***SPAM Radio Control Free Gift Warning***
 

All,

Receved an email earlier on tonight saying I had won a free gift of a Cyclone TC kit, this was from a demonpowerproducts.com

PLEASE BEWARE, demon power products use .co.uk, not com. I have communicated with the actual shop and IT IS NOT THEM. They think whoever it is is using some old database. .com domain is still under constructon so no idea who this is. However as part of the gist they are asking for a utility bill to be scanned and sent to them. I can only assume this is SPAM and an attempt to get addresses, so thought I would pass this on.

Please note, it is NOT DEMON POWER PRODUCTS doing this, don't hold this against them, I have always found them great to deal with, this is some separate group of people somehow. Demon have said its ok for me to post on here a warning, in case anyone else is receiving similar emails!!

May be worth postig here if you do, to see if this is a widespread issue.

Thanks,

Dave

No, I don't think it is an attempt to get addresses.

I received that email, and it contained my address and phone number!

Needless to say not impressed wih Demon, and the security of their servers.

Likewise !!!!!!!!! :thumbdown::mad:

great service as a shop but this is dire - i just got the same email message offering me a free Cyclone Tourer !

Assumed it was dodgy for the above reasons but i was going to ring them tomorrow - thankyou for the heads up Dave

More Scam than spam but im unsure as to what the objective is ? They already have an address, how would a utility bill help them scam me ? Or is it someone trying to harm their sales by making people lose confidence in the security of their servers ?

Just received the same email.

Kev

Hmm, I wondered that, but they didn't have the first line of my address, did they have yours? In fact, the address info they had for me can be got simply from postcode, but if the first line is missing maybe they ONLY had postcode?

What I wondered is, some places use utility bills as proof of address, so maybe they are after them for this reason.

In fact, where I used to work, mobile phones, does just that.... the worrying thing is do they have card details? Can't remember if I use Paypal with them!?

Also, wouldn't specifically have a go at Demon for using bad servers, I mean Amazon and otherplaces have been got, I am not sure what they can do really!

The thing pissing me off is I need to check all my CC's in case those details have got out.

Dave

Not only did it have my correct full address, but my mobile phone number as well. :mad:
Nick just sent me an email confirming that it was spam, but the web address if you go to it using the demon-powerproducts.com does get redirected to the genuine demon website.

Kev

sounds like someone has gotten hold of their database then..not very clever :(

Hmm, maybe its an attack on Demon? Who know's, but its a royal pain in the Ass. Still, can happen to any site, didn;t Oople get taken over by Al Qaieda a couple of times a while ago???

I've just got one aswell with my full address and number.
This is the Email

Congratulations!

Here are the details for your free gift at demonpowerproducts.co.uk:
--------------------------------------------------------------
Name: Matthew Barton

Address: ********

******
******
******
******
**

--------------------------------------------------------------
GIFT: Hot Bodies 67700 Cyclone TC Competition Touring Car Chassis NEW

Postage: £ 0.00
Grand Total: £ 0.00
--------------------------------------------------------------
For security reasons you must provide us a clear scanned/photo copy of the utility bill.
Please send it via email to: [email protected] and we will dispatch your gift tomorrow!

Kind regards,
Andrew Phelps
Demon Power Products

I have edit my address.

difference is oople dont keep your personal details on file..

Yeah I know its different, but people like Amazon get hit too. I know cos my folks cards got don as part of that one!

Shame its a Friday night, but next working day (Mon) I'll ring the security guy at my old mobile phone place, find out if online/copied utility bills are accepted by anyone as proof of address?

If you Whois the demon-powerproducts.com it's registered to someone in Kings Lynn apparently, and there is a phone number listed, maybe we should all call them and have words !!!

I just got the mail by the way, had my number and address.

well lets hope no one gets stung for anything,weird i was on demons site earlier going to order some o rings and stuff and thought sod it i will leave it while in the morning :)

never know someone might have ordered them for me lol

dave

Yes Dave they had my FULL address phone number the lot. If the tw*t wants to ring me for a chat over a game of baseball then im all ears. I shouldnt think it would be too tricky to find out who registered the domain name.

I had the email to. i was also thinkng it shouldnt to hard to find where the doman is registered.

Lets do it. I haven't been emailed but it looks like plenty have, publish their details on here in full - someone might follow them up, in full (and then some) ;)

I looked it up and the owner is apparently in Kings Lynn and there is a number, just called it and no answer, will try again tomorrow!! there is also an email but i fancy giving someone some verbal abuse!!!

LOL we have our own Hercule Poirot - good work dude ! :lol:

i think you should publish the phone number on here

Lol i was on it straight away when i got the email..
I was bemused by it going to Demons site, and even more bemused by the apparent registered date being tomorrow!!
I would post the number but want to confirm its not some innocent persons first. There is an address as well which will be added to my shit list that are getting letters this week!

Ill tell you a story ( true one ). I used to be a member of the Lotus owners club. There was an internet forum and a lot the members worked in IT. Some real computer nerds/whizzkids on there from the city.

One of the IT guys got ripped off on Ebay, ended up costing him a lot of money so he sought his revenge. He had the guys address through the Paypal transaction. He did a little late night "research" and discovered who the guys GP was. He hacked into the local health authority network and sent the guy an official letter asking him to come in for a mandatory test for an STD. The test involves a swob down the japseye apparently! :lol:

Crime doesnt pay :lol:

LMAO!!!

as for people getting there own back on a scammers read this its hilarious http://www.zug.com/pranks/powerbook/

Madness.

Although don't for a second expect your details to be safe anywhere on the internet. I have done a lot of website design, and even a couple of shops sites. So please take this as a warning.

