SPAM Emails Appearing to Come from Solarwinds
-
Do it. I always name and shame, it's the other party that has something to lose. And send them an invoice for lost time, and if they don't pay, send it to collection agency, lmao.
-
@marcinozga said in SPAM Emails Appearing to Come from Solarwinds:
Do it. I always name and shame, it's the other party that has something to lose. And send them an invoice for lost time, and if they don't pay, send it to collection agency, lmao.
They are definitely more a customer of ours than us them!
-
Finally got corporate counsel involved. They verified that our account was not active, that the whole thing was a mistake and that Cisco Collect has been told that the account was not appropriate (no one would verify that up to this point.)
I had to point out, however, that they are still liable for their breach of the Computer Fraud and Abuse Act of 1986 and we expected appropriate legal action to be taken against Cisco Collect. Corporate counsel said that CC was their authorized agent, which means that Cisco Collect, a known malicious entity pretending to be Cisco, which means that their strong arm social engineering tactics breach US federal hacking laws and as their official agent, this reflects on Solarwinds.
-
@scottalanmiller said in SPAM Emails Appearing to Come from Solarwinds:
Finally got corporate counsel involved. They verified that our account was not active, that the whole thing was a mistake and that Cisco Collect has been told that the account was not appropriate (no one would verify that up to this point.)
I had to point out, however, that they are still liable for their breach of the Computer Fraud and Abuse Act of 1986 and we expected appropriate legal action to be taken against Cisco Collect. Corporate counsel said that CC was their authorized agent, which means that Cisco Collect, a known malicious entity pretending to be Cisco, which means that their strong arm social engineering tactics breach US federal hacking laws and as their official agent, this reflects on Solarwinds.
Karma -
-
Social engineering in an attempt to get banking information is a ridiculously serious charge. Especially for a large, public company!
-
@scottalanmiller said in SPAM Emails Appearing to Come from Solarwinds:
, which means that Cisco Collect, a known malicious entity pretending to be Cisco, which means that their strong arm social
So, are you going to pursue it and sue them?
-
@dashrender said in SPAM Emails Appearing to Come from Solarwinds:
@scottalanmiller said in SPAM Emails Appearing to Come from Solarwinds:
, which means that Cisco Collect, a known malicious entity pretending to be Cisco, which means that their strong arm social
So, are you going to pursue it and sue them?
You don't really sue for Patriot Act violations. You just report them to the FBI.
-
@scottalanmiller said in SPAM Emails Appearing to Come from Solarwinds:
Computer Fraud and Abuse Act of 1986
Can you explain how they violated this act?
Corporate counsel said that CC was their authorized agent
You originally said they sold the account. Now it sounds like they just referred the account to an external agency for collections. Which is it?
Cisco Collect, a known malicious entity pretending to be Cisco
Pretty strong statement. Where's your proof?
strong arm social engineering tactics breach US federal hacking laws
So sending an erroneous invoice via email is now a violation of federal law?
-
@danp said in SPAM Emails Appearing to Come from Solarwinds:
strong arm social engineering tactics breach US federal hacking laws
So sending an erroneous invoice via email is now a violation of federal law?
It's always been illegal to send invoices when there was no service rendered.
-
@danp said in SPAM Emails Appearing to Come from Solarwinds:
@scottalanmiller said in SPAM Emails Appearing to Come from Solarwinds:
Computer Fraud and Abuse Act of 1986
Can you explain how they violated this act?
Yes, they used bullying tactics to try to elicit a payment and acquire financial details. That's social engineering which is the most common form of hacking. Same crime that Kevin Mitnick went to prison for. It's illegal to try use threats to steal money.
-
@danp said in SPAM Emails Appearing to Come from Solarwinds:
Corporate counsel said that CC was their authorized agent
You originally said they sold the account. Now it sounds like they just referred the account to an external agency for collections. Which is it?
They aren't clear. They claim that Cisco Collect is an "authorized agent" but not one that all of their departments know about. By claiming that they are an authorized agent (something that their legal counsel said to claim that our data had not been compromised) they had to claim that this was their agent. Which then makes Solarwinds liable for their actions.
-
@danp said in SPAM Emails Appearing to Come from Solarwinds:
Cisco Collect, a known malicious entity pretending to be Cisco
Pretty strong statement. Where's your proof?
