Email Warning of Compromised Account(s)

[Alfred]

44 minutes ago, dutchshader said:

Strange, the forum account was hacked. But this account has nothing to de with the affinity account where you download the software.

 

That's a good point: perhaps we shouldn't assume that it was a forum account rather than an Affinity Store account! I suggest that we await clarification from the OP.

[R C-R]

2 hours ago, American said:

At the beginning of the Easter holiday (Thursday or Friday, I'm not sure which), I received an email warning me that potential threats possibly emanating from the Ukraine triggered a warning from Affinity to me.

How certain are you that the email actually came from Affinity? It is not unusual for spammers to send things like this, pretending to represent some company, & often asking you to use a link provided in the email to change your password or provide other personal information. Except the link is not really to the company's site & any info you enter on the fake version controlled by the spammers is mined for nefarious purposes.

[Pšenda]

 

[dutchshader]

1 hour ago, Alfred said:

 

That's a good point: perhaps we shouldn't assume that it was a forum account rather than an Affinity Store account! I suggest that we await clarification from the OP.

In the other post the op is talking about forum usernames.

[Alfred]

23 minutes ago, dutchshader said:

In the other post the op is talking about forum usernames.

 

In the first post to the current thread there is a reference to two forum accounts, after which “another Affinity warning regarding the threat of a compromised account” is mentioned, so I’m really not sure just how many different accounts there are, or where they are.

[Callum]

Hi American,

 

Welcome to the forums

 

Please could you email affinitysupport@serif.com with a copy of the email you received so we can look into this for you.

 

Thanks

C

[GDPR-354025]

11 hours ago, Callum said:

Hi American,

 

Welcome to the forums

 

Please could you email affinitysupport@serif.com with a copy of the email you received so we can look into this for you.

 

Thanks

C

Yes, I will do this, and thank you for the response. 

 

[EDIT: And I would like to know why I received notifications about none of the above responses to my thread-post, whereas on March 30, I received notifications by email and also on the desktop of my laptop. If someone turned off this capacity on either of my two accounts, please turn it back on. Thank you.]

[Alfred]

If you choose to ‘follow’ a particular thread, you will receive the notifications you ask for, but only for that thread. If you want to receive notifications of updates to every thread where you participate, you need to change your Notification Settings.

[GDPR-354025]

I didn't change them between March 30 and today. But they changed. That's why I ask.

 

[Sweet Fancy Moses! I just realized that all day March 30, I received Notifications for "American" at the "Tired of Being Hacked" email. I'm getting vertigo.]

[Callum]

I'm quite confused as you have multiple threads regarding this issue and it is becoming difficult to follow them all. In one thread you suggested that the account under the username American is locked out and you are unable to log in as the details were changed however as shown above you are currently logged into that account. Could you please explain exactly what is happening with your accounts. I understand you have received failed sign in attempt emails with an ip address leading to Ukraine but are you having any issues actually logging into the accounts? I will be merging these threads so i apologise in advance if this thread is a mess.

 

Thanks All

Callum

[GDPR-354025]

That is why I edited the response above yours: I am now 105% confused.

 

1) Download Affinity update sometime last week.

2) Receive--at email address belonging to "Tired of Being Hacked"--warning of Ukraine break-in attempts. 

3) Not realizing I have two Affinity accounts, I spring into action believing this warning pertains to "American."

4) Am locked out, using correct password.

5) Request Password Change.

6) Affinity auto-response is sent to email address belonging to "Tired of Being Hacked" (which I wrongly believe is email address associated with "American").

7) Attempts to change "American" password unsuccessful.

8) Post to Forums about this frightening occurrence. (This all is on Holy Thursday, after which I go to sleep.)

9) Receive responses from various forum users, one of whom is the endearingly ubiquitous Alfred, who informs me I have two accounts.

10) Lightbulb goes off. I go to a different webmail account, where I find another warning about attempted hacking. THIS EMAIL, not the first email, account belongs to "American."

11) I go to Forums and successfully change password for "American," because I logged on to the address request change from the correct email account (I suppose).

12) I say, "suppose," because WHY DID I RECEIVE A REQUEST FOR PASSWORD CHANGE AT THE EMAIL ACCOUNT NOT ASSOCIATED WITH "AMERICAN?"

13) Forum users tell me to write to you after Tuesday, because of something called Armageddon.

14) La voila.

 

[EDIT: If you merge these two threads, people will think, not without reason, that I'm past the early stages of cognitive degeneration. Merging them will help no one.]

[dutchshader]

Like i said before, you downloaded affinity from the affinity store, and this account has nothing to do with the forum account.

