What's new
Van's Air Force

Don't miss anything! Register now for full access to the definitive RV support community.

Beware: Fraudulent "eFax" Mails from Vans

Dennis S.

Member
If you receive any mails from vansaircraft.com containing a link to an alleged eFax message, do not click the link. Especially, do not enter your mail credentials on the website that the link points to. If you did, change your mail password immediately.

Do not even bother asking back via mail if it is legit - Someone must have gained control of Van's mail system, i got an email back stating that i need to enter my mail credentials on that strange website that the link points to.

Vans seems to be aware of that problem according to the message on their answering machine...
 
No need for them to gain any control of anything at Vans. Forging the "sender" address on an email is trivial.
 
We are aware of the fraudulent emails, of which there are many similar emails being sent which are a broad problem at many companies this week. The emails are not from Van’s of course. The “from” address has been forged.

We are taking action internally, as well. We appreciate the quick calls from customers when this started. It’s not necessary at this point to call us about the issue. Please delete the emails.

Thanks.
 
No need for them to gain any control of anything at Vans. Forging the "sender" address on an email is trivial.
This is not about the usual mail spoofing. I already asked back to vans via mail and got the reply that that attachment was allegedly safe to view. Which is not true. So there is clearly someone else reading their e-mails.

Anyway, point of this posting was just: Don't click the links, even if Van's tells you to do so by mail.

Kind regards
Dennis
 

Attachments

  • Mail.png
    Mail.png
    45 KB · Views: 261
Last edited:
Fraudulent Email

This is not about the usual mail spoofing. I already asked back to vans via mail and got the reply that that attachment was allegedly safe to view. Which is not true. So there is clearly someone else reading their e-mails.

Anyway, point of this posting was just: Don't click the links, even if Van's tells you to do so by mail.

Kind regards
Dennis

I agree that this doesn’t appear to be the usual phishing attempt via a spoofed address. I too received a pretty real looking email from what appears to be a real vans employee that I have received order confirmations from in the past. I did not click the link because it’s been quite a while since I’ve ordered something from Van’s, but I did come straight here to find this thread. I would suggest that some unscrupulous person or organization has gotten a hold of Van’s email addresses. This is certainly one of the most sophisticated looking email phishing attempts that I’ve seen to date.

Skylor
 
No need for them to gain any control of anything at Vans. Forging the "sender" address on an email is trivial.

True, but he replied to that address and they responded. What would be interesting is to look at the detailed message headers - that's how you find out where the mail came from. Could be that someone got access to one or more accounts at Van's Aircraft, which is trivial to do if they don't use MFA.

Van's is I'm sure working with their IT gurus to get to the bottom of this, but until we get the "all clear" message, take care. In fact, take care anyway!
 
Hi Greg,

I'm not sure if this is something your web admins are already working on, but consider setting up DMARC for vansaircraft-dot-com. That will help prevent others from impersonating Vans Aircraft.

There's some docs I can send about it over private message, if you like.


We are aware of the fraudulent emails, of which there are many similar emails being sent which are a broad problem at many companies this week. The emails are not from Van’s of course. The “from” address has been forged.

We are taking action internally, as well. We appreciate the quick calls from customers when this started. It’s not necessary at this point to call us about the issue. Please delete the emails.

Thanks.
 
The hacker's ability to reply to a customer, quoting the customer's actual E-mail could indicate they not only can spoof the sender, but they had access to one or more employee's inbox. Mitigations like DMARC are for sure must-haves, but would not prevent an attacker who has, for example, access to the victim's web-based E-mail system.
 
Back
Top