Solved: Potential data breach

rhudolph · ‎19-02-2017

We received a phishing email on Friday purporting to be from Tesco, which was sent to the email address associated with the BT admin account for our domains.

Although the email itself was easily distinguishable as a phishing attempt, what is of much greater concern is that the email address used is the admin account for our domains. This email address has never been used for outgoing email as a matter of policy, and has never been disclosed to anyone other than BT. The email address is used very infrequently by BT (4 times per year for billing purposes) making it extremely unlikely that the address could have been obtained by the scammer from an intermediary server. The logical conclusion from this is that the BT domain-name customer database may have been compromised.

I would be grateful if you could respond to this message. If no response is received within 7 days we will refer this matter to the Information Commissioner.

rhudolph · ‎28-02-2017

Ian,

Thank you for your response - you are absolutely correct: having checked the WhoIs database this email address is indeed exposed there. My apologies for impuning the integrity of the BT customer database. Actually I am surprised this has not happened before given the address is in such a public place. Unfortunately under US WhoIs rules I do not believe there is anything we can do about this.

View solution in original post

Ian1974 · ‎23-02-2017

Hi Rhudolph,

Sorry to hear of this.

This is not a data breach, as you may well know the people sending these emails use a variety of information, including guesswork to spoof these emails.

Also if it is a domain based email address they may have got the address from the whois database which allows the public to view the contact details for any domain name.

It may also be the case that you have had malware on your computers which may have sent the information to the people who are spoofing your email address.

In this case we would advise you to fully scan you computers for viruses and malware and also ensure your Operating systems are up to date.

For further information on Phishing please see the following site.

https://www.btplc.com/inclusion/ProductsAndServices/Scams/index.htm

Kind Regards,

Ian Ferrier

BT Business Domains

rhudolph · ‎28-02-2017

Ian,

Thank you for your response - you are absolutely correct: having checked the WhoIs database this email address is indeed exposed there. My apologies for impuning the integrity of the BT customer database. Actually I am surprised this has not happened before given the address is in such a public place. Unfortunately under US WhoIs rules I do not believe there is anything we can do about this.

Ian1974 · ‎17-03-2017

Hi Rhudolph,

Sorry for the delay.

It is possible to change the email address, we would suggest that you create a new one via your BT account which you can use only for the domains admin/reg contact (e.g for my domain I used to create an email address such as spam@mydomain.co.uk and use that.

Once you have created that let us know via www.dnsforms.co.uk (chat or dns enquiry) and we can update the contact email address.

You will still however need to check the email address as Icann (the governing body for domains) do send verification emails (normally once a year) to ensure that the email address is valid),, If these are are ignored the domain can be suspended.

Regards,

Ian Ferrier

BT Business Domains