I just received this email and it went to my SPAM box. I presume it is PHISHING since I did not change my password. We have a George Crane in the roster but that is not his email address listed.
Please advise if I am incorrect.
Robert
I got the same email and went straight to the website to see if my credentials had changed.
I tried to get the website to send me my credentials but so far I have not received an automated response.
Straight to this website, not through any link provided -just to clarify.
Check with Paul Morris, the Webmaster, or Janet Lange, the Membership Chair to see if any changes were made. There was an issue a few weeks ago where the entire membership data base was accidentally corrupted and had to be re-installed. Maybe something similar happened today.
Looks like phishing to me. I did not get it, but my e-mail is incorrect in the database. Dave
I also received the email
Got the same email twice. Scam.
I am not aware of any changes to the website. I personally have not received the email. Sounds like phishing to me.
Janet Lange
It is PHISHING! DO NOT following the instructions in this email sent to various PAS members – it is a SCAM.
Earlier today there was an attack on a development website being used by PAS member George Crane. George is a very knowledgeable developer of websites. He created the development website for PAS to test some new capabilities with enhanced functionality that will lead to a new website replacing both our existing website as well as our membership database.
At the moment we believe that a small number of member email addresses were compromised. Almost minutes after the attack, these PHISHING emails were forwarded.
We are continuing to gather information about this attack and will be evaluating our security measures to counter similar attacks in the future.
Rich
I received the same email this morning. I replied to the email that I did not change the password.
Reggie & Janet Hankins
I too received this e-mail and realized It was a scam of some sort.
Robert Krauss
I haven’t received email, but I make it a rule to immediately delete and not reply.
Just as I’ve learned that if I’m silly enough to answer the phone, and someone unknown to me asks “Can you hear me?”, I never say “YES”, as they can record that and then use it as your verbal permission to charge a credit card or other mayhem to your checking account…..
One should never open links in emails of suspicious origin. If necessary contact the party directly.
And one should be highly suspicious…
I also received this email twice…..Ed
Me too twice also.. Jim
Me too
Likewise
Since the webmaster got hacked where do we change our passwords? Password look up didn’t help. Jim
Hi Jim and All,
Your password for this website, pierce-arrow.org, is safe. This website was NOT hacked. All user information on this website, pierce-arrow.org, is secure. In the 20-/+ years that this website, pierce-arrow.org, has been on the internet, the site has never been hacked nor information of our members compromised. Again, your current password for this site is safe and usable. There is no need to change your password. All passwords for all members are still usable and active.
The phishing email scam that was sent to our members was through a development website realted, but diffrent, to pierce-arrow.org. NO sensitive personal information has been compromised from that development website. The only information on the develolment site was names and emails, nothing more. The development website is an exploritory project to investigate ways to improve/update the current clubs website.
Thanks,
Ben Oakes
Ben, thank you for the second clarification post on this topic.
Both you and Rich Lang made clear that the problem pertained to a ‘development website’, not our own.
I would like to add that our 20 year run of success without a compromise isn’t luck, it’s due to the competent, thoughtful care of our webmaster, who is a long time PAS member and volunteer at the task.
I received two copies of the password change email on May 25. While the return Word Press address and [email protected] indicate something is wrong, the email addresses me by my PAS member password, which is very troubling. So I think we should know how that information was collected. Does this email timing parallel when we expanded interest through Facebook? and at a time when the newspapers are running stories about the vulnerabilities of that system? I hope we can find out.
Brooks