This is why it's sensible to use something like Google Checkout (or even PayPal, as much as I hate them) as this keeps your payment details separate to the shops database. If you have ever entered details on any website you would be surprised how many places your personal data can end up.

Demon is certainly not alone here. It just so happens that someone has taken the time to set up a scam on this occasion. I do hope no-one thinks this makes Nick look bad, as he does a top job.

It really is bad luck. Typically people just extract data from a website and save it. I expect in this case, as most people use PayPal or something that there wasn't enough payment details hence this person set up the scam.

As for the WHOIS. Please be careful! I very much doubt anyone clever enough to do a SQL injection will set up data a domain with their personal information. Especially if they have a list of people addresses and phone numbers... so please don't go harassing an innocent person!

So my top internet tips

• Avoid entering you payment card details on any website unless you are sure some serious work has been done on security (it's reasonable to except Amazon etc will be more safe than a small website, as they will have a whole security team)
• Where possible use a secure third party payment systems, such as Goggle Checkout or PayPal. This way the shop never gets your details, for either them to do harm with, or others to do harm with.
• Accept the fact your name, address and phone number are never safe. Companies buy and share these details, someone can go through your rubbish and of course people can gather this online. As much as you try it is out there.

Well the name, number and address all match according to BT, worked the name out from the email in the Whois details. So seems the scammer is either a bit of a dumb ass or is using someones details!

If you want to look it up http://domains.whois.com/domain.php

Sounds like logical sound advice Jason - cheers for that

Yes I got the email this morning! Not happy! Are our card details safe ??

I'm gong to speak to nick to see what details he has on file

They had my address and mobile number

Mark i've got your mobile phone number,
in order to prove this is you can you send me your pasport, driving licence, credit cards (with pin no's) & some cash please ;)



thankyou :D

Nick sent me an email late last night saying card details aren't stored on the accounts, so fingers crossed!

Not Fair... I Didn't get one... Hope you All enjoy yout TC's though... :D

I obviously havn't updated my E-Mail Address with Nick, otherwise i'd have had one for sure... Demon is one of my Top RC Shops that i Use a Lot...

I think i'll leave it a week ish before i Log In and Update my details now....:D

Its not an old database because I got the email and I placed my first order with the company about 3 weeks ago and I just got the email. I used PayPal to pay but they still have my full address and mobile number.

Not impressed at all.

Got the same email:thumbdown::thumbdown: if they have got my bank details they are out of luck there's nowt in :p

hahahahahahaa
is that a joke? I guess it is but just in case anyone actually thinks such a thing - script kiddies download scripts which look for weakness in any server, in fact they don't target one server but thousands, to deface it with their 'tag'.
If any popular forum for example looks at their log files - its scary the number (hundreds A DAY) of attacks which come in. All these attacks are targeting weaknesses which simply dont exist if you are on the ball and have up to date software etc.
I went from spending around 4 ukp per month (up to and including the worlds 2007) on my hosting. I now spend 60ukp per month, I backup the databases every night (automatically) and have spent a fair bit on software. I was actually running 1 dedicated and one virtual dedicated server concurrently for 6 months to ensure I didn't have any problems, which was around 600 quid.
I've had help from the network guy at work to plug any holes and make sure the forum won't go down.

As for 'al quacko' - just a bored kid thinking he's all 'the man' because he runs a script and displays his 'bad artwork'. Can call himself a nazi pony molestor for all I care, he's still a dick without a girlfriend.

:lol::lol::lol:

haha, there's a chance I went off on one there :blush:

but you get what I mean. As an aside - I have NOT had an email from demon but the last time I ordered from them was nearly a year ago so maybe I was on an older system? not sure.

Yeah it was a joke, forgot the laughy face after is all!

Having said that, still got some well funny looks when it loaded up at work!! Had some bagning music though!!:lol:

I tried to save that music out - was ACE :lol:
think I saved those pages somewhere so I will have to search the link out. I've done a lot of work to make this site secure and hopefully it'll stay that way now as it's massively frustrating to have your hard work defaced.
:thumbdown::thumbdown::thumbdown::thumbdown:

That link is superb - had me in stitches !

Your a Legend Jimmy :lol:

Ok. Well I am going to open myself up here but wanted to say that I actually setup the site for Demon several years ago now. The store owner gets nothing but praise for his service and honesty. I felt that I should recipricate this for him with the honesty of the site.

I was working on this until the early hours of the morning to work out what had happened. As already mentioned access was gained to some address details along with name and telelphone number if any.
Their are a number of security meausres in place on the site. Actually more than most would realise and certainly much more than most well respected large chains have in place.

I have been speaking with another company where the same thing has happened to them too. Only a little while ago another very well known RC manufacturers site was hacked but nothing mentioned to the public from what I understand.

An email has been sent out to customers who have had this email and a notice will be placed on the site later today when I get back home from Demon.

A number of extra steps have now been put in place and also a belated action. It appears that someone has found some way to circumvent some security area too, as a number of stores, not just what I have mentioned are being talked about.
However I would like to add that CC information is handled differently. Their is probably no way I can assure you of this but just to say that it is safe.

I would hope that people who know us realise that we do try what we can for our customers. If you feel that you would like your data deleted from our system then please let us know.

I would urge people who have recieved an email to report it as spam to speed up the process of getting the domain in question demon-powerproducts.com blacklisted.

Apologies.

Hi there,

Thanks for the post, hope you understand why I started the thread, I did check with Demon first and they said it was ok, and it wasn;t to have a go at Demon, but to warn and stop anyone sending the utility bill and potentially being done by someone!! Also posted when I was told CC details aren't stored against the accounts.

Again, thanks for posting to let us know whats happening, I for one won't let it stop me using Demon and paying by Paypal (as Glypo mentioned earlier in the thread).

Dave