Has Audiogon Been Hacked?


I received what looks like a phishing email masquerading as Audiogon but sent from [email protected], not from audiogon.com. It reads:

Protect your Account

Starting with 15th January 2015 we will add a new security filter designed for your protection.

If any suspicious activity will be detected on your account, our system will lock it down and will ask some security questions regarding the current payment method (credit card/ debit card) added to your account.

It is mandatory that you confirm today your payment information attached to your Audiogon account. Like this our systems will be fully updated and we will be able to keep you safe in the future.

If you don't have any payment method set into your account the chances of your account being automatically locked by our systems is considerable high.

Confirming your payment method for your account is free of charge and your card will not be debited in any way, is going to be safe kept for your protection.

Confirm my card

But the URL on the Confirm my card link is in Spain: http://safeaudiogon.esy.es/sign-in.

Add to that, the security certificates are all invalid once I login separately (directly at audiogon.com).

If it a real email, it violates all the anti-phishing rules, as described above.

Oh, and I would have submitted it through the Contact, but the link gives me yet another invalid security certificate.

Brian.

bkrpdx

Showing 1 response by skiroe

I have had some recent contact with staff and Sarah had replied to me via email and  was helpful.    Sometimes it may take multiple messages to resolve an issue and sometimes because of some sort of change in the organization  some info may be missing depending on how long you have been on Audiogon as in the record of purchases/sales will not be accessible on your account page .   This happened to my account..  Also,  dates of when one first began using the site were in error.    Sarah was able to compile a list of my sales/purchases from info that was available from their records and sent it to me.    Considering the changes and juggling that seems to have been part of a revamping for lack of a better term  I wonder  what precautions are being taken?    How did that phisher obtain user names?   I got one too and trashed it.  I actually got a couple of them.