We noticed that you're using an unsupported browser. The TripAdvisor website may not display properly.
We support the following browsers:
Windows: Internet Explorer, Mozilla Firefox, Google Chrome. Mac: Safari.

security and scam email

london
Level Contributor
10 posts
6 reviews
Save Topic
security and scam email

2 days ago I posted a review on tripadvisor. Today I received an email allegedly from the tour company which I was reviewing. It came supposedly from the owner of the company and as usual, a tale of woe about being mugged on holiday in London everything stolen, plane about to leave and money needed. Obviously a scam and definitely nothing to do with this tour company.

The email had Tripadvisor links all over it and it looks to me as if someone has found my email address through the site. Any ideas as to where the security leak has come from? Does it happen often?

Anything I should do? Advice please?

West Grey, Ontario
Destination Expert
for Toronto
Level Contributor
71,127 posts
85 reviews
Save Reply
1. Re: security and scam email

Hi LondonStarry;

Was this a message sent to you through TA's "Private Message" feature, or sent directly to your email address.

TA will NOT provide your email address to ANYONE, period. This person could not have obtained it from TA, even if they had asked for it.

Best Regards

london
Level Contributor
10 posts
6 reviews
Save Reply
2. Re: security and scam email

Hi Rescue Team,

Thanks for the reply. It came directly to my email address.

I didn't think that Tripadvisor would have given out my email address, but it seemed that someone has hacked into something somehow.

It was the fact that there were Tripadvisor links at the bottom and that I had just written the review that has made me think of a possible security problem. Especially as it was supposedly from the owner of the tour company I reviewed...

I shall just ignore it unless you want to see it!

Regards

London Starry

Chester, United...
Level Contributor
59,624 posts
65 reviews
Save Reply
3. Re: security and scam email

Please be assured that TA would not give out your e_mail address to anyone

What links did they post???

UK
Level Contributor
49,561 posts
92 reviews
Save Reply
4. Re: security and scam email

Please be assured that TA would not give out your e_mail address to anyone

======

FFMan , TripAdvisor DID give out many members emails. Not deliberately, someone hacked into their systems which were left unprotected through sheer carelessness / ineptitude. This was about a year ago, but LondonStarry has been a member longer than that, so it is possible.

I was spammed on the email address I used for TA , and its a made up one used only for TA, so definitely there was some spam as a result of this breach.

I suggest LondonStarry changes the email they use for TA, and their TA password.

I believe that TA has tightened up its procedures and processes and such a breach is not possible any more.

I can think of two other possibilities;

Its just a coincidence, but its quite a big one if its mentioning the exact company you reviewed only two days previously.

Or perhaps most likely, the leak is from the tour company. Did you use the same email with them, as you used with TA?

In any eventuality that email address now seems to be compromised.

NYC/Israel
Destination Expert
for Israel
Level Contributor
34,813 posts
35 reviews
Save Reply
5. Re: security and scam email

That email has been going around in various forms for a number of years. What changes is the name of the person have all the woes. It is apparently a virus in computers that matches addresses and information in your address book to create and send out these letters. It could have come from YOUR address book /computer as well as from TA's system.

UK
Level Contributor
49,561 posts
92 reviews
Save Reply
6. Re: security and scam email

rdglady my understanding of that virus is that if you receive such a message, it will have come from someone who has your address in *their* email address book, rather than yours.

If the OP's computer had it, I'd have expected all their contacts to be spammed in the same manner, and some of them to have contacted him asking if he was OK (or the more savvy ones, telling him he'd been infected).

So since this hasn't happened, its extremely unlikely to be his computer.

Chester, United...
Level Contributor
59,624 posts
65 reviews
Save Reply
7. Re: security and scam email

"FFMan , TripAdvisor DID give out many members emails. Not deliberately, someone hacked into their systems which were left unprotected through sheer carelessness / ineptitude"

I think you will find that the data was protected but just not well enough. Many other high profile companies were hacked at the same time

london
Level Contributor
10 posts
6 reviews
Save Reply
8. Re: security and scam email

Thanks so much for your replies and advice!

tripadvisor.com/Attraction_Review-g147374-d1…

…facebook.com/pages/…106616696067216

This was what appeared at the bottom of the email. I don't use facebook, so don't think it came via that. Anyway, I shall change passwords etc as suggested, check my own computer and hope for the best.

I was just wondering, if I post another review for a different company,( we did use several on our trip,) then sit back and see if it happens again, would that help identify the source?

Cheers everyone

London Starry

UK
Level Contributor
49,561 posts
92 reviews
Save Reply
9. Re: security and scam email

<<I was just wondering, if I post another review for a different company,( we did use several on our trip,) then sit back and see if it happens again, would that help identify the source?>>

Difficult to know - did you use the same email address for Trip Advisor as you used for the tour company? If you use the same email at multiple places, its very difficult to narrow the source down when one of them is infected.

However, if a Facebook link to the tour company is at the bottom of the scam email you got, then I'd say its almost certain that the tour company was infected and was the source, not TA. My thought process is that the virus is using their email to send the messages from the tour system, the tour companies email automatically puts a link to facebook at the bottom of each outgoing mail whether sent by a virus or person. Is that same link on other emails you got from them?

You might wish to contact the tour company and let them know you suspect a breach of their email address book. And on the basis of probability its much more likely that a little tour company has their system breached than TA, especially after TA has hardened it after last years breach.

<<I think you will find that the data was protected but just not well enough.>

FFMan, in my book, "not well enough" is the same as "not protected" :-)

london
Level Contributor
10 posts
6 reviews
Save Reply
10. Re: security and scam email

"Is that same link on other emails you got from them?"

Yes, you are right... thanks for explaining it for me. It must be an 'infection' from the tour company as you say. Perhaps the tour company gets notification when a review is posted, went to read it and that triggered the email...because as I said before it happened just after I posted the review.

Mystery solved I think; I shall email the tour company and warn them.

Many thanks again to everyone for their ideas and advice.