Tell HN: How to stop fraudulent invoices from FogBugz
Hello HNers,
It's been reported that FogBugz started sending large amount of fraudulent invoices on or about Friday 16th September 2022.
See twitter and HN threads about the issue https://twitter.com/josephruscio/status/1570957688405917698
If you have received fraudulent emails and invoices from FogBugz, there's a very simple first step you can do to help prevent harm to other victims.
* In Firefox, you can open the website https://fogbugz.com/sign-in/ , then open "Help" menu, "Report Deceptive website".
* In any browser, you can open the page to report deceptive websites here https://safebrowsing.google.com/safebrowsing/report_phish/ then fill in the URL https://fogbugz.com/sign-in/
Google and Firefox maintain a list of websites performing active attacks of phishing/fraud/malware/etc. The lists are updated in the background hourly or so for all users of the browsers. A site should be blocked in no time once it's been reported enough time.
It's been very effective at stopping large scale attacks in the wild. That's one of the reasons you see elaborate attacks these days having to circle through many domains, otherwise they get blocked in no time.
There may be more you can do (some comments mentioned writing to your Attorney General and starting class actions lawsuits) however these take a while to initiate and do not stop active harm in the meantime.
Regards. Urgh - I got one of these - completely forgot that I'd set up a fogbugz account years ago. Don't know if these invoices are as a result of a hack, or whether it's because it's now owned by another company and they're pre-emptively "upgrading" previously free accounts to "paid" accounts in the hope that they're going to get some subscriptions... The email had some vlaid account fogbugz account details, so it's at least coming from their database... What is meant by "invoices"? Every single screenshot I've seen in another thread said they were terminating free accounts and please send us payment information if you want to continue. I haven't seen a thing suggesting they are charging anyone without their consent, or issuing invoices. Several people noted that an account that's a decade old isn't going to have a valid credit card on it. Yes, of course, that's why they're asking people to pay, so what's the big deal? If this is not a weird circle of mass hysteria, is there something that explains why people went ballistic? Nobody, to be clear, that I noticed, was angry specifically about losing free access and many people were saying they hadn't used the thing in years. It was all freaking out about impending fraudulent charges. There were 2 emails sent, you must have seen the screenshot from the first one only. The second one was notification that they would be charging our "prepaid accounts" the next day (Saturday Sept 17) for the next month's services. It was very much more of an invoice (breaking down what they would charge us for) than the first email. If anyone did have a credit card attached to their account, they're looking at it from the fraud angle. Everyone else is wondering if they're going to try to force some kind of debt collection because we are not going to pay, that's likely where the knives-out reactions are coming from. Doing an automatic in-place "upgrade" from a free tier to a paid account tier to years-old accounts (and without customer consent!) is a scummy move. Even if not intended to be malicious, it's an idiotic thing to do, especially business-wise. They just flushed away any good will leftover from their acquisition of the FogBugz name. The cherry on top is that any attempt to log into the account to cancel it, or to contact customer services (which requires creating a customer service account) errors out, so any of the legitimate ways one might think of using to address the situation are blocked. > If anyone did have a credit card attached to their account, they're looking at it from the fraud angle. Everyone else is wondering if they're going to try to force some kind of debt collection because we are not going to pay, that's likely where the knives-out reactions are coming from. This exactly