728x90 Main Content (Top)
Results 1 to 9 of 9
Like this thread?
 
  1. #1
    Junior Member
    Join Date
    Apr 2011
    Posts
    4

    Can you really be this bad at security or is this just phishing?

    I got mail from support@dragthebar.com telling that I have won free month and I can use my raketherake login and password to use your site.

    I first dismissed it just as phishing attempt. Asking people to enter their name/pwd on other site is one of the oldest phishing methods. No one should EVER under any circumstances give out their account/pwd. Don't give them in emails, don't give them to someone claiming to be admin and most specially do not enter them to any site except one where they are used.

    So is it just phishing or have you just failed in most elementary aspect of internet security?

  2. #2
    Administrator RakeTheRake's Avatar
    Join Date
    Dec 2004
    Posts
    2,348
    Quote Originally Posted by Auren View Post
    I got mail from support@dragthebar.com telling that I have won free month and I can use my raketherake login and password to use your site.

    I first dismissed it just as phishing attempt. Asking people to enter their name/pwd on other site is one of the oldest phishing methods. No one should EVER under any circumstances give out their account/pwd. Don't give them in emails, don't give them to someone claiming to be admin and most specially do not enter them to any site except one where they are used.

    So is it just phishing or have you just failed in most elementary aspect of internet security?
    Hey Auren - it's not Phishing and there's no security failure. But thank you for checking. Because of the restrictions on using the coupon (like 2 weeks activation etc), the API is set up so that you can access the training through DTB's site using your RTR details since all RTR members are automatically DTB members now.

    Please enjoy your free training and don't forget that you can get free training again this month.

    https://www.raketherake.com/free-training
    Best wishes

    Johnny

    Skype: rakeback1


  3. #3
    Junior Member
    Join Date
    Apr 2011
    Posts
    4
    If I change my password for raketherake now will my new password stay only for raketherake site while my old password works on their site?

    I do not know this DragtheBar company. However they can currently login in my raketherake account and see my personal info including some payment data and sell it to spammers. They can change my payment methods so that they get the money instead of me. They can change my email and password and prevent me from accessing my account. After all you have given them my login and password.

    You are actually breaking your own privacy policy by givingn this information to them.

    3. We do not sell, rent or exchange your personal information with any third party for commercial reasons.
    4. We follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access in accordance with the UK data protection legislation.
    You have broken both of those rules by giving them full access to all my personal information by providing them my username and password.

    You are also probably breaking "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data". Or are you certified for US-EU Safe Harbor? (International Safe Harbor Privacy Principles - Wikipedia, the free encyclopedia)

  4. #4
    Administrator RakeTheRake's Avatar
    Join Date
    Dec 2004
    Posts
    2,348
    Quote Originally Posted by Auren View Post
    If I change my password for raketherake now will my new password stay only for raketherake site while my old password works on their site?

    I do not know this DragtheBar company. However they can currently login in my raketherake account and see my personal info including some payment data and sell it to spammers. They can change my payment methods so that they get the money instead of me. They can change my email and password and prevent me from accessing my account. After all you have given them my login and password.

    You are actually breaking your own privacy policy by givingn this information to them.



    You have broken both of those rules by giving them full access to all my personal information by providing them my username and password.

    You are also probably breaking "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data". Or are you certified for US-EU Safe Harbor? (International Safe Harbor Privacy Principles - Wikipedia, the free encyclopedia)
    Hey Auren, I appreciate your concern and i can tell you that if you change your password on RTR it will not change on DTB.

    In addition I can assure you that DTB are not a third party to RTR. And so none of our own privacy statements or any US/EU edicts you mention are being violated. If you want the free training you are most welcome to it and can use the link. If you would rather not then that is fine.

    One thing I will add is that if you are worried about your personal data being circulated i can assure you that, from the stories we have heard within this industry, it has almost certainly been sold numerous times by disgruntled employees of all the various poker rooms/casinos/betting sites that you, us and everyone else have had accounts with over the years. Hence the reason we are all inundated with daily spam offers for free slot offers and poker rooms and casinos you have never heard of. It is sad but true.
    Best wishes

    Johnny

    Skype: rakeback1


  5. #5
    Junior Member
    Join Date
    Apr 2011
    Posts
    4
    Thanks. I will then just change my password here. I don't have any clue what kind of company dragthebar is so I have no reason to trust them with my account here. I rather try their services with different password.

    You should really warn your customers about phishing. There is now big opening for someone making "rtrtraining.com" then getting one of those big poker player spam email lists. And finally sending mail that is identical to one dragthebar sent except asking people to give their login and password to completely bogus rtrtraining.com. After all raketherake has done so once. Who would suspect it now?

  6. #6
    Administrator RakeTheRake's Avatar
    Join Date
    Dec 2004
    Posts
    2,348
    Quote Originally Posted by Auren View Post
    Thanks. I will then just change my password here. I don't have any clue what kind of company dragthebar is so I have no reason to trust them with my account here. I rather try their services with different password.

    You should really warn your customers about phishing. There is now big opening for someone making "rtrtraining.com" then getting one of those big poker player spam email lists. And finally sending mail that is identical to one dragthebar sent except asking people to give their login and password to completely bogus rtrtraining.com. After all raketherake has done so once. Who would suspect it now?
    Thanks for the feedback Auren. We have been working with DTB for well over a year and have announced it in newsletters on more than one occasion. So hopefully most members are familiar with the set-up. Apologies again that you felt this was not clear. Have a good week.
    Best wishes

    Johnny

    Skype: rakeback1


  7. #7
    Junior Member
    Join Date
    Apr 2011
    Posts
    4
    Quote Originally Posted by RakeTheRake View Post
    Thanks for the feedback Auren. We have been working with DTB for well over a year and have announced it in newsletters on more than one occasion. So hopefully most members are familiar with the set-up. Apologies again that you felt this was not clear. Have a good week.
    You are really overestimating how well people read your newsletters. Already this year I have received 11 different newsletters from poker related things I am part of. I actually open and skim over all of them. However I really don't read them carefully since there is so many. I had absolutely no recollection ever reading about dragthebar.

    Reason why you haven't received much feedback about this is that most just deleted this mail from dragthebar. I almost did this. It is not distinguishable from normal gambling related spam every poker player gets.

    I checked my spam folder and during last 30 days I got about 200 poker related spam. Many of them from accounts like "support" or "account". Most of them telling me I have won free something just like dragthebar mail. If you want people to actually notice their win you must send it from raketherake email or it gets dismissed as spam.

  8. #8
    Junior Member
    Join Date
    May 2012
    Posts
    2
    there is a security failure to a degree. If someone was to pose as DTB.com, send the exact same mail, and then swap the target of an outbound link on the email to a site that is cosmetically identical to DTB.com, what would they do? They would enter their valid user and password. This could be logged and abused by somebody, but I doubt its worth someone's while to do it.

  9. #9
    Administrator RakeTheRake's Avatar
    Join Date
    Dec 2004
    Posts
    2,348
    Quote Originally Posted by conall1988 View Post
    there is a security failure to a degree. If someone was to pose as DTB.com, send the exact same mail, and then swap the target of an outbound link on the email to a site that is cosmetically identical to DTB.com, what would they do? They would enter their valid user and password. This could be logged and abused by somebody, but I doubt its worth someone's while to do it.
    Hey Conall

    It's a possibility. But of course it is a possibility for anyone to do the same with any site, whether it be Facebook...Google...PayPal etc.

    It's probably one the greatest flaws on the internet that anyone can send an email to someone else and make it come from any email address they choose.
    Best wishes

    Johnny

    Skype: rakeback1


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •