What's new
Van's Air Force

Don't miss anything! Register now for full access to the definitive RV support community.

Vans fake Phishing

wnplt

Well Known Member
Just got a phishing email from a spoof vansairforce email. Said I had a private message. Pretended I had been logged out of vans and wanted me to log back in to receive message. Looked very legit. Be careful! Web address came up
http forlums.com


[ED. Spammers are very clever. Treat every email carefully please. v/r,dr]
 
Last edited by a moderator:
Thanks for the heads up.
They can't even leave us alone here????
There are some profanity words come to my mind that I can't utter it on this page.
 
****!

I got one and signed in. Think I'll change my password. Should've been suspicious when I saw the word "forlum".
Danny
 
Change password

I got one and signed in. Think I'll change my password. Should've been suspicious when I saw the word "forlum".
Danny
If you use the same username or password elsewhere, change the password there as well.

Small reminder, you should never use the same password on different sites.
 
If you use the same username or password elsewhere, change the password there as well.

Small reminder, you should never use the same password on different sites.

And a reinforcement of the reminder: the people doing phishing don't care about accessing your VAF account, they just want a valid user/pass combo you've used anywhere, which they'll then try to use on things you care about, like your bank and credit card accounts.
 
Honestly, you should not put any private info into this forum. Or use passwords from other sites.

It's running vBulletin 3.6.8 which is, quite literally, 11 years behind in updates. Every one of the CVE vulns listed applies.

It's also running PHP 4.3.10 which is not supported and 15 years out of date. I'd post the list of CVE vulns but it's massive and just doesn't matter since it stopped receiving updates 31 Mar 2005.

And it's running IIS/6.0 which is vulnerable to CVE-2017-7269 which is a unpatchable 0-day remote takeover vulnerability.

On top of that, it doesn't run over https.

So, unless all those versions have been falsified to throw people off, it's a miracle that the site hasn't been compromised.

Edit: I do want to point out that these are the versions that the forum tells the world. It's not an uncommon practice to falsify these headers to throw off bots. The lack of https is real though.

[ed. All this stuff is slated for upgrade before the end of the year. v/r,dr]
 
Last edited by a moderator:
It happened to me this morning. I realized it was a scam when it asked me for my ID and password, when my Mac is setup to open the forum already logged in.
 
I had something a little different happen. A couple of weeks ago I was foolish enough to reply to a wanted to buy add here. My stupidity was that I posted my email address and phone number in my reply instead of Using a private message or an email response. Several hours later I realized my mistake and went and edited those items out of my reply. However by then the damage was done. Now I get about 20 phone calls a day from scam artists. Most of them claim to be representatives of this bank or that bank. They will claim that either my credit card or my checking account is overdrawn and that I need to make a payment immediately. Of course then they try to pump me for personal financial details. I could just block the phone numbers but they have multiple phone numbers so they'll just switch numbers. I simply added them to my address book and listed them as scammer one scammer two and so on.

Charlie
 
Phishing

Charlie, the same think happened to me. I accidentally posted by email address rather than the PM I intended to send. Within an hour a got an email asking if I wanted to send a check or pay with Paypal to hotmail account.
 
Van's fake phishing?? Is this the one where they say that the demo flight is totally free, but somehow your wallet becomes $30k (or $100k) lighter?

I know this one, and I didn't even get a free flight from the factory ;-)

"[ED. Spammers are very clever. Treat every email carefully please. v/r,dr]"

Yes, they are VERY clever!

Build on!
 
Ditto....Got one also....Anybody caught doing this should be banned from anything electronic, including their coffee pot.
 
Back
Top