Page 1 of 2 12 LastLast
Results 1 to 20 of 40
  1. #1
    MichaelCorfman's Avatar
    MichaelCorfman is offline GPWA Executive Director
    Join Date
    June 2004
    Location
    Newton, MA
    Posts
    4,271
    Thanks
    900
    Thanked 5,527 Times in 1,781 Posts

    Exclamation GPWA Maria accounts hacked

    Earlier today we discovered that GPWA Maria's computer had been hacked over the weekend and that the hackers gained access to her email and social media accounts as a result.

    We also discovered the hackers were offering some some of our sponsor programs discounts if they made bitcoin payments to them. Fortunately, we determined that none of our sponsors made payments to the addresses provided and we promptly notified all of our sponsor program contacts of the situation. We have since followed up further with each sponsor program emailed during the period Maria's email account was compromised, knowing exactly what messages had been sent from her account.

    All of Maria's internal business accounts, such as her GPWA email address, were rapidly secured, and our forensic investigation has confirmed all of our internal systems remain secure. We are working with Maria to ensure everything is returned to normal, but that might take some time with respect to all of her social media accounts.

    I expect affiliates, which would never be sending funds to us anyway, are not susceptible to fraudulent requests for money made by hackers impersonating Maria using social media accounts. However, from a post in this forum, it is also clear that at least one request of that nature has been made using her hacked Skype account based on the following post by GPWA member ddm:

    Quote Originally Posted by ddm View Post
    fwiw they tried to shake me down on skype for €1600 eur lol.
    Please avoid rewarding the hackers for their fraud.

    And, if you do received any such solicitation, please PM me with the details.

    Thanks,

    Michael
    GPWA Executive Director, Casino City CEO, Friend to the Village Idiot

    Resources for Affiliates: iGamingDirectory.com, iGamingAffiliatePrograms.com, GamingMeets.com

  2. The Following 6 Users Say Thank You to MichaelCorfman For This Useful Post:

    AussieDave (28 July 2021), celena (2 August 2021), FreeSpins (6 August 2021), GPWA Maria (2 August 2021), Topboss (6 August 2021), universal4 (27 July 2021)

  3. #2
    Pokerface's Avatar
    Pokerface is offline Public Member
    Join Date
    August 2016
    Posts
    1,551
    Blog Entries
    1
    Thanks
    87
    Thanked 596 Times in 410 Posts

    Default

    Wow, that's brutal! Sorry to hear this. Glad you were able to secure everything quickly.

    Thanks for the warning.

  4. The Following User Says Thank You to Pokerface For This Useful Post:

    GPWA Maria (2 August 2021)

  5. #3
    Christiaan's Avatar
    Christiaan is offline Private Member
    Join Date
    February 2013
    Location
    Barcelona
    Posts
    1,232
    Thanks
    176
    Thanked 470 Times in 326 Posts

    Default

    Oh no Maria! Hopefully everything will be restored and safe soon.

  6. The Following User Says Thank You to Christiaan For This Useful Post:

    GPWA Maria (2 August 2021)

  7. #4
    gil.langelaan's Avatar
    gil.langelaan is offline Private Member
    Join Date
    July 2018
    Location
    Johannesburg
    Posts
    958
    Thanks
    108
    Thanked 301 Times in 239 Posts

    Default

    Omg
    Maria, sorry to hear that..
    Really hope everything will be fine and restored soon!

    Thanks for sharing this with us and warning us!

  8. The Following User Says Thank You to gil.langelaan For This Useful Post:

    GPWA Maria (2 August 2021)

  9. #5
    Cash Bonus's Avatar
    Cash Bonus is offline Private Member
    Join Date
    May 2014
    Posts
    4,249
    Thanks
    8,201
    Thanked 2,581 Times in 1,858 Posts

    Default

    I'm sorry to hear about this despicable act toward Maria. What a bunch of lowlifes.

  10. The Following User Says Thank You to Cash Bonus For This Useful Post:

    GPWA Maria (2 August 2021)

  11. #6
    TheGooner's Avatar
    TheGooner is offline Private Member
    Join Date
    March 2007
    Location
    New Zealand
    Posts
    4,288
    Thanks
    1,966
    Thanked 4,245 Times in 2,019 Posts

    Default

    Michael,

    IF you've done "forensic analysis" are you able to share the mechanism that caused the hack?
    - Was it an email payload (attachment)? Or a website visit ? or something else?
    - And was the affected computer using any anti-virus or software protection?

    Hacks are always a worry - and sharing any lessons learnt would be useful.

