Sketchy looking email from nexus

[zwkdiv]

I've now received 2 of these emails. Interestingly enough the email headers show that both these emails originated from different French owned travel service domains that just happen to be registered to the same person.

[69mAnU96]

email received and deleted

[zhaarteth]

I've received one as well, sent via the same bulk service (bnc.mailjet.com) on behalf of another (presumably exploited) French travel service's server (karavaniers.com).

 

If it might help I could send someone the full raw (albeit redacted for my own security reasons) email in plain text so they can take a look.

 

I hope this attack doesn't get too far out of hand. Seems like they're trying everything to get one over on Nexus at this point.

[zwvskyrim]

Hello,

 

also received that mail(2 times) and deleted it.

 

from "Nexus <[email protected]>"

 

Moin

Oli

[XJDHDR]

I received this email earlier today as well:

 

 

http://i801.photobucket.com/albums/yy294/XJDHDR/d80db558-c038-4073-a5a0-a8a2fc647451.png

 

 

 

I've deleted the email and forwarded it to Spamcop. I haven't had an email conversation with anyone on this site so I don't think the scammer(s) got my email that way. The email address attached to this site is also different to what I use on the Bethesda forum as well as most web sites I've registered an account on.

[PROKURENTLULZ]

well, email spoofing does exist, and is a trivial and popular method of sending spam. If Dark0ne says there wasnt an intrusion, there probably wasnt one (even through all the times nexus hasnt worked for me, he seems generally on top of things)

 

Most of the people here on the nexus dont exactly hide their contact information, so it would be pretty easy to get ahold of all that information. I dont really program extensively, but in my mind it wouldnt be to complicated to set up something in perl or python to grab the email portion of all your account pages. But then again, im pretty high so anything makes sense to me. Hope this gets figured out, seems like an odd scenario. Ill check my email, see if i got anything from "Nexus"

 

 

 

[Asgaro]

I received this e-mail yesterday/day before yesterday.

And it was NOT getting put into Spam by GMail.

 

Luckily I have ESET NOD32 AntiVirus and it immediately terminated the connection when I tried to download it.

I also immediately ran MalwareBytes Anti Malware and it didn't find anything.

 

Edit: I did NOT click the shown download button, but I DID click the huge NMM icon since I thought that would bring me to an article.

(I never click direct download buttons within any e-mail).

But the download also gets triggered when clicking the NMM icon so watch out!

 

E-mail with ESET pop up:

 

 

 

And yes, now I notice that the header is very sketchy.

But I've never experienced anything like this before.

It's been more than 5 to 10 years ago my antivirus actually had to shield me from malware lol. But now I'm glad I still use an antivirus.

 

I honestly think this issue should be posted on Nexus' frontpage!

I was looking at the latest article of the hacked admin account, and within the comments I luckily found someone that was talking about this e-mail and refering to this thread.

Edited June 11, 2014 by Asgaro

[SkepticalJoker]

That is such obvious spam. I'm having a hard time accepting that people can be fooled by that. :blink:

[Asgaro]

That is such obvious spam. I'm having a hard time accepting that people can be fooled by that. :blink:

 

So you expect to ever receive spam around NMM?

I expect spam about viagra and other stuff. Not really from legit programs I have used in the past.

 

It's just: people who are aware of NMM, will be more fooled than those who don't. Because those who don't, have never heard of it, and will consider the message as spam because they never heard of this software.

 

The only thing that indeed looks very sketchy, and could have been noticed before clicking anything on the e-mail, is the e-mail header.

That's indeed my fault, I'm well aware.

[SkepticalJoker]

Maybe I'm just inherently cynical, but I never click links from emails unless I know exactly who sent it. I also have it so that images are blocked from even loading unless I allow it. If it's from a company, I always check the email address that sent it. Even if the email address looks legit, I make sure the company is known to send emails with links. If I can't verify either piece of information, I delete the email. Even if legit, they're usually not important anyway.

 

For example, if you really needed to update NMM, you could just come to the site and do so. There would be no logical reason for the Nexus to send you emails to update (aside from the fact that they're not known to do this).

Edited June 11, 2014 by SkepticalJoker