Phishing emails sent to participants

Daniele_Binosi · April 2, 2024, 9:21am

Hello everyone,

While this may only be loosely related to Indico, I’ve decided to post it here in hopes that someone might have encountered a similar issue and could offer some insights or solutions.

For the past six months, we’ve been experiencing an issue where attendees registering for our workshops receive phishing emails, examples of which I’ve attached below. We haven’t detected any security breaches on our servers; instead, it seems that these emails are being generated by scanning the participant list and gathering information from the internet.

Has anyone else encountered this problem? And if so, do you have any suggestions on how to address it? Despite our efforts to warn participants about this during registration, it remains a persistent annoyance.

Thank you!

Typical email received by a target participant (from address and details might vary but it is more or less the same email every time):

From: ops@travellerpoint.org
Subject: Accommodation in Trento, Italy - June 19 - 23, 2023 - ECT, European Center for Theoretical Studies in Nuclear Physics and Related Areas
Date: 21. March 2023 at 22:52:06 GMT+9
To: undisclosed-recipients:;

–
Dear Professor,

Kindly inform us of your arrival and departure dates in Trento to secure the space for your stay this June for the conference.

If the itinerary isn’t confirmed yet a flexible reservation that can be canceled without any additional fees will be made on the standard dates of the conference, this risk-free cancellation option will be valid up until 30 days before the check-in date.

Thus, kindly get back to us so we can send you the hotel booking form and confirm the reservation.

Warm Regards & Stay safe,
Traveller Team

Kindly note that all reservations are completely flexible and refundable until 30 days before the check-in date in case of cancellation within the 30 days the customer bears the refund fees of 4.75% Charges fees as well as the penalty of at least 1 night of the total reservation.

For any requests or to make a reservation or to modify an existing reservation you can contact us at support@travellerpoint.org

Belgium

Address
RUE DES COMPAGNONS 22 /ET01, 1030 SCHAERBEEK

Call Centers:

USA: +1 818 583 6788
UK: +44 1225 29 3666

Website: http://www.travellerpoint.org/

“You do the packing, We do the planning”

This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s)

ThiefMaster · April 2, 2024, 9:29am

It’s not really phishing (stealing passwords w/ fake login sites) but either very aggressive/spammy marketing, or a scam. Someone I know tried responding to them and based on what they got back “spammy marketing” was their most likely guess (but of course there’s also a possibility that they try to go for credit card data or similar later on).

Anyway, this is a plague affecting events all over, not only those organized via Indico. I believe what they do is go through event sites and look for any names, emails, institute names, etc. that are being published. Then they send their spam mails either to the emails they find directly, or they try to find out the email addresses of those people (first.last@institute.tld is worth trying after all, and maybe googling their name).

So unfortunately there’s not much that can be done except adding a warning page to your event to ignore such emails…

Daniele_Binosi · April 2, 2024, 9:50am

Thank you for the reply.

Yes, they go for the credit card and payments later on, we had at least a case here; so I would say scam really.

And yes, the warning is there on the event page, the server news and our registration emails.