Jump to content

Suspicious Messages

4Freds

By 4Freds
in Website

Followers 8

Recommended Posts

Keystone

Keystone

Posted
Posted

There have reports over the last few days of spam arriving in geocacher email inboxes.

Geocaching HQ have already been working to resolving this matter.

Today, spam appears to also be arriving via the Geocaching Message Center.

 

These messages come from different addresses, with similar message text.

Geocaching HQ has already been made aware.

 

It would appear the same message is being sent simultaneously to groups of geocaching users at the same time.
After receiving the initial spam message, users have replied to the message, not realizing they are sending dozens (if not hundreds) of replies to other recipients.

 

If you receive one of these spam messages - DO NOT REPLY and DO NOT CLICK ON ANY LINKS.

 

Your geocaching mobile app may be providing a notification when a message has been received - which could result in many notifications.

 You can disable notifications on your smartphone for any apps that may be constantly alerting (email, Geocaching app)

 

If you also wish to disable email notifications for Message Centre messages:

  • Log into your Geocaching account via web browser
  • Go to Settings (in the top right, click on the down arrow)
  • Go to Email Preferences
  • Remove the checkmark beside Message Centre
  • Surprised 1
  • Helpful 4
Link to comment
WeBeRVing

+WeBeRVing

Posted
Posted

When the geocaching website has been compromised like this it would be smart if HQ would send out a notice to users who have not read this specific thread!  How would anyone know what is happening until they crash into it if HQ doesn't tell people they have been compromised!

  • Upvote 1
  • Helpful 7
Link to comment
on4bam

+on4bam

Posted
Posted
3 minutes ago, igator210 said:

HQ needs to turn of all messages. My email in box is getting so spammed right now.

It's probably a very small percentage of users getting this spam, so blocking all mail would do a lot more harm than good. Spam needs to be handled at the source (account sending it) not the receiving end.

 

  • Upvote 1
  • Surprised 1
Link to comment
rkedge

+rkedge

Posted
Posted
3 minutes ago, on4bam said:

It's probably a very small percentage of users getting this spam, so blocking all mail would do a lot more harm than good. Spam needs to be handled at the source (account sending it) not the receiving end.

 

I'm guessing this problem is growing and getting worse by the minute. A temporary freeze (an hour or two) would barely impact anyone. And it's geocaching.com how important are email notifications?

  • Helpful 1
Link to comment
Frau Potter

Frau Potter

Posted
Posted

Geocaching HQ has been investigating the issue since 5:30am. We believe that someone is spamming our community, but sometimes making it appear as if the messages are coming from an active user (or a group of users). We do not believe they were actually sent by that user. DO NOT REPLY to the messages. 

 

We will work to resolve this issue as quickly as possible.

  • Upvote 3
  • Helpful 3
Link to comment
on4bam

+on4bam

Posted
Posted

Looking at he full headers of the messages may shed a light on things. Are the actually send from GC servers? If so HQ shouldn't have a problem finding how/where from the spam is send. They may even found a bug in the code that allows them to send it.

If I see the amount of tries on my little mailserver and website I can only imagine how many hits a large domain gets.

 

Link to comment
lcount

+lcount

Posted
Posted

Blocked the message and turned off email notifications from website. However when in app, still get notifications of new messages from individual users about new message. Mine was about winning iPhone. I mistakenly replied stop which blew it up. 

  • Helpful 1
Link to comment
Frau Potter

Frau Potter

Posted
Posted

Geocaching HQ is aware that a user sent many spam messages through the Message Center today, July 2, 2020. The user was able to make it appear as if the messages came from another geocacher, in a group chat with many other users. We realize this caused a great deal of confusion. We recommend you do not reply to any of these messages. We do not believe this user had access to your account, or the account of other users. You do not need to delete the app, change your password, or delete your Geocaching account. 

