Dragon Ordnance site/email compromised.

[king_geno]

Today I was reached out to who I believed was DO, as they used a PREVIOUS email /order thread that was saved with all of my order information inside of it.

He said they were running a BOGO and to respond with what I wanted and send to an address in the email (NOT how you usually pay with DO)

I, not first looking here on SST like an idiot, thought it was legit and sent $280 to the address thinking that it was DO.

Now I have every reason to believe it was not. Again, this came from a previous order thread that whoever is doing the scamming HAD, including my shipping address which he sent to me to verify!

MODS @CaptainAmerica and @DragonOrdnance please look into this

 

[bvsst]

@king_geno yeah unfortunately a few of us got roasted by this. I posted about it in the source thread as well when it happened to me.

 

[king_geno]

@bvsst thank god it wasnt a larger order. I still hope @DragonOrdnance can step up and resolve this for all of us. I don’t care if I have to throw a little extra money at it, but I’d at least like to get something out of the whole ordeal instead of nothing at all

 

[heavysaturday99]

So is the whole site / all orders today fucked?

 

[CaptainAmerica]

Regardless of a continuing chain, you guys have to be vigilant on this. We have a lot of phishing because BTC is easy to take and not to get back vs a credit card fraud transaction. There’s posts after posts after posts on this from all sources and a mod announcement. It happens all to frequently, and we can’t fault the source.

I CANNOT stress this enough! Check your emails for spoofs. Sending to a saved name but the email behind the name is incorrect? That’s a phish. Misspelling in the email address? That’s a phish.

All parties need to be vigilant but it’s typically the users that get phished because they’re sending the money. Change your passwords frequently folks.

 

[Liska]

@CaptainAmerica This case is different, as the mail matched the one stated on the DO website (which I would think has access to the same devs/resources as Brewly, which presented itself as so secure as to pose a $10.000 bounty to those successful in hacking it for customer data) if the story presented here is true.

This isn’t a criticism of DO as if it can happen to him, it can happen to absolutely any other site (including SST & Meso) but to illustrate how serious an issue this may be beyond what has been previously known.

 

[trenreptile9]

Double check the latest reply in the email thread. The email asking you to send the payment, is that for sure from DO’s official email or an email very similar? If someone phished you and had access to your email, they can use their own email to reply to a thread in your sent folder, so the whole thread might appear to come from DO, except that last email which is from the perpetrator. Just something worth checking just to be sure.

If even the email asking for the payment is from DO’s official email, DO has bigger problems.

 

[OMCB]

I had valiant labs reach out to me using a previous email thread in which they replied saying they were running some specials for their returning customers before they changed sites. I didn’t respond and then a few hours later they sent another with just “?”
I never responded because it seemed sketchy AF to begin with and I’ve never had a source reach out to me individually. I checked the site and saw nothing about any returning customer specials. So I’m guessing this was a similar occurrence.

 

[king_geno]

@trenreptile9 considering this just happened to a bunch of other people, it’s not an individual phishing issue. This guy had access to DO’s emails

 

[DragonOrdnance]

@Liska Kinda wrong of you to come in here and spread misinformation like that. There is a source complaint that stated they saw this email on the website, but theres a comment literally (20 seconds) after his that stated he saw another email instead ( the correct one.)

I’m not sure if its possible to somehow change the xml on a live website for everyone to see it temporarily, and it somehow shifted, but do you really think I have this kind of 24/7 vigilance and reaction speed to change that page so fast, that a post 28 seconds afterwards, didn’t see it?

I’m sorry to anyone who has been affected by this phiser. It happens to the best of the sources here. Its the same as receiving emails that your protonmail needs a password reset.

 

[Forthewin1123]

@king_geno sorry you got scammed man. Just a small piece of advice I was given is that sources will not email or contact you to make a sale. If they do it’s a scam. No matter how legit it looks. Sources shouldn’t and as far as I was told don’t contact people privately to make a sale. We all have made this mistake or one close to it and thats how we have learned. This isn’t a legal business therefore they can scam us alot easier and not fear any legal penalties or any penalties at all for that matter. We have to be so vigilant and sometimes we get tricked or we let our guard down or maybe not listen to our gut feelings. Anyway… glad it wasn’t a larger amount of money. $300 is $300… idc if it was just $30… still hurts

 

[ajx17]

@DragonOrdnance said in Dragon Ordnance site/email compromised.:

@Liska Kinda wrong of you to come in here and spread misinformation like that. There is a source complaint that stated they saw this email on the website, but theres a comment literally (20 seconds) after his that stated he saw another email instead ( the correct one.)

I’m not sure if its possible to somehow change the xml on a live website for everyone to see it temporarily, and it somehow shifted, but do you really think I have this kind of 24/7 vigilance and reaction speed to change that page so fast, that a post 28 seconds afterwards, didn’t see it?

I’m sorry to anyone who has been affected by this phiser. It happens to the best of the sources here. Its the same as receiving emails that your protonmail needs a password reset.

Assuming you’re referring to my post, which yes, it showed the ‘fake email’ listed in your contact section on your site, which I will post here again:

https://imgur.com/a/WTXUWLQ

There were two other people in my thread who verified they saw this same email listed on your site.

I saw it was changed shortly after you posted in my thread, so I want to know why it was changed after that? Don’t you agree that its a bit suspicious that the email was changed shortly after I made that post? Regardless, this shows your website was compromised from this and its not just an individual email, and I would expect you to take some form of responsibility to resolve this.

 

[Liska]

@DragonOrdnance I did not ‘spread’ misinformation (since it’s all contained in this thread) nor mean to, I apologize if I worded things confusingly - the complaint stated the fake mail was on the website and showed a screenshot of this, and that later on the correct mail was listed on the website again.

Noone is blaming you by the way, this kind of phishing/potentially hacking is not something any source can directly protect against, especially not on short notice.

 

[DragonOrdnance]

@ajx17 “shortly” is a understatement. I didn’t catch that - a poster who posted 28 seconds exactly after you caught that it was different. Do you really think I have the eyes on sst constantly to change something under 30 seconds, only to have someone else comment on it?

I’m sorry man. I’m not sure what you saw. I honestly wish this didn’t happen. But the site is secure as ever recently.

I unfortunately have the motto that the customer is always right, but a claim that the site had a warped email that isn’t mine is something I either have to confirm or deny, and unfortunately, was not the case, at least when I checked it. I don’t want to say you’re wrong, but its just not what I saw.