Llama mama
DIS Veteran
- Joined
- Jan 6, 2019
- Messages
- 1,269
Magic Vacation Title Outlook email hacker is sending fake files to download
- Thread starter Jaydee51
- Start date
AvidDisReader
DIS Veteran
- Joined
- Mar 24, 2019
- Messages
- 1,073
To be clear, this is very serious. Immediately put Fraud alerts on all the credit bureaus. Have the credit cards canceled and re issued. CHANGE your passwords on your email account. I have been in the credit business for 40 years and once your information gets out on the dark web it could make your life miserable for years.
RoseGold
DIS Veteran
- Joined
- Jan 21, 2020
- Messages
- 8,062
I tried to pay the deposit by wire, but had to fill out the stupid credit card form and email it in as a pdf. I guess I should have faxed it. When's the last time you read that sentence???
I needed a new credit card number anyway, I'm not really bothered about that. My concern is all the other information the title company has that goes with it, and I'm not sure how I could have protected that.
RanDIZ
DIS Veteran AKV/CCV
- Joined
- Dec 22, 2019
- Messages
- 1,172
Same. Still haven't heard anything. Since it was an email related hack, I wouldn't expect any further email communication for the time being. With that said, they should have at least made attempts by phone to the current contracts in progress. I know they'd have quite the task to notify everyone in the system, but for current sales they should have at least started there since these are currently underway. Honestly, how many contracts could possibly be current? I'm just guessing, 30-40? I know they specialize in DVC, but seriously overall no more than 100?
Please....as someone who manages email for a living, please please stop saying "their server got hacked". Email is easy to spoof...anyone can do it anytime, I can send you an email from yourself via 5 seconds of work, it does not mean you got "hacked". They are faking the email addresses, you should always always always verify any email you get, especially if you aren't expecting said email. What "hackers" like this do is look at boards like this one to see who would be getting emails. I mean we all have done it, we post everything about our financial transaction in buying online!! We list the resort, number of points, title company, reseller, etc......also known as perfect bait material for phishing scams. If people would just be mindful of what they do with emails they get, this strategy would never work.
Nick Cotton
Earning My Ears
- Joined
- Dec 9, 2020
- Messages
- 1
All, this is Nick Cotton from DVC Resale Market, and I wanted to relay this important message from Magic Vacation Title regarding this email cyber attack:
An important message from Magic Vacation Title, LLC to all of our Disney Customers:
We became aware on December 21, 2020 that one of our email accounts was breached. This is to notify you that if you conducted business with us recently or historically, your email info may have been compromised. You will know if it was by the numerous spam emails that may have started coming your way.
What you need to know and do:
1. There may be annoying spam to the customers that were addressed inside of that email account. Ignore those and report them as spam.
2. Do not click on any ZIP files from our company or anyone unless you trust the source. We do not send those. They may contain malware or ransomware.
3. There may be phishing emails coming as well that look like they are from us asking for money to close the transaction. Use common sense, Ignore them and do not respond.
4. Report any of these emails you may receive as spam.
5. If you receive a notice with wiring instructions, even if you think it is appropriate, call our office to verbally verify the wiring instructions. As they may attempt to "spoof" in order to get you to divert your funds to them.
6. As a precautionary measure, If you used a credit card as a deposit, you may want to keep an eye on that account for any suspicious activity although we cannot confirm if any of that info was compromised.
7. We believe the breach was only to one email account, and the Title and Escrow software was NOT compromised.
*** is notifying the appropriate authorities and publicly notifying it's customers of the affected data breach. Meanwhile, we have employed some new policies around wires to have personal contact for verification prior to sending and not relying on email info regarding sending money. We will be reaching out personally to every customer we currently have in process with further instructions.
We regret that this cyber attack may impact you and we will continue to be vigilant to protect our customers' information. Now that we have eliminated the threat to our system, our ability to conduct business safely is not compromised in any way. And we will be taking further security steps to ensure that transactions can proceed without delay.
Sincerely,
Magic Vacation Title, LLC
An important message from Magic Vacation Title, LLC to all of our Disney Customers:
We became aware on December 21, 2020 that one of our email accounts was breached. This is to notify you that if you conducted business with us recently or historically, your email info may have been compromised. You will know if it was by the numerous spam emails that may have started coming your way.
What you need to know and do:
1. There may be annoying spam to the customers that were addressed inside of that email account. Ignore those and report them as spam.
2. Do not click on any ZIP files from our company or anyone unless you trust the source. We do not send those. They may contain malware or ransomware.
3. There may be phishing emails coming as well that look like they are from us asking for money to close the transaction. Use common sense, Ignore them and do not respond.
4. Report any of these emails you may receive as spam.
5. If you receive a notice with wiring instructions, even if you think it is appropriate, call our office to verbally verify the wiring instructions. As they may attempt to "spoof" in order to get you to divert your funds to them.
6. As a precautionary measure, If you used a credit card as a deposit, you may want to keep an eye on that account for any suspicious activity although we cannot confirm if any of that info was compromised.
7. We believe the breach was only to one email account, and the Title and Escrow software was NOT compromised.
*** is notifying the appropriate authorities and publicly notifying it's customers of the affected data breach. Meanwhile, we have employed some new policies around wires to have personal contact for verification prior to sending and not relying on email info regarding sending money. We will be reaching out personally to every customer we currently have in process with further instructions.
We regret that this cyber attack may impact you and we will continue to be vigilant to protect our customers' information. Now that we have eliminated the threat to our system, our ability to conduct business safely is not compromised in any way. And we will be taking further security steps to ensure that transactions can proceed without delay.
Sincerely,
Magic Vacation Title, LLC
RoseGold
DIS Veteran
- Joined
- Jan 21, 2020
- Messages
- 8,062
Sorry, but you aren't right. This email was spoofed, sure, but they knew my email and my broker and my title agent, and I didn't put any of that anywhere.
They have complete email chain conversations, is this still consistent with spoofing or is it more?
sethschroeder
DIS Veteran
- Joined
- Feb 24, 2013
- Messages
- 9,398
This is not a spoofed email address so please stop saying its a "spoof". Theses are direct responses on email chain communications with the title company.
They absolutely were compromised. So no you are not doing this in 5 seconds of work.
sethschroeder
DIS Veteran
- Joined
- Feb 24, 2013
- Messages
- 9,398
This is not spoofing.
Spoofing is essentially just changing the "from" on an email.
The title company was absolutely compromised but at this point we don't know to what extent.
TheEpcotForEver
Earning My Ears
- Joined
- Sep 4, 2020
- Messages
- 38
They are not just faking email addresses. They are actually responding to private emails from months ago with fake email addresses, so they must have access to the title company or broker companies email account(s)
luvdisneyland
Mouseketeer
- Joined
- Jan 6, 2015
- Messages
- 136
I understand, what I am trying to convey is that the title company didn't do anything wrong ( or the Brokers, finance companies and Disney- which emails are also being spoofed from) and they, I'm sure . were in panic mode spending their time yesterday trying to solve the problem. They likely have tens of thousands of emails address in their data base, I don't think it is realistic for them to send an email to everyone they've ever corresponded to to let them know, especially within hours of this happening. Pulling up 10+ years of emails would be a tad time consuming. Instead they posted here on the Disboards and had it on their recording for their company and social media. I just hate seeing people start accusing and blaming folks for stuff they have no control over. Not sure about the CC or payments, they did state that it was only one email account hacked and their other systems that are separate were safe, but I would definitely monitor my CC if I had one that was emailed to them.
luvdisneyland
Mouseketeer
- Joined
- Jan 6, 2015
- Messages
- 136
Hi, would we need to do this even if they never provided CC info via email? Thanks!
Last edited:
MICKIMINI
Love the Mouse!
- Joined
- Sep 6, 2003
- Messages
- 3,726
As one who has had a CC hacked in the past, it is very serious. I had to file police reports, reports to CC companies, cancel the cards and put a (now) permanent freeze on my credit. I spent many hours a day for months and months trying to end the hacks. Once your info is loose, these folks are skilled at putting the pieces of the puzzle together. If you have never been hacked financially, it is hard to imagine the angst and sleepless nights wondering when it will end. It gets really complicated really fast...
Alerting others to a potential life changing situation like a financial hack is not "accusing and blaming folks for stuff they have no control over". Alerting others gives people (hopefully) time to call banks and the credit bureaus before it is too late. Perhaps, nothing would have happened, but better to be one step ahead than behind.
I really didn't want to jump in, however legitimately, I am a former customer and now I've been alerted here on disboards (no word from the company) and can keep an eye out for trouble. Thanks for the news.
Last edited:
RoseGold
DIS Veteran
- Joined
- Jan 21, 2020
- Messages
- 8,062
You must know a lot more than we do if you know what they did and didn’t do wrong.
AvidDisReader
DIS Veteran
- Joined
- Mar 24, 2019
- Messages
- 1,073
Yes. I would. Sounds like the Title company data base was hacked. I remember doing some due diligence once on a pending application. It turns out our customer was an FBI agent and he had previously had his info stolen. You know that he told me they never caught the hackers. Now if an FBI agent can have his credit comprised, do you think anyone is safe?
Last edited:
Stargazer65
Disney Honorary Bus Driver since 2009
- Joined
- Aug 13, 2020
- Messages
- 2,395
*** stated the database was secure and only one email account was hacked.
Stargazer65
Disney Honorary Bus Driver since 2009
- Joined
- Aug 13, 2020
- Messages
- 2,395
Why can I write Magic Vacation Title, but if I use the first three letters as an acronym it's a bad word?
-
Former Disney Cast Member Sentenced With Jail Time & Steep Fine
-
We're Over the Moon for PIZZA MOON at Epic Universe
-
Laid-Back Rides, Great Food, and Nostalgia at Paradise Gardens in DCA
-
Epic Universe Previews EXTENDED for Universal Passholders
-
K. Rammelle Sweet Shop in Epic Universe Ministry of Magic
-
Will I Fit? The Ultimate Plus-Size Guide to Disneyland Park
-
NEW Cocktails & Mocktails Coming to Disneyland Next Week
New Posts
- Poll
