NFAS VIP membership.... Spam/phishing?

[Riceburner]

I seem to have received an email purporting to be from the NFAS offering a 'VIP Lifetime Membership offer' for (and I quote) 100£* - but only payable in Amazon Vouchers.

I am going to assume that is is a phishing/spam email of some sort unless someone can officially confirm differently??

* Who, in the UK, is going to write a value as "100£" ??


If it IS genuine... then someone at NFAS needs to do some serious research on how to write successful marketing emails.

 

[wully]

Got to be Spam.... ‘Amazon vouchers’ yeah, right.

 

[Timid Toad]

Interesting to see if it's only gone to NFAS members...

 

[bobnewboy]

See the NFAS homepage : Here

 

[bownarra]

Aye I got one of those emails....certainly looks dodgy to me....amazon voucher....ummm

 

[dvd8n]

Asking to be paid in Amazon vouchers or Apple vouchers or similar is a red flag for a scam.

 

[Timid Toad]

So it looks like the NFAS have had a data security breach and your details have been compromised, hence the scam emails. They've followed process to secure things at their end, but haven't reminded you all to change passwords, be on the lookout for phishing, scams etc.

 

[malbro]

From their response on the web site it doesnt appear they even know how it happened and that is worrying.

 

[dvd8n]

If what they are saying is true, ie that people have received emails at addresses not stored in the NFAS database, then it's unlikely to be a NFAS data breach.

The sad truth is that simple data like email addresses and hobbies/interests is easily harvestable these days, especially if you are active on social media, and you just need to be alert.

 

[Geophys2]

Just received the phishing email for the second time, apparently this was my last chance to apply for VIP Lifetime membership! Anyone got some spare Amazon vouchers.

 

[Geophys2]

I'm not sure I'm convinced that the NFAS hasn't had a security breach somewhere. I have checked and none of my non-NFAS archer friends have had the email, but NFAS friends from various parts of the country have had it, many of whom, like me, are not on any of the social media platforms. Curious.

 

[malbro]

I have had two last chance emails

 

[Timid Toad]

If the NFAS have informed the Information Commissioner, they definitely have had a breach. They won't release details of what but they should have informed you and given you advice.

 

[Geophys2]

Checked today and none of our newer members, that joined over the last year, have had the eMail.

 

[Timid Toad]

Yes, the theft could have been over a year ago with nothing happening with the data in that time before it's sold on.

 

[4d4m]

This "breach" need not have been someone hacking into the database. Examples of data breaches could be: an exported excel file of email addresses being sent to the wrong recipient or left on an unencrypted server, a printout being put in regular waste and not shredded, or details being incorrectly given to a telephone caller.

I joined 2 years ago and I got the email. So given the report from Geophys2 it suggests that a member list between 1 and 2 years old was the source.

 

[Riceburner]

This "breach" need not have been someone hacking into the database. Examples of data breaches could be: an exported excel file of email addresses being sent to the wrong recipient or left on an unencrypted server, a printout being put in regular waste and not shredded, or details being incorrectly given to a telephone caller.

I joined 2 years ago and I got the email. So given the report from Geophys2 it suggests that a member list between 1 and 2 years old was the source.

Yup - that makes a lot of sense.

 

[Geophys2]

Apparently my last time "last chance" was a bit premature, I've received the spam for the third time, as have a lot of my club mates. Must give them credit for persistence.

 

[TJ Mason]

The likelihood of it being anything other than hacking of the site is very low. It could be something like the hacking of a committee member's email, but it's far more likely that they've left FTP enabled.

 

[Geophys2]

I've got de ja vu all over again! Just received another invite to take out NFAS life membership again. Obviously they worked out that the Amazon voucher request made us all a bit suspicious, so that is not the payment method this time around. Apparently NFAS needs Neosurf vouchers now!

At least they didn't tell me it was my last chance this time.

At 71 years old £100 may not represent the best value for money life membership anyway!