 

We temporarily turned off the Message Center on our website at 8:00am (Pacific Daylight Time) in order to troubleshoot this issue. The Message Center is now turned back on. You may still receive email notifications or app notifications for messages sent earlier today. You should ignore these messages. We are working to delete these group conversations from the Message Center.

 

We truly appreciate the geocaching community, and are sorry that someone has taken advantage of some users. We will be working hard to prevent future issues such as this with our Message Center.
 

  • Helpful 1
Link to comment
Viajero Perdido

+Viajero Perdido

Posted
Posted
9 minutes ago, Frau Potter said:

The user was able to make it appear as if the messages came from another geocacher

 

So people may have blocked non-spamming cachers by mistake then?  I suppose statistically they'd have blocked complete strangers - so no big deal - with only a very tiny chance of having blocked people they might actually want to hear from.  I blocked a random cacher today, who appeared to be another random cacher.

Link to comment
JCs Girl

+JCs Girl

Posted
Posted

I received 48!! spam emails this morning. What is going on?? Messages are from “normasgirl!” “hiker_licious!” “kyliemarie318!” “flipmstr2!” “sharks_mummie!” “RcAmAxcucuycyc!” “weow!” “mswilkes!” “Mighty Paragon!” “abrothers!” “eetanam!”  Please do something about this hack.

Link to comment
Max and 99

+Max and 99

Posted
Posted
2 minutes ago, JCs Girl said:

I received 48!! spam emails this morning. What is going on?? Messages are from “normasgirl!” “hiker_licious!” “kyliemarie318!” “flipmstr2!” “sharks_mummie!” “RcAmAxcucuycyc!” “weow!” “mswilkes!” “Mighty Paragon!” “abrothers!” “eetanam!”  Please do something about this hack.

48 is nothing compared to the several hundred many of us received.  They are doing something, and as explained elsewhere the messages sent before they shut it down may continue. They went to work on it immediately! 

Link to comment
Max and 99

+Max and 99

Posted
Posted
4 minutes ago, JCs Girl said:

I received 48!! spam emails this morning. What is going on?? Messages are from “normasgirl!” “hiker_licious!” “kyliemarie318!” “flipmstr2!” “sharks_mummie!” “RcAmAxcucuycyc!” “weow!” “mswilkes!” “Mighty Paragon!” “abrothers!” “eetanam!”  Please do something about this hack.

Some of the messages are from geocachers I've messaged before. Most I've never heard of. May be just a coincidence, but of my 5 accounts, only the PM one is affected. 

Link to comment
Bl4ckH4wkGER

+Bl4ckH4wkGER

Posted
Posted

@JCs Girl I recommend rereading the post from Frau Potter above, I have quoted it below, too and marked the crucial bit for you in bold.
 

Quote
4 hours ago, Frau Potter said:

Geocaching HQ is aware that a user sent many spam messages through the Message Center today, July 2, 2020. The user was able to make it appear as if the messages came from another geocacher, in a group chat with many other users. We realize this caused a great deal of confusion. We recommend you do not reply to any of these messages. We do not believe this user had access to your account, or the account of other users. You do not need to delete the app, change your password, or delete your Geocaching account. 

 

We temporarily turned off the Message Center on our website at 8:00am (Pacific Daylight Time) in order to troubleshoot this issue. The Message Center is now turned back on. You may still receive email notifications or app notifications for messages sent earlier today. You should ignore these messages. We are working to delete these group conversations from the Message Center.

 

We truly appreciate the geocaching community, and are sorry that someone has taken advantage of some users. We will be working hard to prevent future issues such as this with our Message Center.
 

 


I recommend deleting the emails and calling it good. We cannot influence emails that were already sent to you before we took action. We can influence all that happens on our side and have done so to take care of that. Emails, especially in large volumes, may get delivered over a period of time to not overwhelm email services. That is where checking the time stamp helps.

Thank you for your understanding and apologies for the inconveniences.

