Anyone else receive a Phishing scam email made to look like it's from RCI?

[chef_christoph]

OK, I just found a really strange email in my inbox this morning. I've been trying to get to the bottom of it and I'm wondering if anyone else might have had a similar problem.

 

On my last cruise on Oasis (far too long ago) I signed up for email alerts from a well known Hotel chain and I used the computers on the ship to do it. I also signed up for a new free email account (gmail) to use to filter these emails and forward them to my main email address.

 

When I checked my emails this morning I noticed an email that looked like it had come from Royal Caribbean. The problem is that it was an email that had been forwarded from the free account I created while aboard Oasis for the purpose of filtering the ones from the hotel chain.

 

I typically uses a free email account to filter any email marketing offers that I sign up for and I always use a new free email address for each offer I sign up for.

 

So here's why I'm concerned...I have not accessed that free email account since my time aboard Oasis. I had no reason to. Like all my other addresses, once I setup the account and set it to forward the mail to my regular address I have no need to go back to that address again unless I want to disable the forwarding so I stop receiving the emails at my main address.

 

The fact that I setup the free email account while aboard Oasis and now I have received an email from that address that looks like a Phishing scam made to look like it came from Royal Caribbean makes me wonder about the security of the computer systems aboard Oasis and other RCI ships.

 

I guess I'm wondering if anyone else has received similar phishing emails that look like they are from RCI lately and if this is a widespread problem, or if it's possible that the particular computer I was using on Oasis had been compromised with some sort of Spyware or keyogging software?

[nydiana]

A major company Epsilon, that handles emailing for many large bank, hotels etc. had their database compromised. Here is an article from USA Today:

http://www.usatoday.com/tech/news/2011-04-12-epsilon-email-hackers-pfishing.htm

 

So perhaps RCI was another big company that uses Epsilon.

 

 

I received an email from a number of my banks. Since that time I have started receiving a lot of junk email. Here is an excerpt from one of the emails I received:

 

 

Chase has been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers and former customers. We sent a team to Epsilon to investigate and we are fully confident that the information accessed included some e-mail addresses, but did not include names, or any account or financial information. Because you are a former Chase customer, your e-mail address was in our database and may have been one of those accessed.

 

We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase's practice to request personal information by e-mail. . .

 

Diana

[chef_christoph]

Thanks Diana, I knew about the Epsilon issue, and I thought of that, but my problem is that RCI was never given the email address that this message was sent to.

 

The only connection to RCI that this email address has is that I signed up for the gmail account while aboard Oasis. There isn't a connection to me and RCI anywhere with this address.

 

This is why it is so suspicious to me that an email that looks like something from RCI came to me via this email address. This is puzzling and also worries me that there may have been some type of spyware on the computer I used on Oasis.

[wwcruisers]

Chef -- aside from the unusual delivery, what was it about this particular e-mail that made you think it was a phishing scam, disguised as an RC e-mail? I always associate phishing with an unsolicited and/or unauthorized request for personal/financial information. The only information requests I ever get from RC are surveys of past cruises. :confused:

[Sequim88]

It might not have even been related to any of the computers on the ship. All the ship data traffic goes via satellite connection to HQ in Miami where the wider internet connection resides. Probably via some sort of proxy server setup. The connection between the gmail account and RCI may have been made due to the IP address for the connection being registered to RCI. How or whay anyone (or program) would make use of that connection to pretend to be from RCI is another issue. Perhaps a trojan in their proxy server. Or, it may actually be RCI sending it and they harvested the email address from the stream. Relatively easy to do but would, IMHO, be a serious privacy violation.

[chef_christoph]

Chef -- aside from the unusual delivery, what was it about this particular e-mail that made you think it was a phishing scam, disguised as an RC e-mail? I always associate phishing with an unsolicited and/or unauthorized request for personal/financial information. The only information requests I ever get from RC are surveys of past cruises. :confused:

 

The body of the email contained a message wishing me well on my upcoming cruise and wanted me to follow a link for me to "confirm" the credit card billing details for my on board account.

 

Like you, I have never received any emails from RCI other than promotional material and past cruise satisfaction surveys and these have all been sent by RCI to the dedicated email address I use for them and not this new gmail account I set up on Oasis.

 

I did not follow the link so I didn't see where it would go but the fact that it was an unsolicited email asking for credit card details, the obvious spelling errors (although with RCI proofreading being what it is, that wasn't the deciding factor), and the address the message was sent to all added together makes me think it was a phishing scam.

[wwcruisers]

The body of the email contained a message wishing me well on my upcoming cruise and wanted me to follow a link for me to "confirm" the credit card billing details for my on board account.

 

Like you, I have never received any emails from RCI other than promotional material and past cruise satisfaction surveys and these have all been sent by RCI to the dedicated email address I use for them and not this new gmail account I set up on Oasis.

 

I did not follow the link so I didn't see where it would go but the fact that it was an unsolicited email asking for credit card details, the obvious spelling errors (although with RCI proofreading being what it is, that wasn't the deciding factor), and the address the message was sent to all added together makes me think it was a phishing scam.

 

Yep, that sounds "phishy" all right! :eek:

And Kudos to you for not opening that link! Have you contacted RC to report this? I'm sure that they'd like to know, so they can take the appropriate action to protect their customers from this scam.

[khm1]

Yep, that sounds "phishy" all right! :eek:

And Kudos to you for not opening that link! Have you contacted RC to report this? I'm sure that they'd like to know, so they can take the appropriate action to protect their customers from this scam.

 

Maybe there is an address that you could forward this email to RCL? I would ask for a phone # to their web services department or maybe even a number for security.

[Sequim88]

A good check I advise my user base to do when suspicious is to hover the cursor over the link and then read the URL displayed at the bottom of the browser window. If there is anything after the RCI or RoyalCaribbean part of the address beside .com it is a big tip off to trouble. Things in front of there are OK and any top level domain (TLD) besides com is also a bad sign. When my users come to me with a suspicious one I right click the link and copy the URL and check it out with WHOIS. Very often located in Russia or similar places with bad reputations.