  12. The Following 2 Users Say Thank You to TheGooner For This Useful Post:

    AussieDave (28 July 2021), GPWA Maria (2 August 2021)

  13. #7
    AussieDave's Avatar
    AussieDave is offline Public Member
    Join Date
    November 2005
    Location
    from the land downunder
    Posts
    4,153
    Blog Entries
    1
    Thanks
    1,710
    Thanked 1,975 Times in 1,129 Posts

    Default

    Thanks for the heads up on this Michael.
    ---
    Compliance: a code word for control

    ---
    Do the right thing, even when no one is looking. It's called integrity.
    ---

    It's your right to be treated honestly: fairness for all igaming affiliates - doch.news - no sponsors. Hence no conflicts of interest!

  14. The Following User Says Thank You to AussieDave For This Useful Post:

    GPWA Maria (2 August 2021)

  15. #8
    MichaelCorfman's Avatar
    MichaelCorfman is offline GPWA Executive Director
    Join Date
    June 2004
    Location
    Newton, MA
    Posts
    4,271
    Thanks
    900
    Thanked 5,527 Times in 1,781 Posts

    Default

    Quote Originally Posted by TheGooner View Post
    IF you've done "forensic analysis" are you able to share the mechanism that caused the hack?
    - Was it an email payload (attachment)? Or a website visit ? or something else?
    - And was the affected computer using any anti-virus or software protection?
    The attack vector was as follows: The hacker created a messaging account using the telegram app impersonating me. We know and can see that that the hacker gathered certain publicly available information about me to help create a convincing persona (for example, we have determined that profile pages and various posts of mine in the forum were viewed by the hacker). The hacker started having business conversations with Maria using using the forged account over telegram. A telegram account impersonating another GPWA staff member was also created, and there were three-way communications between Maria, the other staff member and I over telegram. The conversations evolved into a discussion of the risks of being hacked and whether Maria's anti-virus software was up-to-date. After some back and forth between the "three of us" Maria was told by "me" that software she was using was different than that used by the rest of the company, and that it was important that she upgrade to use the same anti-virus software as everyone else. And then she was provided with a link to download and install that software by "me." I think we all know what type of anti-virus software the hacker gave Maria to install.

    I've always assumed that hacks were mostly accomplished by hackers finding people that engaged in risky behavior like opening email attachments from untrusted sources that might carry a payload. I can now see that there are a set of hackers that engage in this sort of more sophisticated deception of successfully impersonating someone the victim knows and trusts. Of course, as soon as the hacker gained access to Maria's email and social media accounts after hijacking her personal computer, the level of deception evolved considerably with the hacker impersonating Maria using her own accounts. I don't know, but I now wonder if some significant portion of the stories one hears about people sending money to "help" a relative with a fake emergency are based on the hacker first monitoring compromised email or other communications channels and then finding exactly the right way to strike knowing the history of exchanged messages and details of the relationship between the parties.

    Michael
    GPWA Executive Director, Casino City CEO, Friend to the Village Idiot

    Resources for Affiliates: iGamingDirectory.com, iGamingAffiliatePrograms.com, GamingMeets.com

  16. The Following 4 Users Say Thank You to MichaelCorfman For This Useful Post:

    covers (22 December 2021), ddm (28 July 2021), GPWA Maria (2 August 2021), TheGooner (28 July 2021)

  17. #9
    ddm
    ddm is offline Former Member
    Join Date
    July 2006
    Posts
    1,126
    Thanks
    418
    Thanked 469 Times in 287 Posts

    Default

    pretty nutso.
    maria was gonna delete her PC.
    i reminded her that it's evidence, and needs to be forensically examined + mirrored by the feds, no doubt..
    [especially if insurance claims etc.. ]
    I hope someone called the fricking cops on these twats.

  18. The Following User Says Thank You to ddm For This Useful Post:

    GPWA Maria (2 August 2021)

  19. #10
    MichaelCorfman's Avatar
    MichaelCorfman is offline GPWA Executive Director
    Join Date
    June 2004
    Location
    Newton, MA
    Posts
    4,271
    Thanks
    900
    Thanked 5,527 Times in 1,781 Posts

    Default

    Quote Originally Posted by ddm View Post
    her PC ... it's evidence, and needs to be forensically examined + mirrored by the feds, no doubt..
    I don't think there is anything the feds are going to do... Maria is not located in the United States, and, even if she were, the damages are not significant enough that they would spend the time necessary to accomplish anything considering all of the other hacks going on these days with far more severe consequences (this was an attack on a single PC that was operated remotely outside of our corporate network).

