EDIT: Apologies for alarmist thread title; initially thought that my site was hacked but it does not actually appear to be compromised.
TL;DR Problem: Someone has created 1300 customer accounts on my store using Russian email addresses and the automated customer registration thank you emails being sent to those Russian email addresses contains a spam/virus link. This spam-link automated email is only being sent to the customer accounts made with Russian emails and is not being sent to my real customers (at least, as far as I know).
Reward: $305 rep (100% of my rep) to anyone who can educate me on what might be happening and how to get rid of whoever is making the Russian-email customer accounts.
Ten minutes ago, I received a strange email in Russian from someone responding to an automated "Thank you for registering at [WebstoreName]" email that is sent out when anyone registers on my BigCommerce store.
I copy/pasted the Russian email text into Google Translate and the person had replied, "Look for fools elsewhere. And the money stolen from people will not bring you good" (This is Google Translate, so might be kind of rough)
I scrolled down to see the original email that he was replying to (the automated one sent from my site upon registration) and it read in Russian (Google Translated below):
Thanks for registering at [Webstore Name]!
Hi Hello! We have been waiting for you for a long time! We invite you to take a survey and get paid! ONLY TODAY by the link (spam/possible virus link here)
Thank you,
After reading this, I logged into the store and found almost 1300 customer accounts have been created since January 13, all with Russian names and email addresses with the last account created 20 minutes ago. It is totally possible for someone to do this without having access to the admin (just by entering email addresses and passwords, there are no order attempts from any of the Russian accounts), but I cannot figure out how they could be sending automated emails to customer accounts. I have checked the store logs and the only admin logins all match my IP addresses.
I also just checked my HTML email templates in the back end and none have been updated since December 28, 2017.
The site is secured by dedicated SSL but beyond this, I have little experience in store security. 100% of my rep points to anyone who can point me in a direction that will correct this issue.
Thanks!
TL;DR Problem: Someone has created 1300 customer accounts on my store using Russian email addresses and the automated customer registration thank you emails being sent to those Russian email addresses contains a spam/virus link. This spam-link automated email is only being sent to the customer accounts made with Russian emails and is not being sent to my real customers (at least, as far as I know).
Reward: $305 rep (100% of my rep) to anyone who can educate me on what might be happening and how to get rid of whoever is making the Russian-email customer accounts.
Ten minutes ago, I received a strange email in Russian from someone responding to an automated "Thank you for registering at [WebstoreName]" email that is sent out when anyone registers on my BigCommerce store.
I copy/pasted the Russian email text into Google Translate and the person had replied, "Look for fools elsewhere. And the money stolen from people will not bring you good" (This is Google Translate, so might be kind of rough)
I scrolled down to see the original email that he was replying to (the automated one sent from my site upon registration) and it read in Russian (Google Translated below):
Thanks for registering at [Webstore Name]!
Hi Hello! We have been waiting for you for a long time! We invite you to take a survey and get paid! ONLY TODAY by the link (spam/possible virus link here)
Thank you,
After reading this, I logged into the store and found almost 1300 customer accounts have been created since January 13, all with Russian names and email addresses with the last account created 20 minutes ago. It is totally possible for someone to do this without having access to the admin (just by entering email addresses and passwords, there are no order attempts from any of the Russian accounts), but I cannot figure out how they could be sending automated emails to customer accounts. I have checked the store logs and the only admin logins all match my IP addresses.
I also just checked my HTML email templates in the back end and none have been updated since December 28, 2017.
The site is secured by dedicated SSL but beyond this, I have little experience in store security. 100% of my rep points to anyone who can point me in a direction that will correct this issue.
Thanks!
Dislike ads? Remove them and support the forum:
Subscribe to Fastlane Insiders.
Last edited: