Magic Vacation Title Outlook email hacker is sending fake files to download

[Jaydee51]

Moderator, i'm not sure if i can post this here but will leave to your discretion.

Magic Vacation Title's outlook server was hacked.
Emails are being sent to clients this morning with files attached that request passwords.
Please do not open attachments or download anything. They are aware of the problem and working to remedy.

per board members: people should cancel their CC if they had given it to them

 

[GinoNL]

I have the same problems...

I filled out my creditcard details and sent them back (e-mail) to Magic Vaction Title a couple of months ago. I blocked my creditcard for safety reasons, I would advise others to do the same if they sent their details too. Not sure if the hackers can access that specific e-mail, but I'm better safe than sorry

 

[TheEpcotForEver]

They do have access to the emails, the spoofed emails I got from them contain text of emails I had with magic vacation title over the summer

 

[Llama mama]

I have the same problems...

I filled out my creditcard details and sent them back to Magic Vaction Title a couple of months ago. I blocked my creditcard for safety reasons, I would advise others to do the same if they sent their details too. Not sure if the hackers can access that specific e-mail, but I'm better safe than sorry

Good idea

 

[sethschroeder]

Make sure to cancel any Credit Card given to them as well.

 

[Jaydee51]

I have the same problems...

I filled out my creditcard details and sent them back to Magic Vaction Title a couple of months ago. I blocked my creditcard for safety reasons, I would advise others to do the same if they sent their details too. Not sure if the hackers can access that specific e-mail, but I'm better safe than sorry

I was just thinking the same thing. if they have enough access to the specific email inbox of the person we have been working with, and send an email response on an existing email chain then they must have access to all the attachments. I also emailed them my CC information for deposit so all my demographic information would be there. Ohhh no, how scary. i will call CC now...

 

[Lesserlion]

If you didn't open the email, you should be OK. I know I mailed off of my paperwork to them - so if you didn't provide any information via email, you should be alright as well.

Not sure if they phished further in ***'s system to have compromised any other information/paperwork

 

[sethschroeder]

i will call CC now...

Can you update the main post to bold a statement about making sure people cancel their CC if they had given it to them.

 

[sethschroeder]

Not sure if they phished further in ***'s system to have compromised any other information/paperwork

Membership numbers would be compromised as well. I wonder if Disney will be notified or if we should be reaching out?

Tried looking doesn't seem membership number is posted anywhere else.

 

[Lesserlion]

Membership numbers would be compromised as well. I wonder if Disney will be notified or if we should be reaching out?

I guess it depends on how you completed the process with the company. If you did it all via snail-mail, then nothing was compromised - assuming the hackers didn't get deeper into their systems, in which case ... ugh.

Definitely not saying "nothing to see here" - just hoping to alleviate stress from others who didn't pass information via email.

It's really dependent on how you proceeded. But as @sethschroeder others suggested, it's always a good idea to play it safe with marking Credit Cards as 'stolen' (if you went that route).

 

[Jaydee51]

Can you update the main post to bold a statement about making sure people cancel their CC if they had given it to them.

done.

 

[sethschroeder]

I guess it depends on how you completed the process with the company. If you did it all via snail-mail, then nothing was compromised - assuming the hackers didn't get deeper into their systems, in which case ... ugh.

I wouldn't be surprised if the documents were scanned and happened to be attached to internal emails. Even more so this last year with people likely working remotely but still together.

 

[Jaydee51]

If you didn't open the email, you should be OK. I know I mailed off of my paperwork to them - so if you didn't provide any information via email, you should be alright as well.

Not sure if they phished further in ***'s system to have compromised any other information/paperwork

I'm sure most people will open the email b/c it comes from a trusted source and many are waiting to hear back from title companies about one thing or another.

I have not received any formal communication from the title company so they are not warning their clients proactively. I only found out it was a hack b/c the timing of the email was strange and on a hunch I called the rep. the voicemail message on her line alerted me to the hack.

I turned off my Wi-Fi immediately and then turned off my phone just in case. i have antivirus software on my phone (came standard) but not sure how well that works. I feel sick to my stomach just thinking about all the information they could have access to.
Not sure what else to do at this point.

 

[Lesserlion]

I wouldn't be surprised if the documents were scanned and happened to be attached to internal emails. Even more so this last year with people likely working remotely but still together.

Super good points here.

Credit Card or Bank Account # theft aside - I'm totally wandering into a digression here -, what is the exposure risk for your Member ID being 'stolen?' With a credit card, tracking the theif (theives) down can be pretty tricky. With DVC points, there's going to be a human showing up for a reservation at some point.

Maybe Title theft? I'm not an expert (but I did stay in a <famous hotel chain name redacted> one night when i was short on DVC points). Is this something that could happen considering the fact that DVC Contracts are deeded assets?

 

[TheEpcotForEver]

Super good points here.

Credit Card or Bank Account # theft aside - I'm totally wandering into a digression here -, what is the exposure risk for your Member ID being 'stolen?' With a credit card, tracking the theif (theives) down can be pretty tricky. With DVC points, there's going to be a human showing up for a reservation at some point.

Maybe Title theft? I'm not an expert (but I did stay in a <famous hotel chain name redacted> one night when i was short on DVC points). Is this something that could happen considering the fact that DVC Contracts are deeded assets?

This is my concern more than credit card info being stolen. Doesn’t DVC do reservations on the phone with no more than a membership number?
The broker is trying to downplay it and say it’s only emails spoofing and nothing was compromised, but they are either in way over their head or being dishonest. The “spoofed” emails contain contents from actual private emails I had with the companies so the hackers clearly have full access to some unknown number of private email conversations

 

[Jaydee51]

-hackers are usually looking for easy money and then disappear. while i don't discount potential dvc impact, they are probably looking for money in the form of wires and other easy financial transactions like credit card purchases.
-Bank account number and routing numbers (checks) can be used to deduct money from bank accounts.
-Identity theft is always a big concern.

I would keep an eye on DVC account anyway just in case.

 

[Jaydee51]

This is my concern more than credit card info being stolen. Doesn’t DVC do reservations on the phone with no more than a membership number?
The broker is trying to downplay it and say it’s only emails spoofing and nothing was compromised, but they are either in way over their head or being dishonest. The “spoofed” emails contain contents from actual private emails I had with the companies so the hackers clearly have full access to some unknown number of private email conversations

DVC member services will ask other questions to validate who you are but if the hackers have access to the emails, they probably have all our personal information (e.g. address, phone number, definitely email address).


This is getting very scary.

 

[GrumpyInPhilly]

As far as the DVC membership number is concerned, I put a password on my account some time back so that anyone contacting MS with my membership number also needs the password to speak with them.

 

[sethschroeder]

As far as the DVC membership number is concerned, I put a password on my account some time back so that anyone contacting MS with my membership number also needs the password to speak with them.

How do you do that?

 

[GrumpyInPhilly]

How do you do that?

I called MS and added it to my account.