message center which is active on my laptop whenever I log into geocaching.com. I also have the impression that this malware transmission system is active on my phone even when I am not using the app (I rarely use it, yet see every message). It seems that when I installed the app to try it out, I ended up installing a malware transmission system that I cannot turn off even when I reboot the phone and don't start up the app. I am not sure about that (and would be interested if others reading this have had a chance to notice this). What this means is that I have the impression that the combination of the geocaching app and the geocaching.com website are infecting my computer and phone with things I definitely do not want to see.

 

If you cannot provide a mechanism for me to not get messages via the messaging facility (I have all notifications turned off already) then please advise whether I have any other recourse other than to stop being a premium member at geocaching.com.

 

Also, please advise if uninstalling the Android app will rid my phone of this security issue.

[+The A-Team]

We've been told that we won't be given the option of disabling the message center, though I can't recall if we've ever been given a good reason for this decision other than the implied "because we said so". We'll have to wait to see if someone at HQ responds to the rest of your questions.

 

Out of curiousity, what type of malware got through to your phone, and how could you tell it came through the message center? I don't know of a malware scanner for iOS, or I'd check for issues on my iPhone for similar issues.

[Keystone]

Don't click on links in messages sent to you by unknown users/ spammers.

[+Viajero Perdido]

Avoiding the Message Center is an extra-cost option. The paid Groundspeak app has the feature of not having it.

 

Or, look at one of the approved caching apps from other vendors. Some of them even offer the lack of Message Center for free.

[+Mudfrog]

Don't think this is what you're talking about but i figure i'd throw it out,, messages come in as email too.

[+TriciaG]

If you're getting phishing messages through the message center, report the people who send it to Groundspeak (along with a copy of the message): http://support.Groundspeak.com/index.php?pg=request (I'd classify it "16 Cacher Disagreement".)

 

Other than that, I cannot see how malware can be sent using the Message Center. I'm fairly certain that only unicode text and links can be sent in the message itself, and you can attach a photo. (I suppose malware can somehow be infected in a photo, but that has to be very rare.)

 

Or are you misusing the term "malware"? Getting unwanted messages or photos is one thing (and if they're spam or phishing or inappropriate, use the request form mentioned above). But getting actual malware - viruses or spyware or malicious programs? *scratches head* I don't see it.

[+kunarion]

I cannot see how malware can be sent using the Message Center.

The recent bot invasion included links that could result in hacker software being installed. The recipient would have to install the malware, but the message said you get free stuff upon installing it. Unfortunately, a link can be completely different from what an email says that its link does, and the link itself can have any words. That's the Internet for ya. Friends and relatives have dutifully installed all kinds of questionable software, from any popup ad anyplace, going to great lengths to click away all the warning windows, to get "Free Stuff" installed. Then when that breaks the computer, they call me and make me remove it . It's not at all limited to MC, and almost not even a computer issue.

 

Anyway as mentioned, the Message Center sends email just as a PM email does. So anyone/anybot may sign up and send malware links. There is a little extra protection against clicking such a link, if using the Message Center. Other than that, as also mentioned, don't get click-happy when someone you've never heard of sends you any form of Internet communication that tells you to "click the link". And be wary of friends doing that, too.

Edited January 23, 2016 by kunarion

[+TriciaG]

Agreed. It sounded to me from the OP, though, that the malware was being installed automatically rather than via a nefarious link.

[+kunarion]

Agreed. It sounded to me from the OP, though, that the malware was being installed automatically rather than via a nefarious link.

It looks like the OP's "malware" and "phishing" are separate issues. Here's what I'm finding:

 

1) In the Message Center, you can block a user! At least on the web site. I can't find that capability in the Android Intro App. I haven't verified that blocking a user on the web site also blocks him in the Apps. So for anyone who needs the feature, test that to be sure the guy is in fact blocked as expected. I can't believe it would only a partial block. Wait, yeah, I can believe it.

 

2) MC messages arrive even with the Intro App closed. It is still running in the background, at least serving messages, unless Force Stopped. I didn't know that! This would be the "malware" of which the OP speaks.

 

The good news is, it's all the same "malware". It is the Intro App, not some other "message" App that got installed without one's knowledge. To stop getting message popups, select the App to block Notifications. This does not prevent messages, just the alert popup. Now you may ignore the message counter icon to your heart's content.

 

I would suggest that if the OP is getting Spam/malware from Geocachers, to report those "Geocachers" to Groundspeak, because that kind of "message" must cease, and not just for one person who wishes to block that. And join me (has anybody else joined yet?) to become a large group that insists that Groundspeak remove the malware-sending things -- those fake "users" that are not Geocachers, and for Groundspeak to be much more pro-active in disabling and removing Spam-Bots when they start up. If there are a lot of threads about all the spam MC/PM messages/emails, that's a problem not being addressed. We evidently need a lot of us, because TPTB don't seem to be listening to just me.

Edited January 23, 2016 by kunarion

[+Manville Possum]

Don't click on links in messages sent to you by unknown users/ spammers.

 

I notice on your profile and on one of the other moderators, you have the send message feature disabled or it is not a contact option.

If it can be done then it should be an option for everyone else too.

[+Hynr]

To clarify: I am not an expert on security issues and as such "malware" to me is anything that is undesirable, but not merely "unsolicited email message" (which I would term "junk email" or "spam"). I consider "Phishing" to be a security risk that I do not want on my phone (nor on my computer). My computer is managed by IT professionals who see phishing as part of their job and if I show them my computer next week, they will want an explanation on why I am affiliated with an organization that does not give me the option to prevent receiving them. Indeed we all know that the user must participate and I am certainly doing my part by not clicking on suspicious links (and have not clicked on any). But every geocacher has an obscured identity, so geocaching is a world of hidden identities and this makes phishing an especially dangerous issue for us. I am particularly prone because I am known internationally for my geocaching activities.

 

I did just now notice that I can uncheck the message center email messages from being delivered via my email at: www.geocaching.com/account/settings/emailpreferences

I had not seen that as a possibility before. I did receive a message in the message center today and did not see this pushed through the android app (yet?) while I did see it in my email (before I unchecked that option). So perhaps the problem is not as serious as I thought. I would like to know why I did see messages coming via the app before. Was this a anomaly? Has this been fixed?

 

I do however see those message (including blocked ones) in the app itself. So the app is indeed pulling the messages from the message center. While at this point does not seem to be forcing those into my phone's messaging stream, I do find it very disturbing that I have followed all the directions to block messages but those very messages are still available to be opened in the app. In fact that this moment the app is showing 9 messages as waiting, while the website message center only shows 1; 5 of those 9 "waiting" messages are potentially phishing schemes. I want them gone completely off my phone!!!!

 

I do find it somewhat disheartening that those at geocaching.com responsible for security don't see any urgency to respond to client's concern for security. I posted a concern some time ago (also regarding the Message Center) and saw no response from an employee. At the same time they are referencing some obscure security concern (where phishing is centrally positioned as a security concern) to justify actions that are fairly theoretical and perhaps with little basis (eg justification to stop supporting BBcode in logs).

Edited January 23, 2016 by Hynr

[+Hynr]

Don't click on links in messages sent to you by unknown users/ spammers.

Absolutely! But is this really good advice in this thread?

 

Should I consider you to be a person that I know? I have no clue what your name is or where you live. You are unknown to me. Even your geocaching persona is hidden from me. Should I consider links you send me to be safe?

 

How about vice-versa. I am sure you have seen my name around over the past 10 years, but am I not to you an "unknown user"? So go ahead an click on the link I showed in my previous message (trust me, it is really, really safe, and surely you can tell because I am showing you the link) and tell us how safe you feel clicking the link. Did you follow your advice and not click on it?

 

So how then do you heed your advice on this subject?

 

Keystone, I am not trying to attack you. I have read many of your posts over the years and I know that I see things very much like you; I am posing this as a rhetorical question because we tend to think we know the person at the other end, but within geocaching it actually is rarely the case.

Edited January 23, 2016 by Hynr

[+kunarion]

I do find it very disturbing that I have followed all the directions to block messages but those very messages are still available to be opened in the app. In fact that this moment the app is showing 9 messages as waiting, while the website message center only shows 1; 5 of those 9 "waiting" messages are potentially phishing schemes. I want them gone completely off my phone!!!!

Contact Groundspeak and request that the Bots be removed, not just "blocked". That would make two of us (Oh yeah! An army of two!!). Who knows, someday, maybe three of us will be writing. The automatic message things do not need to have their messages available to be read after the Bots are "blocked". I do perform lot of face palms when I read what is considered a security issue and what is not.

 

But ignore the message icon if you wish. You get no "malware" from reading an MC message, if you don't visit the links. And the messages aren't even sent to the phone until you open them.