    We do know the hacker's IP addresses were all in the Philippines (at least a half dozen different IP addresses were used), not that I think that is likely to be helpful since all of the activity was probably proxied through other hacked PCs. I also don't believe there are any insurance claims to be made.

    Hacker's do this because there is little recourse, and right now the chance of anything happening to them is vanishingly small. So at the moment it is a cat and mouse game with little risk to the cat.

    Michael
    GPWA Executive Director, Casino City CEO, Friend to the Village Idiot

    Resources for Affiliates: iGamingDirectory.com, iGamingAffiliatePrograms.com, GamingMeets.com

  20. The Following User Says Thank You to MichaelCorfman For This Useful Post:

    GPWA Maria (2 August 2021)

  21. #11
    ddm
    ddm is offline Former Member
    Join Date
    July 2006
    Posts
    1,126
    Thanks
    418
    Thanked 469 Times in 287 Posts

    Default

    ok.
    Last edited by ddm; 29 July 2021 at 2:30 am.

  22. #12
    GPWA Maria's Avatar
    GPWA Maria is online now APCW/GPWA Program Manager
    Join Date
    November 2010
    Posts
    3,189
    Thanks
    1,026
    Thanked 436 Times in 302 Posts

    Default

    Hi Guys, I am back now!

    Just a quick update.

    I can see that the hacker has sent skype requests with this ID live:dpatrickmil plus my picture and they have also used this ID Live:.cid.feb20d1246e8853c with our finance lady’s picture.

    Please be aware that Telegram profile Maria_GPWA has also been created by the hacker. The hacker is targeting affiliate program's teams using Telegram in a big way.

    My advice is to trust no one and just make a call with anybody you are planning on sending money to or whenever you feel that something doesn't feel 100% right.

    I know you may say "I am clever, this will never happen to me", but I would say that, you are clever until you are not.

    Please email me directly if concerned with communication over social media, if you wish to verify me..


    Keep safe!
    Feature your Affiliate Program with us and enjoy the rewards!

    Regards,

    Maria Florides
    GPWA Program Manager
    GPWA.org | iGamingAffiliatePrograms.com | FinanceAffiliatePrograms.com | GPWAtimes.org | iGamingPocketDirectory.com | APCW.org

    Mob: +35796453758 | Skype: Maria.florides1 | Email: Maria@gpwa.org

  23. The Following 3 Users Say Thank You to GPWA Maria For This Useful Post:

    celena (2 August 2021), LowFlyingBird (16 August 2021), tamaru (13 August 2021)

  24. #13
    celena's Avatar
    celena is offline Private Member
    Join Date
    July 2008
    Posts
    1,813
    Blog Entries
    1
    Thanks
    3,741
    Thanked 2,215 Times in 1,080 Posts

    Default

    Ho la la Maria! I hope everything is better. I will look at Skype, in the emails I received.
    Incredible!

  25. The Following User Says Thank You to celena For This Useful Post:

    GPWA Maria (2 August 2021)

  26. #14
    DaftDog's Avatar
    DaftDog is offline Private Member
    Join Date
    October 2008
    Posts
    1,921
    Thanks
    566
    Thanked 671 Times in 390 Posts

    Default

    It's called social engineering.

  27. #15
    ddm
    ddm is offline Former Member
    Join Date
    July 2006
    Posts
    1,126
    Thanks
    418
    Thanked 469 Times in 287 Posts

    Default

    - weird how GPWA doesn't have a notice on homepage about this - also nothing on your GPWA group on Linkedin.

    - also weird how you don't mention that others in your org have been compromised and their identities are being used to scam people.
    (I heard two others have been compromised... )

    it's almost like you don't care about protecting your business connections from getting scammed.

  28. The Following User Says Thank You to ddm For This Useful Post:

    GPWA Maria (3 August 2021)

  29. #16
    GPWA Maria's Avatar
    GPWA Maria is online now APCW/GPWA Program Manager
    Join Date
    November 2010
    Posts
    3,189
    Thanks
    1,026
    Thanked 436 Times in 302 Posts

    Default

    Morning ddm,

    I am doing the rounds today, adding some info on social media about the hack.

    Take care.
    Feature your Affiliate Program with us and enjoy the rewards!

