• If you ever spot Spam (either in the forums, or received via forum direct message) please use the Report button at the bottom of each post to make sure a Moderator can handle it quickly. Thanks for your help in keeping things running smoothly!

Anyone else had an odd email today regarding a security breach at Absolute Sounds?

Paul Clarke

Well-known member
Oct 12, 2007
114
38
18,620
I've received a very concerning email this morning from a company purporting to be investigating Absolute Sounds for a breach of GDPR.
My immediate response was to dismiss it as spam or at worst phishing.
However, by biggest concern is the fact it has my user name and password recorded in the email.
I won't respond to the email nor click any links, but how they got my data is a worry.
Anyone else had this?
I'm going to ring them (AS), but also wanted to let people know here that something is not quite right.

Just to confirm, I'm not suggesting any impropriety on the part of AS.
 
Last edited:

12th Monkey

Well-known member
Aug 31, 2015
935
605
11,770
A private company shouldn't be doing the investigating - that falls under the ICO's remit. Unless they are being paid as part of some sort of legal challenge, but that's usually done after approaching the ICO, not before.

Change password and user name, and do so anywhere else where you use the same password, I'd suggest.

Thinking about it, whoever passed your details on to a third party is likely to be in breach of GDPR too - it seems strange to me.
 

Friesiansam

Well-known member
Feb 3, 2015
335
212
11,270
Assume it is spam, delete it and change your online passwords today. There may have been a breach of Absolute Sounds security and those responsible are now phishing.

Assume any such unsolicited email is spam and delete it. Scammers will try anything.
 
Last edited:
  • Like
Reactions: Paul Clarke

Paul Clarke

Well-known member
Oct 12, 2007
114
38
18,620
I think it is phishing, but it's the most detailed one I've ever received and certainly the first with all my personal details mentioned.
I think that's what has concerned me the most.
 

Gray

Well-known member
Nov 27, 2015
1,518
944
12,570
I agree that only the ICO would genuinely be investigating a data breach.

I've always customised my e-mail address by prefixing the '@' with something specifically identifiable to whoever I e-mail.
I always check incoming addresses to me.
A few years back I received junk / spam from someone using an address I can be 100% certain that I only gave to Sevenoaks.
I contacted Sevenoaks. They assured me they never pass e-mail addresses to any third party.
 
  • Like
Reactions: Paul Clarke

jjbomber

Well-known member
Dec 22, 2006
897
341
19,270
I've received a very concerning email this morning from a company purporting to be investigating Absolute Sounds for a breach of GDPR.
If you hover your mouse over the sender's email address in the inbox list it will tell you who it is from.

Emails are easy enough to scam. For example, if someone has a second hand item from Absolute Sounds for sale on Gumtree, it is easy enough to get the seller's listed email address.
 
  • Like
Reactions: Paul Clarke

Paul Clarke

Well-known member
Oct 12, 2007
114
38
18,620
If you hover your mouse over the sender's email address in the inbox list it will tell you who it is from.

Emails are easy enough to scam. For example, if someone has a second hand item from Absolute Sounds for sale on Gumtree, it is easy enough to get the seller's listed email address.
I'm usually pretty diligent with this stuff and can usually recognise dodgy emails. Hence my message here, just to ensure no one else had received the same.
As I mentioned, it's the first one that's included my user name, email address and probably most concerning, my password.
It's a good effort by the scammer!
 

nopiano

Well-known member
Feb 15, 2009
559
336
19,270
I’m on the AS mailing list and I’ve not had any alert from them or anyone representing them.
Perhaps give them a ring in the morning?
 
  • Like
Reactions: Paul Clarke

jjbomber

Well-known member
Dec 22, 2006
897
341
19,270
That is not reliable as the sender address can be spoofed but, mousing over to check any links is a good idea.
It's not very well worded either. Let's try again. Hover the mouse over the sender's name will give the email address, so check that out.

As an example, you get an email in your inbox from ''Congratulations'' with the heading 'You have won the What Hi-fi Competition'. Hover the mouse over 'Congratulations' and it may say admin@whathifii.com as the sender. That is a scam. You can tell by the spelling mistake; the ii at the end of hi-fi. So you know to report it as phishing and not open the email.

Hope that makes more sense.
 
Last edited:
  • Like
Reactions: Paul Clarke

Paul Clarke

Well-known member
Oct 12, 2007
114
38
18,620
I’m on the AS mailing list and I’ve not had any alert from them or anyone representing them.
Perhaps give them a ring in the morning?
Yeah. I rang them today and left a message. I'll try again tomorrow.
 

Friesiansam

Well-known member
Feb 3, 2015
335
212
11,270
It's not very well worded either. Let's try again. Hover the mouse over the sender's name will give the email address, so check that out.
Maybe it wasn't well worded but, my point still stands, the sender address can be and often is, spoofed so, is not a reliable guide to the origin of an email.

Whatever, if you have any doubt at all that an email is genuine, assume it is not. If it purports to be from a genuine source but, you are not sure, make direct contact with the indicated source and, do not click any links in the email. If that policy seems a bit over cautious, it is supposed to be, it could save you a lot of money and hassle.
 
  • Like
Reactions: Paul Clarke

Paul Clarke

Well-known member
Oct 12, 2007
114
38
18,620
So I assume it was a fake email?
Not on this occasion.

It seems it was an employee of a third party who had done some work on the website approx 5 years ago. For some reason they decided to hack in and email customers. The email I received was also aggressive towards AS, so perhaps some sort of grudge. They were able to access a small number of individual's personal data, but no banking details etc.

It's all sorted now, but a bit of a worry at the time.
 

ASK THE COMMUNITY

TRENDING THREADS

Latest posts