Trojan at Naville Numismatics site?

Discussion in 'Ancient Coins' started by Roman Collector, Sep 24, 2020.

  1. Roman Collector

    Roman Collector Supporter! Supporter

    A month ago or so, when I tried to access the Naville website, my virus-protection software flagged a warning about malware at the site designed to harvest my data.

    Today I received an e-mail (it was sent to my spam folder) supposedly from a non-profit cybersecurity agency warning me the Naville site was infected with a Trojan that harvested data and suggested I not go to Naville's site and that I change my passwords elsewhere.

    Is this a real issue, or is it a disinformation campaign to ruin Naville's business?
    If real, has the issue been resolved?
    Did anyone else get such a warning in their e-mail?
    What should customers of Naville do?
     
    dlhill132 and Curtisimo like this.
  2. Avatar

    Guest User Guest



    to hide this ad.
  3. Cucumbor

    Cucumbor Dombes collector Supporter

    I visited their website yesterday for quite a time, browsing their next auction, with no apparent issue, so far

    Q
     
  4. AncientJoe

    AncientJoe Supporter! Supporter

    Could you send me a message of a screenshot of the email without clicking any of its links? That sounds extremely fishy to me (I work in the cybersecurity industry).
     
    Orfew, Curtisimo, red_spork and 4 others like this.
  5. Roman Collector

    Roman Collector Supporter! Supporter

    It sounded fishy, so I deleted it.
     
    ominus1 likes this.
  6. Rick Stachowski

    Rick Stachowski Well-Known Member

    I'd run a free malware program ..
    Never know what happened, or who spying, on your computer now .

    Malewarebytes is the best, I know of ..
     
    Kentucky and Orfew like this.
  7. Mr.Q

    Mr.Q Well-Known Member

    If I don't know I don't go!
     
  8. juris klavins

    juris klavins Well-Known Member

    Good advice - once you've opened an e-mail from an unknown sender (opening and reading the e-mail is harmless, but the links are where the dangers lie), you can click on the upper left (down arrow beside the 'to me' in gmail) for further details about the sender - it looks like this:

    from:Coin Talk <noreply+feedproxy@google.com>reply-to:Coin Talk <***@gmail.com>
    to:***@gmail.com
    date:Sep 24, 2020, 9:49 AMsubject:CoinTalk Update - 19 New Topicsmailed-by:feedburner.bounces.google.comsigned-by:google.comsecurity:[​IMG] Standard encryption (TLS) Learn more[​IMG]:Important according to Google magic.

    This info can give you a good idea if the sender is legit or a spammer/bot - be safe online! ;)
     
  9. Kiaora

    Kiaora Member

    Naville spam.png
    I received the same mail, screenshot attached
     
    Curtisimo likes this.
  10. pprp

    pprp Well-Known Member

    Which antivirus are you using? It sounds like the data collected from the quarantine is shared with 3rd parties which can then spam you. It would be worth to check the software license agreement and try to remember if you registered the product using your email address
     
  11. AncientJoe

    AncientJoe Supporter! Supporter

    That looks highly suspicious and certainly isn't from any legitimate security company. It's possible that there's been a credential breach which allows your email address to be associated with Naville Numismatics as otherwise it would be very challenging to spot the association.

    If you wouldn't mind forwarding the original email to my username at gmail.com, I'd like to take a look at the header information to see where it originated. A search through my company's monitoring database hasn't found anything related to Naville but we certainly won't spot everything as the "dark web" is vast.
     
    FrizzyAntoine, red_spork and Orfew like this.
  12. acsearch.info

    acsearch.info Member

    Either your virus detection software was right and there was malware on Naville's website collecting your data, or their database was compromised. Whether this is a pishing email or not, the fact that they are able to link your email address to Naville's website is a clear warning. You should reset your password on Naville's website (and anywhere else you use the same password) for security reasons. Make sure to choose a random password for Naville that you don't use anywhere else, just in case the breach still exists.
     
    Last edited: Sep 24, 2020
    Ryro likes this.
  13. Iepto

    Iepto Member

    I would suspect that Naville had some database breach of some sort.
    FWIW they weren't using HTTPs a couple of months ago for their login/registration, which made them quite vulnerable to a lot of attacks (I avoided registering an account and bid through numisbids as a result)
     
    fomovore likes this.
  14. AncientJoe

    AncientJoe Supporter! Supporter

    Thanks to the member who forwarded the email on. It is not from a legitimate security company and was instead sent through a common dark web source. Oddly, it's also not a phishing email itself and instead does indeed appear to be just some Good Samaritan monitoring the dark web to notify people of possible data breaches.

    I've reached out to Naville directly and in the meantime, I would advise everyone to change their password and if you've reused the same password elsewhere, to change those websites as well.
     
    Iepto, acsearch.info, thejewk and 5 others like this.
Draft saved Draft deleted

Share This Page