IMPORTANT Caution re possible Phishing or Malware re beer groups

Have a question or want to show off your project? Post it! No Registration Necessary.  Now with pictures!

Threaded View


This is an important warning to all homebrewers.  There is a strong
possibility that someone is harvesting email addresses from one or more
homebrewing forums and is using a fake website to plant malware or
exploit visitors in a phishing scheme.  In order for this possible
scheme to work, homebrewers would be targeted and the rogue site would
be made to appear like a legitimate site of interest, in this case "Sam
Adams".  This is why I'm suspicious and posting this warning; today I
received the following email from estore@bostonbeer.com ...:

***Begin***
Bill Velek

Here is your login information for the bostonbeer.com Web site.

Email    : billvelek@alltel.net
Password :

If you would like to change the password indicated above please follow
the link below.
http://businessflow.cas07.mainstreetcommerce.com/3.9.4/checkout/customer_resetpass.aspx?domain=bostonbeer.com&customer_guid=37efa99f-1d1b-4522-90e3-fde1d7cdc498
You can access your customized information by entering the login
information above when asked.

http://216.139.237.127/ ***End***

Because I couldn't recall making any attempts to register on that site,
and because the use of an IP address is a telltale sign of phishing
efforts, I decided to investigate by manually entering the URL for
bostonbeer.com ... which took me to a site that _looks_ like a
legitimate Samuel Adams site.  But knowing how easy it is to copy a
site, and that most phishers will usually try to trick visitors by
making things look as authentic a possible, I did some more digging.
First, Sam Adams already has a website under the name of
www.samueladams.com ... so why would they have two different names?
Second, I did a whois check on the above IP address, and it is _NOT_
registered to Samuel Adams, but instead is registered to Southwest
Ventures in Austin, Texas, whereas the official www.samueladams.com site
is actually registered to the Boston Beer Company in Massachusetts.
Here are links to the two 'WhoIs' searches that I did:
http://www.networksolutions.com/whois/results.jsp?ip=216.139.237.127 http://www.networksolutions.com/whois/results.jsp?domain=samueladams.com
This is _mighty_ suspicious, so I've notified the Sam Adams company and
asked for verification; meanwhile, I caution everyone to be very leery
of any such emails.

Cheers.

Bill Velek - PERSONAL sites = www.velek.com & www.2plus2is4.com
740+ homebrewer group just for Equipment: www.tinyurl.com/axuol
370+ just for Growing Hops/Herbs/Grains: www.tinyurl.com/3au2uv
NEW group just for Homebrewing Supplies: www.tinyurl.com/2wnang
Join 'Homebrewers' to Help Cure Disease: www.tinyurl.com/yjlnyv

Re: IMPORTANT Caution re possible Phishing or Malware re beer groups


Quoted text here. Click to load it

Good work, BIll!!!

Damn spammers and malware idiots!!!


Fixed the links for the 'WhoIs' searches


The links ran together on the original post and don't work, so I've
fixed them.  Here are links to the two 'WhoIs' searches that I did:

http://www.networksolutions.com/whois/results.jsp?ip=216.139.237.127
http://www.networksolutions.com/whois/results.jsp?domain=samueladams.com
Bill Velek

Follow-Up: I heard from Boston Beer Co. / Samuel Adams


This morning I spoke with Kathy Wade, counsel for the Boston Beer
Company, and she forwarded my information to their IT department; I then
received a phone call from Jay Barry, Systems Manager at their company.
  He explained that their company made an error yesterday while trying
out a new estore development of some sort, and had loaded the wrong
database using their regular email list rather than one pertaining to
their estore.  In addition, the reason they had used an IP address
rather than a DNS is that they they are still in the test phase and just
hadn't gotten around to getting a domain name for that yet.  He said
that I was correct to be concerned, under the circumstances, but that
the email did come from the Boston Beer Company and that there is
nothing to be worried about.  He also explained that nobody's
information has been compromised in the least, and he apologized for the
inconvenience.  So this was a false alarm, but I hope everyone can
appreciate why I posted the warning, especially when a password has
never been needed to enter either the Samuel Adams website nor the
Boston Beer Company website, plus the use of an IP address (a classic
trait of phishing), and that I had never made a purchase at their estore
nor applied for a password.  It had all the signs of being a phishing
scheme, but fortunately it was not.  Sorry for any inconvenience I've
caused, but it's always better to err on the side of caution.

Cheers.

Bill Velek

Site Timeline