MitoQ spam email warning

[Andy]

If you receive an email from MitoQ which claims that they will give you a refund if you just click on a link in the email and fill out a form, don't click on anything in the email, it's spam.

I've had it confirmed by MitoQ, via their Facebook page, that it wasn't sent by them. The email does contain correct information identifying me so my guess is that MitoQ have been hacked. I've checked my recent card transactions and there is nothing suspicious there, so I'm assuming that card details haven't been compromised - the linked form is probably to try to get you to hand over the card details.

Moral of this story, other than MitoQ is expensive and doesn't cure you, is if something looks too good to be true, it normally is and so is worth checking.

 

[Tapanui 'Flu]

Thanks - yes I just got one too. It looked very convincing and contained all my correct details - order name, address etc - it just had some minor glitches with the English, and was offering my refund in Euros rather than in the NZD I paid. I didn't click the link, and I've forwarded my email to MitoQ's customer service address for their information. (They're probably not at work yet - it's a New Zealand company and it's still early morning here!)

 

[Tapanui 'Flu]

Glad to have received a warning email from MitoQ at 8.31am NZDT - a minute after their official opening time, so full points for being prompt! But MitoQ customers will now need to be on the watch for other scams no doubt heading our way - expect stuff by phone and mail, as well as by email, because they've got all our contact details and will probably sell the list to other scammers. (I had a call last night from the IT Department of a software company ringing urgently about my computer ... I hung up before he'd even finished the first sentence, but now wonder if this might be connected to the MitoQ data theft.)

 

[Adrian]

If they have been hacked and your personal information disclosed one thing to ask for is that they pay for credit checking services.

 

[Webdog]

If you look at the email header, the email actually originated from sendgrid.net. SendGrid doesn't have the best reputation for cracking down on spammers and phishing.

However, you can report these emails. The following link has instructions on how to report malicious emails to SendGrid.

https://sendgrid.com/report-spam/

ETA: I sent a report and got an automated reply that SendGrid is looking into it.

 

[Sing]

I got one. I was suspicious but clicked on the first link. When I saw they had my information but wanted me to fill out credit card details and—hurry, hurry, offer about to end—I stopped. I went to the website by regular means, questioned it but did not hear back.

It’s disturbing how vulnerable we are and how much predation is happening. I have half fallen into other trouble like this before and get spam and fraudulent telephone calls off and on. So far, major disaster hasn’t come.

Take care, everyone!

 

[Andy]

Received this today

Our technical team has identified & fixed the cause of the breach and are currently putting in additional levels of security and monitoring to ensure that this type of attack is not allowed to happen again.

We will be providing further updates once we hear more from our IT team. Please note we DO NOT store any credit card details or passwords on our system.

We sincerely apologize for any inconvenience or confusion these emails may have caused you!
Best, MitoQ

 

[Webdog]

Here's the email response I got from SendGrid after reporting the phishing email. SendGrid is where the emails originated from.

SendGrid closed the ticket, so I don't expect to hear further from them on this.

From: support @ sendgrid.zendesk.com

Feb 27, 10:16 MST

Hello,

Thank you for taking the time to report this phishing message to the SendGrid Compliance team. Reports like yours allow us to be aware of users who are not following our terms of service, and we greatly appreciate them so that we may take action on your behalf in order to ensure that our services are not being used for the sending of unsolicited, unwanted, or illegal email. Our automated safety and security measures had identified this user as sending malicious content, and we have suspended this user as it has been determined that they are experiencing a compromise of their systems, resulting in the sending of unauthorized mail. Some mail was able to be sent prior to this automatic action taking place, and I sincerely apologize for this malicious content reaching you. We are actively working with this user to help ensure that they do not fall victim to this again, and to ensure that their systems are no longer abused to send malicious content, and we will not be considering reactivation until we are confident that this issue has been fully resolved.

Thanks again for sending us this report, and please continue to do so in the future with other unsolicited messages you may receive from SendGrid so that we may work to keep our services free from this type of activity.

Kind regards,
SendGrid Compliance

 

[Andy]

Screenshot of an email from MitoQ that I received earlier today

 

[Andy]

Screenshot of a further email I received this morning. I'd suggest that even if you haven't received this email, check your recent credit card transactions.

 

[Luther Blissett]

I got one. I was suspicious but clicked on the first link. When I saw they had my information but wanted me to fill out credit card details and—hurry, hurry, offer about to end—I stopped. I went to the website by regular means, questioned it but did not hear back.

It’s disturbing how vulnerable we are and how much predation is happening. I have half fallen into other trouble like this before and get spam and fraudulent telephone calls off and on. So far, major disaster hasn’t come.

Take care, everyone!

Well avoided!

Never click on an email to fill in any kind of form.

Go to any site directly, and if a form is needed to be filled in it should be available on the site. If possible report the email as 'phishing', or failing that spam. The more reports the easier for the address to be added to blacklists and preventative measures, helping others avoid the trap.

Same for banks, utilities, basically anything that asks for personal information that the company should already know. This is also a common way to scam people by phone.

Doubt everything, and contact the company directly through official means.

Search the internet using words from a suspicious message and 'scam', and if it is a scam it will probably be documented.

Never act on impulse, stop and think like @Sing managed to do.

 

[Luther Blissett]

Urgh, sympathies for anyone going through this. Thanks for letting everyone know @Andy.

I would advise on changing passwords on the email account, and if there are MitoQ accounts, just in case.

If anyone if unsure or uncertain about what to do, I'm sure asking on the forum for help in any way will get answers and support. There are no 'dumb' questions.

If you feel embarrassed and don't want to post publicly, get in touch with somebody by PM. I'm happy to help and others will be too. Don't beat yourself up if you got caught. Millions do.

 

[Indigophoton]

This website https://haveibeenpwned.com keeps tabs on data breaches. You can be notified if your email address(es) and other info show up in the public domain as a result of future security breaches if you wish. You can also search to see what's already out there.

 

[Sid]

I know this is an old thread but I just wanted to say I also received this phishing email and although I did not click on the link or give the scammers any information, my contact details were clearly leaked from that website hack and I had to change my phone number (as I started receiving weird aggressive phishing phone calls that knew my name etc.) and cancel my card. The Spotify account linked to the same email address was hacked also and I caught unknown devices listening. As for the email address linked to that order, I'm still receiving extortion emails along the lines of "if you don't send x amount to x address we'll do this or that to you". I trace these events to this clown website being hacked. It's been stressful to say the least.

 

[Snowdrop]

I know this is an old thread but I just wanted to say I also received this phishing email and although I did not click on the link or give the scammers any information, my contact details were clearly leaked from that website hack and I had to change my phone number (as I started receiving weird aggressive phishing phone calls that knew my name etc.) and cancel my card. The Spotify account linked to the same email address was hacked also and I caught unknown devices listening. As for the email address linked to that order, I'm still receiving extortion emails along the lines of "if you don't send x amount to x address we'll do this or that to you". I trace these events to this clown website being hacked. It's been stressful to say the least.

@Sid

I'm sorry to hear this happened to you. It would be stressful to deal with. I expect that is everyone's worst online nightmare.

 

[Sid]

@Sid

I'm sorry to hear this happened to you. It would be stressful to deal with. I expect that is everyone's worst online nightmare.

Pretty much.