[walt.farrell]

First question: Are you currently locked out of anything? If so, which account, and are you locked out of the Affinity Store, or the forums? (Presumably American is, at least, not locked out of the forums )

Second question: Are you aware that your forum account, and your Affinity Store account (where you download the software) are totally independent? They may (or may not) have the same email address, and they may (or may not) have the same password. It is possible for you to be locked out of one, but not locked out of the other.

(@dutchshader beat me to it )

[R C-R]

9 minutes ago, American said:

2) Receive--at email address belonging to "Tired of Being Hacked"--warning of Ukraine break-in attempts. 

This sounds like a phishing attempt -- a fraudulent email purporting to be from a reputable company like Serif that is really from someone else. The sender's email address can be forged easily, so you cannot assume the email actually was sent from Serif. Typically, these things urge you to do something ASAP to avoid some problem (like being locked out of an account), the intent being to panic you into doing something ill-advised that gives them access to some of your private info, or simply to verify that the email address is a real one & can be sold to spammers who want to send junk mails only to real email accounts.

 

So, what in the email has convinced you that it actually came from Serif?

[Callum]

Thank you for your input everyone

 

I think I know what has happened here. I can confirm that you have 2 accounts and that you did receive 2 unauthorised login attempt emails from us. I will detail what I think has happened below

 

Someone has attempted to log into your account linked to your Yahoo email address this account is Not the one named American. This attempt was made by someone from the Ukraine and was flagged as an attempt to hack into your account. Id imagine that you read this email and then immediately attempted to log into your account. However when you attempted to log into the account linked to your Yahoo address you tried to use the details for the account linked to your gmail address. Wether it was your password or username that was being entered wrong I am unsure of as I can't see that kind of information I'd imagine no one can. Logging in using the incorrect details for your gmail address flagged another unauthorised log in attempt however this time the address was in America and not Ukraine. Because of this fact I believe the second email to be a result of you trying to log in and not hackers. Every now and then something like this will happen and you may receive an email saying someone has tried to log into your account so the original email is nothing to worry about. However I would recommend changing the passwords of your personal accounts just to be double safe.

 

Thanks

Callum

[R C-R]

@Callum, just for future reference, is there something in these unauthorised login attempt emails from Serif that we can use to verify that they really are from Serif? I have never received anything like that but I notice that all my emails from Serif include a "Hi <my first name>" reference. That doesn't guarantee that it really is a legitimate email but it is better than nothing.

[Pšenda]

12 minutes ago, Callum said:

double safe

 

Hallo Callum. Do not plan two-phase login to Affinity store?

[Callum]

These emails will always come from an @seriflabs.com address  

[Callum]

Just now, Pšenda said:

 

Hallo Callum. Do not plan two-phase login to Affinity store?

I'm sorry I'm not sure what you mean exactly?

[Pšenda]

1 minute ago, Callum said:

I'm not sure what you mean exactly

 

Like Google, Facebook, Dropbox, MS, ....

First step: UserName + Pasword.

Second step: Code, that was sent to the SMS.

[Callum]

I understand what 2 step authentication is I just didn't understand your question. I'm not sure if it is something we have any plans for but I can ask and get back to you

 

C

[R C-R]

16 minutes ago, Callum said:

These emails will always come from an @seriflabs.com address  

Understood, but it is not hard for scammers to fake a sender's email address.

[walt.farrell]

18 minutes ago, R C-R said:

Understood, but it is not hard for scammers to fake a sender's email address.

However, if you look at the detailed headers (usually hidden by your email client, by default) you can examine the "Received" lines, and from then you can tell where the email originated. Some of those lines can be faked, too, so it's not-trivial to do the analysis. But it's usually not to difficult to spot a fake vs a legitimate email that way.

 

(Note: I don't think this will work easily for the marketing emails from Serif, as they're sent through a third party. But for the hacking emails we're discussing it should work.)

[GDPR-354025]

I attempted to post a fairly lengthy refutation of Callum's explanation, which I agree is correct, but with a big caveat. I clicked "Submit Reply," and it disappeared, the whole dissertation . I'll attempt to resubmit it after some severe weather. 

 

Alfred and another user's discussion of the Affinity Store account being distinct from the Affinity Forum account got my weary brain wondering if credit card information was what the unkind hackers were attempting to get at. But even if this is the case--and I gots to know if it is--I should never have received Notifications for "American" at the Affinity Store account...for a year-and-a-quarter, or however long I've had Affinity (for which I created the "American" Forum account). God knows, my bank has so much money I had to send some into space in Elon Musk's glove box, but still...

 

So let me know if along with the coming tornado, this falls into the category of fair-to-medium Dark Hours.

[Alfred]

5 minutes ago, American said:

I should never have received Notifications for "American" at the Affinity Store account

 

Your Affinity Store account is tied to an email address, not a username, so you won't ever receive notifications for "American" at the Affinity Store.