-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Tesla-box: Anyone else receiving these spams?
- Thread starter Chickenlittle
- Start date
-
- Tags
- Off Topic
I got it 2 days ago. My spam filter caught it. It's from Shenzhen, the same place in China that just had a mudslide from a mountain of construction debris that buried apartment buildings. It's a beautiful city otherwise, close to Hong Kong. Wouldn't buy from anyone there though.
They sell it on Taobao, which is sort of the Chinese Amazon. No one has bought one and no reviews, although that's not really surprising since there are not many Teslas in China.
They sell it on Taobao, which is sort of the Chinese Amazon. No one has bought one and no reviews, although that's not really surprising since there are not many Teslas in China.
So what services expose email? Maybe plugshare? Does the tesla API possibly expose it?
stopcrazypp
Well-Known Member
Just to throw an idea out there. If you perhaps sent email to any tesla address when Tesla was subject to the DNS hijack around April 25, 2015 then your email would have been collected by the hijackers.
Last edited:
Even if Tesla was vulnerable to a DNS attack that doesn't mean it would be able to grab email addresses. Do you have proof this happened and what Tesla did about it?
No, if you go back and read some of the earlier posts you will see that it came to email addresses that people used exclusively with Tesla. For example I received the email at the address Tesla has which is different than the one I use here, and I have never ordered an aftermarket product.
stopcrazypp
Well-Known Member
If you sent an email to a Tesla email address during that time, it would be going to the hijackers, assuming they set up their server to receive the emails. I'm not saying they had any access to emails in Tesla's servers.
I got the spam a while back, too. My theory about how they got the email address is because of Tesla's forum software on their official site.
My theory only works if everyone who got the spam answers yes to two questions. If either of these are no for anybody, ignore me.
1. Have you ever posted on the official Tesla forums? Ever? I posted a few times while I was waiting for delivery.
2. Do you use a well known email client, such as Gmail?
I ask these because look at your username on those forums - it is the part of your email that you registered with Tesla that is before the @. All they have to do is go to the publicly accessible forums, get the username list, and put @gmail.com and other popular email providers and hope they get to you. That is how I believe they got me. No hacking needed, it's all publicly visible without even logging in to Tesla's site.
I could be wrong, but if I wanted to get an email list full of suspected Tesla owners, that's exactly what I would do.
My theory only works if everyone who got the spam answers yes to two questions. If either of these are no for anybody, ignore me.
1. Have you ever posted on the official Tesla forums? Ever? I posted a few times while I was waiting for delivery.
2. Do you use a well known email client, such as Gmail?
I ask these because look at your username on those forums - it is the part of your email that you registered with Tesla that is before the @. All they have to do is go to the publicly accessible forums, get the username list, and put @gmail.com and other popular email providers and hope they get to you. That is how I believe they got me. No hacking needed, it's all publicly visible without even logging in to Tesla's site.
I could be wrong, but if I wanted to get an email list full of suspected Tesla owners, that's exactly what I would do.
stopcrazypp
Well-Known Member
That is the most probable theory so far. This would also explain why some have not received the spam.
Aqua
Member
Huh, explains why my username on the official forums is just my first name. Guess I'll be safe.
That explanation fits well with the emailer's "custom spider service" and "registered email address" comments.
That explanation fits well with the emailer's "custom spider service" and "registered email address" comments.
We've been through this exercise a few weeks ago when this same thing happened with the same spammer. The email domains were not consistent (hotmail, gmail, yahoo, aol, proprietary, etc). This kind of thing, targeted spam or "spear fishing", happens a lot. Suggest you mark it as junk and not worry about it.
I use different email addresses for everything, so that I can disable addresses that have been compromised by spammers. This has the side effect of allowing me to know where the spammer obtained my email address since every address can be traced back to a single company. I run my own mail server, so it is not a common domain. I received spam from this company to an email address that has only been provided to Tesla Motors. It is used for official correspondence from them and is also associated with their forum software. It has never been used anywhere else. If I had to guess, my money would be on a compromise of their forum software that allowed someone to harvest email addresses. I have made a handful of posts on the official forums.
taurusking
Member
That is exactly what I did...Hopefully my inbox does not get flooded with junk emails like this...
Similar threads
