Scorptec Scam Email: Coincidence or Compromised?

LMarek77 on 28/04/2023 - 09:45
Last edited 28/04/2023 - 09:54

Last night I received this scam email

For context:
I have never had an account with Scorptec in the past, but i had subscribed to email list only.
I have never purchased from Scorptec in the past.
I have never received any similar email scams from Scorptec in the past.

On Saturday 22nd April, i registered for an account so that i could get a quote for a purchase.
On Wednesday 26th i made an order which i paid for instantly.

Is it a coincidence that i received this scam email which lines up really well with placing an order or do you think that Scorptec is compromised in some way?

I would love your thoughts

EDIT:
I actually thought i would follow the suggestion below and contact Scorptec but it seems they are aware of the scam email
https://www.scorptec.com.au/announcements

Computing

Related Stores

Scorptec Computers
Scorptec Computers

Comments

  • Hybroid on 28/04/2023 - 09:46
    -1

    Scorptec are not sending you e-mails from: [email protected] so they are not compromised.

    It's possible their database has leaked though or just entire coincidence. Have you let them know to check their security?

    • Marek77 on 28/04/2023 - 09:50

      yeah i know its a scam, its the timing of the scam email which concerns me

  • FoxJump on 28/04/2023 - 09:47

    wow. instaspam.

  • burningrage on 28/04/2023 - 10:30
    +1

    The timing is very very suspicious. It somehow mirrors the conveyancing scam when somehow they just know when the next progress payment is due and the scam email came in asking for payment.

  • ode1online on 28/04/2023 - 10:36
    +2

    Someone complained to them via Twitter earlier in the month, they are aware of it. But not sure what they are doing about it.

    https://twitter.com/thefarseeker/status/1645532339559337986?…

    • ninohax on 28/04/2023 - 18:52
      +1

      Doing pretty much nothing. I just placed an order couple of days back and instantly got spammed with emails.

  • MS Paint on 28/04/2023 - 10:45

    scopatec.com is pretty close to scorptec.com.au

  • randomusername2017 on 28/04/2023 - 11:13

    More likely your email account is compromised.

    • burningrage on 28/04/2023 - 11:20

      But the thing is, they must have got quite a few from customers hence why the announcements. if it is isolated, then maybe you are right.

      • randomusername2017 on 28/04/2023 - 11:50

        Had already seen the scorptec bulletin… OPs example looked different.

        Interesting to see what transpires.

    • Marek77 on 28/04/2023 - 11:50

      I also placed two orders with PCCG.

      If my email was compromised then that would be another phishing opportunity, but nothing as yet.

      • burningrage on 28/04/2023 - 13:56
        +1

        I am sure it's them, not you. They just need to come out clean. Maybe scared of bad publicity of another Optus/Medibank.

  • Marek77 on 28/04/2023 - 13:57
    +10

    Received the following response from my email to them this morning:

    Good Afternoon Marek,

    Thanks for reaching out to us, we are aware of this event and we are in the process of emailing our customers that have been impacted, please find our official statement below. You may receive a duplication of this email as our emails are going out in batches, but thought it best to email this through to you now.

    I’m reaching out with you to provide an update on the events that took place over the Easter and ANZAC public holiday break, and the progress we have since made to resolve this issue.

    What happened:

    Between 4th April to 10th April 2023 and 20th April to 27th April 2023, our web security and protection systems detected limited activity on the Scorptec website which was consistent with a cyber-breach.

    This breach may have affected individuals who placed online orders during the above dates when selecting Visa, Mastercard, Amex or Paypal as a payment method.

    To our understanding, the compromised data was limited to only:
    1. Name
    2. Email address

    With our on-going investigation, we confirmed that our back-end database and systems remained secure and were inaccessible.

    Those whose emails may have been compromised would likely then have received an email from a sender impersonating Scorptec but originating from the “@birthplanner.me”, “@vacaytor.com”, “@isbmedu.com”, “@dandotattoos.com” or “scopatec.com” email domains, prompting users to confirm their payment details and requesting they follow an external link.

    This email was NOT from us and should be ignored and deleted immediately if received. Do not open this email, and do not follow any links or directives contained within.

    What we are doing:

    We are currently in the process of contacting all affected individuals and are conducting a comprehensive investigation with the support of two independent cyber security consultancy firms.

    We have deployed additional security measures across our network and will continue to work with independent experts in the coming weeks to ensure all necessary steps are taken to further protect user data.

    We have also reported the five previously listed domains to their registrars, and we are in the process of reporting the incident to business.gov.au and Office of the Australian Information Commissioner.

    What you can do:

    Be alert for any phishing scams that may be sent via email. You should always verify the sender of any communications you receive to ensure they are legitimate.

    If you have followed any link and entered any details, then please contact your financial institution and report this immediately to ensure that any of your account details are not compromised.

    As a precaution, we recommend you change all your passwords and pin numbers to protect yourself further.

    If you want to speak with someone, you can contact us during business hours at 1300 726 770 or via the website here.

    How we will communicate:

    We will continue to keep you updated via email, along with posts to the announcements page on our website.

    As Scorptec’s Director, I want to apologise for any impact this incident may have caused. Scorptec has always maintained that customer data and their privacy is a top priority and take such matters very seriously. I wish to assure you we’re doing everything we can to prevent this from ever happening again.

    Thank you to everyone for reaching out and letting us know about this incident, your support is greatly appreciated.

    William Kartawidjaja
    Director
    Scorptec Computers

Login or Join to leave a comment
Login Join