scam when emailing Silversea.

[gofish]

Got response from email I sent to Silversea. It looked legit so i called the phone number. i had embarkation question and the Indian voice requested my information. When he requested credit card information i said no and he said we cannot go farther without info. He hung up. Their scam number 800 772 9955 the real number 800 722 9955.

I am very surprised it was a reply to an email I sent to Silversea.

 

Copy of email below

 

<guestrelations@silversea.com>

Good Day,

 

I hope all is going well with you today and thank you for your correspondence to Guest Relations. Please be advised this is a post-cruise department and is unable to assist with your request. For assistance with your inquiry please contact your travel professional or our reservations department at +1-800-772-9955, thank you!

 

Best Regards,

 

Guest Relations Team

Silversea Cruises

1050 Caribbean Way, 5^th Floor, Miami, FL  33132

guestrelations@silversea.com| Silversea.com

 

 

 

From: tom dont <tom   @gmail.com>
Sent: Wednesday, August 30, 2023 7:50 PM
To: Guest Relations <guestrelations@Silversea.com>
Subject: [EXTERNAL] arrival

 

EXTERNAL EMAIL CAUTION: Use caution opening attachments or clicking links.

 

We are booked on Muse Oct 9 in Yokohama.

The ship overnights at the pier.

Can we arrive at the port between 7 and 8 pm for embarkation.

Do we need any special arrangements.

 

Thanks

Tom

[canderson]

Are you familiar with how to display the full header of that email?  Might tell a lot about the actual source, if not SS.

 

Could also be that someone just fat fingered the phone number, though one would think they'd have it right on a cut-and-paste response like that.

[pavementends]

19 hours ago, gofish said:

Got response from email I sent to Silversea. It looked legit so i called the phone number.

 

So you are saying that an email to a Silversea address somehow got intercepted??

[gofish]

Yes my email to  Silversea got answered by a scammer.

when i went back to look at the emails there is a message at the very top of the response that says

"RE: [EXTERNAL] arrival" .

I had never seen that before and i just ignored it.

Also near the bottom there is a colored message i also ignored.

EXTERNAL EMAIL CAUTION: Use caution opening attachments or clicking links.   My original email to Silversea triggered an automatic response that they would get back to me within 2 weeks. A half hour later I get the scammer response and I am happy for such a quick answer.

[canderson]

46 minutes ago, gofish said:

Yes my email to  Silversea got answered by a scammer.

I still think we would benefit by seeing the content of your message header.

[drron29]

Being of a suspicious mind I think it might be linked to this incident -

https://boards.cruisecritic.co.uk/topic/2927066-another-data-breach-mysilversea-reveals-random-peoples-details-and-different-each-time-i-log-in/page/4/

[SWFLAOK]

We are on a long upcoming Silversea cruise. When I try to logon to mysilversea (which I've done many times before), I'm often directed to a site that is not Silversea. It has something other than Silversea in the website name. Sometimes it happens and sometimes it doesn't depending on my device. I always double check the website name before I continue.

 

[canderson]

3 hours ago, SWFLAOK said:

We are on a long upcoming Silversea cruise. When I try to logon to mysilversea (which I've done many times before), I'm often directed to a site that is not Silversea. It has something other than Silversea in the website name. Sometimes it happens and sometimes it doesn't depending on my device. I always double check the website name before I continue.

 

https://www.silversea.com/my-silversea.html ???

 

[frankhi]

It's probably your email that is compromised.... change your PW

[les37b]

I had one of those dodgy emails claiming my computer had been hacked and all my contacts known and they would be forwarding my porn site history and web cam footage they’d captured of me. Seem this nonsense lots of times, but this one was different. The claims were still complete BS, but it was the fact it was sent to my email address and FROM my email address. I couldn’t work out how that could be faked, especially as it WAS showing in my sent folder.

 

Got to the bottom in the end and the headers revealed the IP address was from Medelin.

 

I use google mail as my catch all account. I have a personal domain I use and I can send or receive inside this account. However, there was a password breach - but it was with the domain host and simply changing the password with their webmail which was what they used blocked it off.

 

Took ages to work out how they did it, but as always, there is an explanation. Needless to say, no funds were transferred to a banned word digital currency as per instruction, or contacts contacted and their ability to post from my domain blocked off.

 

As to the OP, as suggested, check the headers and change your passwords. I recommend using something like Bitwarden to manage them and enable you to use full strength passwords without needing to remember them.