Their name. They use that name for the insanely obvious purpose of trying to do collections making people think that it is Cisco. Cisco is not a name on its own, it's a brand name owned by Cisco. If you look online, they used to only claim to be Cisco.
-
@danp said in SPAM Emails Appearing to Come from Solarwinds:
strong arm social engineering tactics breach US federal hacking laws
So sending an erroneous invoice via email is now a violation of federal law?
Intentionally, yes of course. But more importantly, that's not what is being discussed. Social engineering is a federal crime and that's what they did.
-
@danp said in SPAM Emails Appearing to Come from Solarwinds:
You originally said they sold the account. Now it sounds like they just referred the account to an external agency for collections. Which is it?
Can you clarify what the difference to you is? "Referring" and sold are the same thing in the collections world.
-
@scottalanmiller said in SPAM Emails Appearing to Come from Solarwinds:
@danp said in SPAM Emails Appearing to Come from Solarwinds:
You originally said they sold the account. Now it sounds like they just referred the account to an external agency for collections. Which is it?
Can you clarify what the difference to you is? "Referring" and sold are the same thing in the collections world.
No, they are two very different things. In general terms, an account referred for collections has been placed with an agency on a contingency basis. No funds have changed hands, and the agency is only compensated upon successful collections of the account.
-
@danp said in SPAM Emails Appearing to Come from Solarwinds:
So sending an erroneous invoice via email is now a violation of federal law?
"Erroneous" implies accidental. We are way beyond any potential claim of accident. There is no reasonable ground for claiming accident. They might have claimed accident when they created the account without our consent or speaking to us, although that alone is completely unreasonable as an "accident". How does something like that happen "accidentally"? That's absurd. We've never been their customer, they bought our information in a purchase of another company and used it in appropriately.
But giving them the absurd benefit of the doubt there, they have at least three major "can't claim to be accidents" since that time that has escalated the situation.
Also, there was no invoice via email in the case we are discussing. Only threats over the phone by Cisco Collect claiming to be Solarwinds. It's illegal to threaten someone. Especially a random someone to whom you have no connection.
-
@danp said in SPAM Emails Appearing to Come from Solarwinds:
@scottalanmiller said in SPAM Emails Appearing to Come from Solarwinds:
@danp said in SPAM Emails Appearing to Come from Solarwinds:
You originally said they sold the account. Now it sounds like they just referred the account to an external agency for collections. Which is it?
Can you clarify what the difference to you is? "Referring" and sold are the same thing in the collections world.
No, they are two very different things. In general terms, an account referred for collections has been placed with an agency on a contingency basis. No funds have changed hands, and the agency is only compensated upon successful collections of the account.
I see. In that case, we can't know. They haven't disclosed enough. They have given us a bit of a run around and their story does not remain the same from department to department. Marketing had no idea who these collection peope were and thought that they had had a data breach. Finance acted as though the account was sold. Legal said that they were an authorized agent.
There is a lot of covering and no one is being honest. What we know is that there is no excuses possible at this point, fraud is clear and there is no way to claim that at least some steps here were not intentional, and that the threats from Ken at Cisco Collect violated our rights. Mistakes happen, this isn't a mistake. Ken being threatening is certainly no mistake. Ken is the official rep for Solarwinds according to legal, so this was threats and a refusal to let us speak to managers from Solarwinds as their official stance.
-
What we do know for sure is that a malicious entity that we do not appreciate receiving our data that had no reason to have our data has it and has threatened us.
-
FTC rules: "Can a debt collector contact me any time or any place?
No. A debt collector may not contact you at inconvenient times or places, such as before 8 in the morning or after 9 at night, unless you agree to it. And collectors may not contact you at work if they’re told (orally or in writing) that you’re not allowed to get calls there.
Debt collectors can contact you by phone, letter, email or text message to collect a debt, as long as they follow the rules and disclose that they are debt collectors. No matter how they communicate with you, it’s against the law for a debt collector to pretend to be someone else — like an attorney or government agency — or to harass, threaten or deceive you."
-
This FTC statute was also violated: "Can a debt collector keep contacting me if I don’t think I owe any money?
If you send the debt collector a letter stating that you don’t owe any or all of the money, or asking for verification of the debt, that collector must stop contacting you. You have to send that letter within 30 days after you receive the validation notice. But a collector can begin contacting you again if it sends you written verification of the debt, like a copy of a bill for the amount you owe."