Welcome, Guest
Username: Password: Remember me
1. The "search..." box above searches the Docs & Forum Posts. The "Search" tab above just searches the Forum Posts. :side:
Please use these to search for your issue *before* creating a new message topic, as your issue may have been previously solved.
2. Please put your Club # and Club Web Address in your Forum Signature (best) OR in each post to get faster support from us.
Click here to edit your signature at the bottom of the Profile Information tab.
3. Our user and admin docs are available at: support.toastmastersclubs.org/doc "There's a doc for that!" ;)
4. There is an "Opt In" Feature for newly added members. The Opt In document explains the strikethrough member information. Click Here to View the Post
5. When posting a New Topic , please include all relevant details and be specific. When did your issue 1st occur? What operating system, browser, & browser version are you using? Did you refresh your browser cache? Are your cookies enabled? Lastly, a screen shot is often helpful.
6. Please abide by the Terms of Use . We are volunteers contributing our spare time. We are happy to assist you, so long as you are respectful and courteous.
7. We are always looking for new FreeToastHost Ambassadors to join our team and support fellow Toastmasters in their use of the FreeToastHost website system. If you are familiar with the system and have some interest, send a Send Us a Private Message.
  • Page:
  • 1

TOPIC:

FTH email spam? 1 year 3 months ago #91281

  • Norm Thib
  • Norm Thib's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 12
  • Thank you received: 0
Hello FTH support folks and FTH community.
Note that I have not included FTH websites because this is a broader issue.
We have an active email scam problem going on in District 53 right now.  It started with some district officers getting an email supposedly from our District Director requesting them to purchase some $100 gift cards for a "secret incentive program."  A couple of our district officers fell for it and purchased gift cards, but the DAM (me) and Trio figured out it was a scam and warned everyone about it. Now it seems to have leaked down to the club level with some club officers getting an identical email supposedly from their club president via their FTH forwarders.  We are still investigating, but so far it appears that only district and/or club officers are being impacted.  We are working to communicate an urgent warning to all our members and also to determine the extent of the breach.  We are seeking to inform the FTH support team and also wondering if any other districts are seeing any similar email scam activity.  We'll update this post once more is known. Samples of the scam email and other info can be provided to the FTH support folks if wanted.  It's important to note that, although many clubs in D53 use FTH, the district itself does not use it for our website.  Feedback can be added to this post or sent to me directly at This email address is being protected from spambots. You need JavaScript enabled to view it. all.
Norm Thibodeau, DTM, PMP
VPE Club 1389 (uhg.toastmastersclubs.org/)
VPE Club 6976 (airlinetrail.toastmastersclubs.org/)
VPE Club 7783323 (neat53.toastmastersclubs.org/)
This email address is being protected from spambots. You need JavaScript enabled to view it.
Last edit: by Brian.
The topic has been locked.

FTH Hacked? 1 year 3 months ago #91284

  • Brian
  • Brian's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 12015
  • Thank you received: 3948
We will need all the email addresses involved.

Full internet headers will help us identify the source servers.

Thank you,

Brian McDonald DTM, PDD D61
FTH Lead Technical Support
member Cataraqui Valley Toastmaster 9560
The topic has been locked.

FTH Hacked? 1 year 3 months ago #91293

  • Pam
  • Pam's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 3752
  • Thank you received: 1089
The exact same thing is happening in D69 today.  It doesn't seem to originate with FTH here, but I have blacklisted the email address on FTH (This email address is being protected from spambots. You need JavaScript enabled to view it.).  

Here is the header: (I've replaced my username with xxx)