    Regards,

    Maria Florides
    GPWA Program Manager
    GPWA.org | iGamingAffiliatePrograms.com | FinanceAffiliatePrograms.com | GPWAtimes.org | iGamingPocketDirectory.com | APCW.org

    Mob: +35796453758 | Skype: Maria.florides1 | Email: Maria@gpwa.org

  30. The Following 2 Users Say Thank You to GPWA Maria For This Useful Post:

    celena (6 August 2021), rmeeuwsen (3 August 2021)

  31. #17
    GPWA Maria's Avatar
    GPWA Maria is online now APCW/GPWA Program Manager
    Join Date
    November 2010
    Posts
    3,189
    Thanks
    1,026
    Thanked 436 Times in 302 Posts

    Default Impersonator is making the rounds today

    Hi All,

    One of our clients got a call from me apparently, but they forgot to change the picture.

    They added her to a group, then gave her a call.

    Name:  Impersonator.PNG
Views: 297
Size:  62.6 KB

    If anybody knows this manager, please tell him that his picture is being used or perhaps he is involved ( not sure wat to think)

    Name:  Impersonatormaybe.PNG
Views: 300
Size:  109.2 KB

    Have a good weekend!
    Feature your Affiliate Program with us and enjoy the rewards!

    Regards,

    Maria Florides
    GPWA Program Manager
    GPWA.org | iGamingAffiliatePrograms.com | FinanceAffiliatePrograms.com | GPWAtimes.org | iGamingPocketDirectory.com | APCW.org

    Mob: +35796453758 | Skype: Maria.florides1 | Email: Maria@gpwa.org

  32. The Following User Says Thank You to GPWA Maria For This Useful Post:

    celena (6 August 2021)

  33. #18
    Anthony's Avatar
    Anthony is offline Affiliate Services
    Join Date
    June 2003
    Location
    Everywhere
    Posts
    7,099
    Blog Entries
    67
    Thanks
    2,045
    Thanked 3,396 Times in 1,781 Posts

    Default

    Quote Originally Posted by ddm View Post
    - weird how GPWA doesn't have a notice on homepage about this - also nothing on your GPWA group on Linkedin.

    - also weird how you don't mention that others in your org have been compromised and their identities are being used to scam people.
    (I heard two others have been compromised... )

    it's almost like you don't care about protecting your business connections from getting scammed.
    All our our business connections were individually contacted, that was the first thing we did. I am not aware of any other GPWA accounts being compromised. There is an attempt to make fake connections and we have posted those counterfeit accounts in this thread and will continue to make updates as we get them. If you have any additional information please send me a PM so we can review and add to this thread.
    I am here to help if you have any issues with an affiliate program.
    Become involved in GPWA to truly make the association your own:
    Apply for Private Membership | Apply for the GPWA Seal | Partner with a GPWA Sponsor | Volunteer as a Moderator


  34. The Following User Says Thank You to Anthony For This Useful Post:

    ddm (7 August 2021)

  35. #19
    FreeSpins is offline Public Member
    Join Date
    June 2016
    Posts
    323
    Thanks
    121
    Thanked 172 Times in 104 Posts

    Default

    @GPWA Maria


    Since all Skype accounts are Microsoft accounts, you can check the Recent activity page for login activity. Possibly you can check location and/or IP? This info might be very interesting.

    hxxps://support.microsoft.com/en-us/account-billing/check-the-recent-sign-in-activity-for-your-microsoft-account-5b3cfb8e-70b3-2bd6-9a56-a50177863357

    Btw, as far as I know, he is from 7Bit (Ukraine).

  36. The Following 2 Users Say Thank You to FreeSpins For This Useful Post:

    Anthony (6 August 2021), ddm (7 August 2021)

  37. #20
    GPWA Maria's Avatar
    GPWA Maria is online now APCW/GPWA Program Manager
    Join Date
    November 2010
    Posts
    3,189
    Thanks
    1,026
    Thanked 436 Times in 302 Posts

    Default

    Quote Originally Posted by FreeSpins View Post
    @GPWA Maria


    Since all Skype accounts are Microsoft accounts, you can check the Recent activity page for login activity. Possibly you can check location and/or IP? This info might be very interesting.
    hssps://support.microsoft.com/en-us/account-billing/check-the-recent-sign-in-activity-for-your-microsoft-account-5b3cfb8e-70b3-2bd6-9a56-a50177863357

    Btw, as far as I know, he is from 7Bit (Ukraine) !!
    Thank you very much. I will try to reach out to him, so I can make him aware of this.
    Feature your Affiliate Program with us and enjoy the rewards!

    Regards,

    Maria Florides
    GPWA Program Manager
    GPWA.org | iGamingAffiliatePrograms.com | FinanceAffiliatePrograms.com | GPWAtimes.org | iGamingPocketDirectory.com | APCW.org

    Mob: +35796453758 | Skype: Maria.florides1 | Email: Maria@gpwa.org

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •