šŸšØ Urgent - suspicious messages being received by members - do not open them!

Thank you @Sam_F

I just would like to request for THS to publish a transparent report about this incident and the implications for members information. I believe this is a legal requirement in these circumstances.

I appreciate measures might be put in place to prevent this happening in future, but we need to know how exposed our personal information has become.

I understand as @pietkuip mentions, that id information is stored elsewhere, but we need to know with clarity if this was also at risk as well as our other personal details.

By this time, it would be welcome and necessary that communication from THS is sent to members with clear and transparent information about what information has been accessed, by whom, and what measures have been put in place to minimise damage.

I believe THS will also be responsible for ensuring that if any harm comes from this economical or otherwise, that they will cover it.

When my pension system was hacked, they offered a free service via another company to check if our details had been stored elsewhere illegally. I would suggest something of this kind at least.

Thank you

Elena

2 Likes

Just to add that the issue remains that in the first place someone has got hold of our details in order to be able to send emails to our personal addresses and via the app to get to our bank details.

Without the initial step, the second would not have taken place.

Regards,
Elena

1 Like

Has anyone been sent a message to their personal email? The message that we received came through the THS system.
This may be because we opted out of receiving emails from THS

Got it too. Ithad disappeared before I tried to access.

Hello @ElsieDownie

We received an email, after the invite had been generated from within the THS system. We get notified via email when activity has taken place in the app: invites, declines, new favourite sits, etc.

So the email is a second step after the activity had taken place and it just contains the notification that has been grnerated within the app.

If you have opted out, you would not have received the email, but you might have still received the rogue invitation via the system. I belive they have now been removed, if that were your case.

1 Like

@ElsieDownie
both of the sit invites came to our personal e-mail .
They looked exactly the same as a normal sit invitation.
The e-mail said it was from Trusted House Sitters . It had the same layout, headings , font, text and information as the usual THS sit invitation.

The only thing that was odd was that it was a one day sit starting today ( sent yesterday ) and then when the second one came it was so for the same date but different country .

Anyone in U.K. who is concerned that they have received a spam suspicious e-mail can forward the email to NCSC ( National Cyber Security Centre ) who will investigate it .

report@phishing.gov.uk

2 Likes

THS are saying this is a phishing attempt but seeing as there has been suspicious communication within the app, Iā€™d be inclined to believe this was a hack too, rather than only a phishing attempt.

I wonder when THS will be able to clarify.

1 Like

Hi @Elena

If I receive any further updates on the situation Iā€™ll be happy to share them with the team, but it may be better to share any concerns directly with Membership Services as the Forum is limited in what it can do.

I am happy to pass over the feedback in your post as I completely understand where youā€™re coming from, and I can let you know if I receive a response.

Jenny

1 Like

I suggest an email is sent to ALL members immediately.
The majority of members are not on the Forum and are totally unaware of the issue.

1 Like

Hi @Twitcher

Emails have been sent to anyone affected, so people who arenā€™t members of the Forum have now been notified.

@Jenny, when you say affected do you mean they have received the dodgy invite or they have been hacked?
I received the dodgy invite but have received no email so far.
Thank you

Hi @Twitcher

The incident relates to suspicious messages that were sent, and itā€™s my understanding that if anyone received one of them, they should have received an email.

If you received one of the messages/invites but didnā€™t receive an email then I would recommend contacting Membership Services as I was of the understanding that they were all sent out yesterday.

If I see more reports of the email not being received by Forum members, then I can follow that up. Did you do the usual e.g. check your spam folder?

Jenny

Hello everyone,

I have an update from the team to share with you. This is the only information that the Forum team have, so any questions or concerns should be directed to Membership Services, but if you need a hand, or if youā€™re struggling to speak to someone, please tag me and Iā€™ll do my best to help :slight_smile:

Now, hereā€™s the update from the team:

"Thanks for all of your comments on this thread. We can confirm that the incident has now been resolved.

Here is a quick overview of what happened and what action Trustedhousesitters have taken.

What Happened?

We identified a phishing attempt targeting TrustedHousesitters members using our platform messaging functionality.

The messages either claimed to be from a TrustedHousesitters member or a TrustedHousesitters employee.

The message was attempting to make the recipient click on a link and enter their payment card details.

What has TrustedHousesitters done about this?

Upon being made aware of this incident, we immediately deleted all of the phishing messages.

We identified the source member accounts of the phishing messages and blocked any future attempts to send unauthorised messages.

Weā€™ve temporarily removed the ability to share website links within the messaging functionality. We will be reintroducing this once we have completed a review of this functionality.

Our investigation, which is ongoing, initially indicates the incident was caused by 3 member accounts being compromised/hijacked due to the use of shared or weak passwords. Email addresses and passwords garnered in other (not TrustedHousesitters) website breaches are easily available on the dark web, hence the importance of never reusing passwords across different Apps and websites.

Is my account compromised?

If you received the phishing message but did not provide any information or click on links, your account is likely safe. However, we recommend changing your password immediately as a precaution.

If you provided any personal or financial information, please take the following steps immediately:

  • Contact your bank or card issuer to report the incident immediately.
  • Monitor your accounts for any unauthorised transactions.
  • Change your TrustedHousesitters account password.

What should I do if I receive a phishing message?

Thank you to everyone who took the time to come and report what was happening here on the Forum. If there are any further updates Iā€™ll share them in this discussion post.

Jenny

2 Likes

I havenā€™t seen an email yet despite receiving the invite to sit (although not the account cancellation bit). I do think all members irrespective of whether they are affected should be notified so they can be on alert in case something similar happens again.

2 Likes

I hear you @LizBCN - Iā€™ll start keeping a note of anyone in this discussion that mentioned they didnā€™t get an email. Iā€™ve already passed over previous feedback from members around emailing everyone, so the team are aware that Forum members have suggested it :slight_smile:

I received the 2 invitations on my app. I clicked but nothing happened,
I have not received an email

I didnā€™t get the e-mail from THS about this , I checked spam junk folders nothing there either.

I have subsequently contacted member services who have replied . BUT I didnā€™t get the e-mail which was supposedly sent to all affected members .

Thanks to those who have mentioned not receiving one of the emails - Iā€™ve now asked the team for advice and offered to gather any information that might be useful. Bear with me and Iā€™ll update if/when I can.

2 Likes

I received one of the phishing messages, Jenny, but have not received any email from THS. I appreciate that this isnā€™t your fault, but itā€™s a pretty poor show from the THS management team and lucky that Iā€™m on the forum otherwise Iā€™d have had no idea what was going on. I would like an email sent outlining what has happened. Many thanks.

3 Likes