 

I do find it somewhat disheartening that those at geocaching.com responsible for security don't see any urgency to respond to client's concern for security. I posted a concern some time ago (also regarding the Message Center) and saw no response from an employee. At the same time they are referencing some obscure security concern (where phishing is centrally positioned as a security concern) to justify actions that are fairly theoretical and perhaps with little basis (eg justification to stop supporting BBcode in logs).

We see security features added little by little, and it's getting better. The BB Code thing, and warnings for URL re-directs, those limit the Bots' value. If I had one wish, I would wish that the link itself would be munged. When a buh-zillion users join today, all with a name ending in 4-digits, and all immediately send emails suggesting visiting the exact same link, does any IT guy need a lot of emails from members to figure out what the deal is? Write a little script (reusable next time) and X-out the link in all buh-zillion posts, before most people even read the posts. I mean really, they can't do that?

Edited January 23, 2016 by kunarion

[+Manville Possum]

We've been told that we won't be given the option of disabling the message center, though I can't recall if we've ever been given a good reason for this decision other than the implied "because we said so". We'll have to wait to see if someone at HQ responds to the rest of your questions.

 

I don't think we will ever get an answer from HQ, but if the moderators here have the message center disabled on their accounts, then there is a way of disabling it.

 

I respect the the moderators here are well educated and know the internal workings of this site, and if they won't use the message center on their account, I'm not using the potentially tainted app on my mobile device.

[Keystone]

To clarify, the unavailability of the message center on a volunteer's profile has absolutely nothing to do with their being a forum moderator. I use forum PM's for most moderator-related tasks. Rather, this design is for cache reviewer duties, in order to force cache-related correspondence to take place in a manner that can be preserved with the cache listing for later reference, either by the Appeals team at HQ or post-publication in the event of a maintenance or permission issue.

 

I still receive message center messages on a weekly basis, notwithstanding the absence of a profile link. It delays my reacting to the inquiry.

[+Manville Possum]

To clarify, the unavailability of the message center on a volunteer's profile has absolutely nothing to do with their being a forum moderator. I use forum PM's for most moderator-related tasks. Rather, this design is for cache reviewer duties, in order to force cache-related correspondence to take place in a manner that can be preserved with the cache listing for later reference, either by the Appeals team at HQ or post-publication in the event of a maintenance or permission issue.

 

I still receive message center messages on a weekly basis, notwithstanding the absence of a profile link. It delays my reacting to the inquiry.

 

OK, I see that the message center is disabled on other reviewer accounts as well. thanks for explaining.

 

My point being.. the message center can be disabled, which many users have requested.

[Keystone]

It's not a valid point, since Keystone's message center works just fine and received some of the recent message center spam just like so many others did. The only difference is that there's no link for the message center on the profile pages for Community Volunteer Reviewers. This was done at the programming level based on Reviewers being a different user group. It is not an option that can be toggled on and off by anybody.

[+Manville Possum]

It's not a valid point, since Keystone's message center works just fine and received some of the recent message center spam just like so many others did. The only difference is that there's no link for the message center on the profile pages for Community Volunteer Reviewers. This was done at the programming level based on Reviewers being a different user group. It is not an option that can be toggled on and off by anybody.

 

Yes, I understand that it is not an option that can be toggled on and off at this time. But my point is that it can be done at a programming level, and it is an option that has been requested.

 

Myself, I liked the message center and still do. I'm just a little scared now after recent events with the spammers. And to tell the truth, I saw that it was not an option on your reviewer account and thought it must be really bad and I too should use caution.

 

I have deleted the GS intro app on my phone for now to avoid the message center, but if I understand correctly I would not be at risk unless I opened a link sent to me by a spammer.

[+The A-Team]

I do find it very disturbing that I have followed all the directions to block messages but those very messages are still available to be opened in the app. In fact that this moment the app is showing 9 messages as waiting, while the website message center only shows 1; 5 of those 9 "waiting" messages are potentially phishing schemes. I want them gone completely off my phone!!!!

Contact Groundspeak and request that the Bots be removed, not just "blocked".

I too find it confusing that the spam messages were left in place. Leaving spam accounts in place but locked gives them the benefit of artificially-inflating the number of website users for marketing purposes, but I can't see any benefit from leaving known spam messages untouched. Are they reporting the number of MC messages somewhere where a larger number is beneficial?