View Full Version : Scam Alert - related to customer info hacked from Twinspires.com site

Jeff P
08-22-2013, 12:04 AM
Below is a cut and paste (with my actual Brisnet UserName removed) of an email that showed up in my inbox a few minutes ago...

Q. How do I know this is related to customer information that was hacked from CDI/Twinspires?

A. Easy. Whoever sent it inserted the actual username I was using to log into the Brisnet site at the time of the hack. I am 100% certain that the ONLY place I EVER used that specific user name was the Brisnet.com site! (How else would anyone know it?)

Here's a cut and paste of the body of the email:

eBay sent this message to Jeff Platt ("My BRISNET User Name was inserted here").

Your registered name is included to show this message originated from eBay.
Learn more: "http my ass...They inserted a link to a Phishing page designed to capture my Ebay/PayPal info."


MC209 "My BRISNET User Name was inserted here": eBay Account Update -- Action Needed
Dear "My BRISNET User Name was inserted here" (jeff @ jcapper . com)

We noticed that you haven't signed in to your eBay account for quite some time, and we'd like to invite you back to buy and sell again. eBay's a great place to buy what you want, and sell what you have.

Unfortunately, since you haven't used your eBay account for a while, it will be deleted if you don't sign in within 30 days from the day this email was sent.

If you are not the account owner or the email address is no longer associated with this eBay account you do not need to contact us. We will delete this account in 30 days.

We've got some new information to help you get started again. Just visit:
"http my ass... It's a link to a Phishing page designed to capture Ebay/payPal info."

You can learn more about getting your questions answered, participating in discussion boards, and joining or starting a group. To find out more about getting help from our community resources, visit:
"http my ass... it's another link to a Phishing page designed to capture Ebay/payPal info."

We appreciate your business and hope to have you back as part of the eBay community.




Please, don't YOU fall victim to this... If you get a similar email: DO NOT CLICK ANY OF THE LINKS! (Simply delete it.)

Jeff Platt
President, HANA


08-22-2013, 08:35 AM
Thanks much for the heads up Jeff !!

08-22-2013, 10:05 AM
How long have you been a member of BRISnet Jeff? How often did you change your user name on there?

08-22-2013, 12:43 PM
Jeff, you should probably notify CDI/TS/Brisnet of what happened.

Always check the HTTP:// at the begining of any link in e-mails that asks for password info. A secured site will have HTTPS:// (The S meaning secured), otherwise a phishing site may be in operation. And whenever in doubt of any link, type it in yourself and don't click it. And a phone call to the company also verifies the authenticity of e-mails.

A short while ago, victims received an e-mail from PayPal asking them to verify their logon info since their site was 'hacked'. The link was actually a phishing site that looked like the real one, but the URL was PayPaI. Notice the capital I (eye) at the end to look like the l (el) in PayPal to fool people. I hope you get it all sorted out.

I received something similar Monday via e-mail from Discover Card to verify my logon for their 'new site'. I just ignored it. If it's really important, they'll send their questions/ info via regular mail.

Jeff P
08-23-2013, 05:34 PM
How long have you been a member of BRISnet Jeff? How often did you change your user name on there? Since the mid 1990's Mike...

When I first saw the phishing email I was livid. Now that I've calmed down (and had the chance to investigate a few things) I wanted to come back and post an update.

I spoke with representatives from Twinspires who told me (and I believe them) that while Twinspires customer files were hacked from their servers - no Brisnet customer info was hacked.

I have also had conversations with several other players over the past 48 hrs. So far, NONE have reported receiving an email similar to mine.

If the phishing email in my inbox came about as a result of my customer info being hacked from the Brisnet server: Other players would be receiving similar emails (and reporting receipt of same by now.)

However, to the best of my knowledge, no other player has reported receiving a similar phishing email (where a Brisnet userid was being used to address the recipient.)

Because of that, I have to conclude the sender of the phishing email did not obtain my Brisnet userid by hacking it from the Twinspires server.

Therefore, they must have obtained it through some alternate means.

Connecting some dots...

Mike, you asked how often did I change my Brisnet userid... The answer, I'm sorry to say is not very often. Because the only place I ever used that userid was Brisnet.com, the worst thing anyone who might come into wrongful possession of that userid might do to me is log into the Brisnet site as me and start downloading a bunch of files. (Probably on the low end of the priority list for a real identity thief.)

For that reason (and to avoid re-keying it and my Brisnet password every single time I wanted to use the Brisnet site) that was the ONE userid that I SAVED in Internet Explorer.

Of course when you do that, the info is stored on your machine (which leads to the next area of discussion.)

I have several machines. (But only one of them where the Brisnet userid and password were saved in Internet Explorer.)

As it so happens, that is the one machine I always take with me when I travel.

Yesterday, I took that same machine into a computer repair shop and asked to have it scanned for malware. Picked the machine up this morning. (It was clean.)

However, when I travel, many times I end up using the wifi network at some hotel or airport. FYI, many are the instances where such networks have been reported as compromised.

FYI, because I am aware of that, one thing I never do while traveling is use an airport or hotel wifi network to log into a bank or paypal acct.

However, I HAVE used such networks countless times to log into the Brisnet.com site for SuperTote and to get charts, etc.

At this point, my current "lean" is that one or more of the airport or hotel wifi networks I used to access the Brisnet.com site was probably compromised - and provided some hacker with easy pickin's. (Although a Brisnet userid is probably not what they were after.)



08-24-2013, 11:55 PM
make sure you forward the email to spoof@ebay.com

those phishing sites are trying to get access to your old eBay acct to sell stuff that will not be delivered

08-30-2013, 03:17 PM
FYI, you can't change your Brisnet username, just like you can't change a username at other sites like ebay, amazon, etc.

09-01-2013, 10:15 PM
FYI, you can't change your Brisnet username, just like you can't change a username at other sites like ebay, amazon, etc.Well, if that's the case, then based on how BRIS creates its user names (if they still do it like they did years ago), then it is apparent to me that the BRIS user name showing up on Jeff's email was there by coincidence.

09-04-2013, 12:01 AM
Hey Jeff,

The same E bay scam mail came my way a few months ago.
I did not relate it to Bris until now.I deleted it,it also had my
user name from Twin spires like yours,I use the user name
on a different sites so it would be hard for me to pinpoint
for sure.Thanks for the heads up.