Return-Path: <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Delivered-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Received: from exhprddir105 ([10.216.164.7])
    by claprdmst114 with LMTP
    id KJooOBZD+WRGJAAA7oXDsg:P1
    (envelope-from <This email address is being protected from spambots. You need JavaScript enabled to view it.>)
    for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Thu, 07 Sep 2023 13:27:18 +1000
Received: from exhprdmxe05 ([10.216.164.7])
    by exhprddir105 with LMTP
    id KJooOBZD+WRGJAAA7oXDsg
    (envelope-from <This email address is being protected from spambots. You need JavaScript enabled to view it.>)
    for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Thu, 07 Sep 2023 13:27:18 +1000
Received: from mail-lj1-f178.google.com ([209.85.208.178])
     by exhprdmxe05 with esmtp
    (envelope-from <This email address is being protected from spambots. You need JavaScript enabled to view it.>)
    id 1qe5fq-00073G-2Q
    for This email address is being protected from spambots. You need JavaScript enabled to view it.;
    Thu, 07 Sep 2023 13:27:18 +1000
Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2bd3f629c76so9127091fa.0
        for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Wed, 06 Sep 2023 20:27:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1694057235; x=1694662035; darn=bigpond.com;
        h=to:subject:message-id:date:from:references:in-reply-to:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=q2+CThIs7Hit5vyfmUeu/KsNzEH7X1+pbiE1BsflLC4=;
        b=bP+Jd4ceSL9w6yDK6AC5UmVPPn2zEK5sZmsvIGCFP0UowUWELRVl9GFRrukgsYSL6B
         P/1G2wuePBB1AMjDfm9SsF+QzxjajGnblMr4IziMf4Ee7vntewtd79koE3io0mW+MNVw
         egvAKhYMHJrlJeUaFDZBv3UrnPOaJ9IuOZgw/7j+OHOZni+CHIjYV/xwOU//g6/0Lm3S
         1UFmU7YTgdnbEgfZWXs9jG+yLrz69rgbkIHDyri2kEpLlxahvy8C7zVrfBx5uZoxTPU4
         JBru/8w70oTRAG61vTAmNHBwNaG18Yvo1pIE/cHz6z/VpBvSt7aNOPMHVPTkEISMxKSn
         2gvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1694057235; x=1694662035;
        h=to:subject:message-id:date:from:references:in-reply-to:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=q2+CThIs7Hit5vyfmUeu/KsNzEH7X1+pbiE1BsflLC4=;
        b=GehC+TemIXPdc3Sq6WW6tZaA+aGp8vyWzqdCj2SRqchfQhSfcoYXFGUABhsCjKkki4
         mmZYW1fAlJNT0Vfkszd9BxFxGnLcoUBHpKWb8PEcDZBZTs0GTuL7+Ye24j2j2P6ehO92
         9YgZ+IpyNLEfAXBU+TcbjWP+fgTLj93BpVL3Uw5382nPxdlDKYOyEJoJEyDzN+bkv/L9
         jvGgiivbFi5TxGKxDAHmODqiiO1X8mjWip6igd7017/2ZxFodW8k1XTdH0wVMf7FQe61
         eArh9xMsdYmfPH67r0NTMsQ6Wtjj/+1Vom/qQMiBHCytyG+sdA4o0if4T2Iz5r8GFsm5
         8f2w==
X-Gm-Message-State: AOJu0YwNZicAZ0/UaACvIRk1JC2Bgqa1lr7rXM/Og8l6n0ZJNhJ4WqoN
    xoaoU2ThbtV2om9Ml5nM+Gk0DaDhy+COfcp8CAHfgHsps6wJjQ==
X-Google-Smtp-Source: AGHT+IET/tsgsmcP1JjJcL8Fsv3TVyu7KZkW/S5caU4tMT3aQnzc6NSTJgvb/iimU5WvFM5QkieFuzjsVUO3RWi0Crc=
X-Received: by 2002:a2e:96d9:0:b0:2bc:c3c0:a997 with SMTP id
 d25-20020a2e96d9000000b002bcc3c0a997mr3702988ljj.38.1694057235347; Wed, 06
 Sep 2023 20:27:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:651c:1024:b0:2b9:bad6:66a with HTTP; Wed, 6 Sep 2023
 20:27:14 -0700 (PDT)
In-Reply-To: <004c01d9e124$583b16c0$08b14440$@bigpond.com>
References: <CAJ9bX9+L110cttGCZ6A4kTFBobE0r436Az+Eun9OLxHFZ-dPzQ@mail.gmail.com>
 <003601d9e11f$51652840$f42f78c0$@bigpond.com> <This email address is being protected from spambots. You need JavaScript enabled to view it.>
 <004c01d9e124$583b16c0$08b14440$@bigpond.com>
From: Denise Buckby <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Wed, 6 Sep 2023 20:27:14 -0700
Message-ID: <CAJ9bX9JkFOQaPTKheO2OH8G7tH981pmDwkE2WkfC8Jd==0-KWw@mail.gmail.com>
Subject: Toastmasters D69
To: xxxxxx <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Content-Type: multipart/alternative; boundary="000000000000bdfd3f0604bc6fbe"
X-tce-ares-id: i{a4d8dfd1-3630-43df-971b-9f5427960556}1
X-tce-spam-action: no action
X-tce-spam-score: 0.0
X-tce-spam-report: Action: no action
X-Cm-Analysis: v=2.4 cv=aKs265xm c=1 sm=1 tr=0 ts=64f94316 cx=a_idp_nop a=4Z7bLzRdO3NTdMHb7ZukIA==:117 a=zNV7Rl7Rt7sA:10 a=x7bEGLp0ZPQA:10 a=ixW7G_Bc7fEA:10 a=ljGsvmn9pW5otRe-nwUA:9 a=QEXdDO2ut3YA:10 a=zgiPjhLxNE0A:10 a=2p8w7ogSsuD7ky5XoeQA:9 a=wwAePvBONnjDQaqHVNx2:22 a=xktG2lVQBmeq-0Z_gg-f:22 a=OpbFwHzBB_NAIXhOV6bD:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=UDnyf2zBuKT2w-IlGP_r:22
X-Cm-Envelope: MS4xfK2xztNLj6TulLQHSg97M0cdup1JoBhjiDHPK0oA3wupsQO6EELqF7OLlVnOZXXXKnQXDcr5IZpaT0/RvFzb4OtJIcY6zWP9ZmXPjtpZ413SEl9O7ZVc P47tTyTwu2spD5E0XRESH3YYLhfgA5cJiq1MlhZYMGz8mmEfq16QA8LOr4mG9YR1zed8MKjqAPA3Dg==
X-tce-route: accept

Pam Holley, DTM
FreeToastHost Ambassador
Redlands Toastmasters Club, President 2024-2025 redlands.toastmastersclubs.org/
HOT, IPP 2024-2025 hot.toastmastersclubs.org
The topic has been locked.

FTH Hacked? 1 year 3 months ago #91296

  • Norm Thib
  • Norm Thib's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 12
  • Thank you received: 0
Hi Brian. When you say, "We will need all the email addresses involved.", do you mean all the email addresses the messages went to, where they came from, or both? We are compiling that info, but it's still evolving. If you can tell he how to pull a full interned header from an email in Outlook, I can do that and post it here.
Norm Thibodeau, DTM, PMP
VPE Club 1389 (uhg.toastmastersclubs.org/)
VPE Club 6976 (airlinetrail.toastmastersclubs.org/)
VPE Club 7783323 (neat53.toastmastersclubs.org/)
This email address is being protected from spambots. You need JavaScript enabled to view it.
The topic has been locked.

FTH Hacked? 1 year 3 months ago #91297

  • SteveTheTechie
  • SteveTheTechie's Avatar
  • Offline
  • FreeToastHost Developer
  • FreeToastHost Developer
  • Posts: 13529
  • Thank you received: 3831
Regards,

Steve James, DTM
FreeToastHost System Developer
Officer Emeritus, Mindful Communicators (Club 1966, District 52) A President's Distinguished Club for each of the last 10 years.

>>> Please put your club number in your forum profile. CLICK here to edit your profile.
The topic has been locked.

FTH Hacked? 1 year 3 months ago #91298

  • Norm Thib
  • Norm Thib's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 12
  • Thank you received: 0
Here's the email header for the copy of this scam email that I received..

Received: from resimta-c1p-044827.sys.comcast.net ([96.102.18.162])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    by dovpxy-asa-07o.email.comcast.net with LMTPS
    id 2NnYEFZt72RuZQAA7yuOaA:T33
    (envelope-from <This email address is being protected from spambots. You need JavaScript enabled to view it.>)
    for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Wed, 30 Aug 2023 16:26:16 +0000
Received: from dovpxy-asa-07o.email.comcast.net ([96.102.18.162])
    by dovdir1-asb-06o.email.comcast.net with LMTP
    id 2NnYEFZt72RuZQAA7yuOaA:T33:P1
    (envelope-from <This email address is being protected from spambots. You need JavaScript enabled to view it.>)
    for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Wed, 30 Aug 2023 16:26:16 +0000
Received: by mail-oo1-xc36.google.com with SMTP id 006d021491bc7-573921661a6so1893172eaf.1
        for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Wed, 30 Aug 2023 09:26:16 -0700 (PDT)
Received: from mail-oo1-xc36.google.com ([IPv6:2607:f8b0:4864:20::c36])
    by resimta-c1p-044827.sys.comcast.net with ESMTP
    id bO0NqVY6JL2aUbO1IqoFI1; Wed, 30 Aug 2023 16:26:16 +0000
Received: from dovdir1-asb-06o.email.comcast.net ([96.102.18.162])
    by dovback1-asb-23o.email.comcast.net with LMTP
    id 2NnYEFZt72RuZQAA7yuOaA:T33:P1:P1
    (envelope-from <This email address is being protected from spambots. You need JavaScript enabled to view it.>)
    for <This email address is being protected from spambots. You need JavaScript enabled to view it.>; Wed, 30 Aug 2023 16:26:16 +0000
From: "Patti Walter" <This email address is being protected from spambots. You need JavaScript enabled to view it.>
To: <This email address is being protected from spambots. You need JavaScript enabled to view it.>
References: <This email address is being protected from spambots. You need JavaScript enabled to view it.> <6fe601d9db5d$f2775a90$d7660fb0$@comcast.net> <702b01d9db5e$8a959d50$9fc0d7f0$@comcast.net>
In-Reply-To: <702b01d9db5e$8a959d50$9fc0d7f0$@comcast.net>
Subject: Re: Toastmasters D53
Date: Wed, 30 Aug 2023 12:26:01 -0400
Message-ID: <CAJ9bX9KT1gseQtT5Gr31uBj2Q1-Od=4Wh9cOLP8LA7bW+=v_4A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_8F95_01D9DCAF.F43BAF40"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJQ4Lfx0tYLzCou/xBN8WUwqpCUTgJIo0KkAexSiTYCnVA+UAJWoYoV
X-CAA-SPAM: N00000
X-Xfinity-Message-Heuristics: IPv6:Y;TLS=1;SPF=1;DMARC=P
X-Comcast-SMTP-Spoor: gmail.com mail-oo1-xc36.google.com
Authentication-Results: resimta-c1p-044827.sys.comcast.net;
    dkim=pass header.d=gmail.com header.b=Ii7GrGt3
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1693412774; x=1694017574;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=odMdQQUMg0dDK94H8XQSY7PAjUlTEyb4N09xkF3H0KI=;
        b=RS0CVH7IRXx9kZs/D1ge8zJCcLgetyNYY5d7ghnu4XVJdeVA7XCctUrC9MCCEKctv/
         4gH6r63zzCMFLABIzeKoPPkJt/8n7jGAOBuna3bo76ZRYS090UQhpL9+sqQME5iVeVaV
         PuzDwlM0pbeAndYOOl1rl+BVKLjcgmtNXdN9sTSFzpzwDr55Ej/WF+GLE+xpWkFyglY4
         k//jj3Q8sXs98Bj24EZKz2RNn9nmeI0rtd9x+Ah6hzhz1pz0wmnES69tKPakIwJf812w
         B1lrcmrosp132nAnHp3GpU50xw++z4OcPgM0vYEBDzEju0AuxTxUTt3AENh+UWBrE5d0
         j08A==
X-Gm-Message-State: AOJu0YzjaaTSKWWwg9Z9mSkTtRpsQhYhkCvEbxMsL8l0A3DOwtLo3zcb
    6cdyuuW10CjaPL/4NuUP9InTFrba7PUwtF/k/y1kYIk72UmjWHDe
X-Google-Smtp-Source: AGHT+IGt7U7yd7iRUZyI0Ys1paFVGwaXZLmuMKo12iQx6KAq7qUskPKU1TqEixrJUc45rRSBUJpWUI1jEWgyVJfDZQY=
X-Received: by 2002:a4a:3906:0:b0:573:2312:b3 with SMTP id m6-20020a4a3906000000b00573231200b3mr2490756ooa.4.1693412774509;
 Wed, 30 Aug 2023 09:26:14 -0700 (PDT)
X-Authority-Analysis: v=2.4 cv=aaFyIDkt c=1 sm=1 tr=0 ts=64ef6da8
 cx=a_idp_d:c_cmc a=apO4Jz+JpkGLDAx5XOUz4Q==:617 a=xqWC_Br6kY4A:10
 a=UttIx32zK-AA:10 a=x7bEGLp0ZPQA:10 a=ixW7G_Bc7fEA:10
 a=fkM0ParRM7wskk_-ks0A:9 a=QEXdDO2ut3YA:10 a=zgiPjhLxNE0A:10
 a=rOybSG12uDXcgM4SwsQA:9 a=wwAePvBONnjDQaqHVNx2:22 a=7PlhcU7xGnINJ2miruxK:22
 
Norm Thibodeau, DTM, PMP
VPE Club 1389 (uhg.toastmastersclubs.org/)
VPE Club 6976 (airlinetrail.toastmastersclubs.org/)
VPE Club 7783323 (neat53.toastmastersclubs.org/)
This email address is being protected from spambots. You need JavaScript enabled to view it.
The topic has been locked.
  • Page:
  • 1
Moderators: Pamrhtaylor3jliumarc33NotLiabledeedubbleyooNSBPhyllis Kirouac
Time to create page: 0.065 seconds
Powered by Kunena Forum