  • Helpful 1
Link to comment
Labrat1984

+Labrat1984

Posted
Posted

I'm lucky in that I didn't have any

 

Having had a look down old email messages I suspect there is some inkling of what might have happened

 

All the emails I have had have come from an email address made up of a mixture of letters and numbers, these always seem to be a block of 8 digits-4 digits - 4 digits - 4 digits - 12 digits @ the usual.com

 

If each user has his own string rather than being a unique code per conversion then it might be possible someone has either used a random generator and hit used addresses or has discovered a list of these addresses somewhere - however the user ID seems to change occasionally 

 

The question is where would you find the list of codes to email someone, the answer is simple - log onto anyones profile and right click the "message xyz" code and copy the link - this has that mixed ID code as part of the link

 

I have tried to email myself using the code from here and it hasn't worked but that might be due to it being turned off

 

It's sounds more likely it was some bored teenager who built some sort of Web crawler to harvest them for a laugh to me than anything majorly malicious 

 

Link to comment
thebruce0

+thebruce0

Posted
Posted

I know this is done, but I found it an intriguing predicament.  My assessment was that someone found a loophole in the messaging system (either active or being developed) that allowed a message to be sent and received at multiple accounts. The problem is that individuals who get the message with notifications received emails with the message content, but the message center was not set up to handle multiple accounts in one conversation - and this is the key point why people thought accounts were being hacked, or one account was sending multiple messages. Viewing the MC on the web, you would only see the account of the most recent (possibly first viewed, uncertain) "commenter" and the rest were attributed to them. Yet, the email notifications sent out a copy of each message AND the correct sender of the message.

 

"Conversations" were occurring in the MC among numerous people, and without people knowing what was going on, every response contributed to the hysteria. Some people joined in sending meaningless messages for fun, some repeated the same message over and over, some told people to stop sending them messages, etc etc. But that endless cycle of mass--messaging was kind of like a mistaken mass-CC-email where one person replies-to-all by default, and everyone gets a message intended to be for one person; but people keep replying and everyone gets all the replies... until everyone stops replying to everyone!:)

 

My guess is the ONLY actual spam/hack that occurred was the first message to accounts in bulk. After that, human nature caused chaos and confusion (and a message center UI that was not equipped to properly handle the structure of the conversation).  Ironically, it seems, the email notification system did exactly what it was supposed to do. Causing people to get bulk emailed with every single reply to that mass-user conversation. :P

  • Upvote 1
Link to comment
cachercats

+cachercats

Posted
Posted (edited)

I got a kind of a crude vulgar message today and notified Geocaching head quarters. Sent them copy of message and they should reply to me in a few days, we hope. Anyway I blocked any messages from this sender. Think it is suspicious because the caching name has no hides and no finds. Just some idiot with time on their hands.  I have a coffee cup that says, "Dont mess with a geocacher because we know all the good places to hide a body. May have to apply that here. LOL

Edited by cachercats
  • Upvote 1
  • Surprised 1
Link to comment
Qbar

+Qbar

Posted
Posted

Gee, I'm late to the game but I finally got one too.  Didn't open it, not completely dumb, but if I was to use geocaching terms here, (rate my..) I'd guess difficulty 1, terrain 5?

(Sorry, I'm bored here, waiting for something to finish so I can get on with my day)

Link to comment
on4bam

+on4bam

Posted
Posted

Why are some people posting these messages on the forum? Isn't it enough people are spammed by mail/ Me§§y center. Reposting those links is even worse than what the spammer do.

 

Spam should be dealt with silently as in report and delete not spread it some more.

 

 

  • Upvote 3
Link to comment
niraD

+niraD

Posted
Posted
6 minutes ago, Max and 99 said:

That's a good point. If it was me I'd be tempted to choose 16. 

That's pretty close. They really should have an "Other" option though. And after they add an "Other" option, then they can add a "Spam/Abuse" option.

  • Upvote 2
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 8
Go to topic listing
×
×
  • Create New...