But, thinking that the initial email seemed a tad off, I forwarded it to FIRST. They said:
Hello Kirsten,
Thank you for your email. The email below did not come from us. Information about team housing for FIRST Championship will come directly from FIRST from a @firstinspires.org domain.
Please let us know if you have any questions.
Sincerely,
FIRST® Robotics Competition Team Support
Thought I would alert the community. I don’t know who E-HUB is and if this is legit, but I’d be hesitant when entering your credit card information (the hotel-specific buttons had different forms).
I wouldn’t trust it. Look on the website. All the icons claiming to be social media accounts just go to the home page. When you hit a destination in North America and select one of the cities nothing ever happens. And same for all other “destinations.” On the booking page, you lack information and specifics about what hotel you are even signing up for. Also, may I point out that the address they claim to be housed in is occupied by other, different businesses on google maps.
Great sleuthing! In my haste to book Championship housing (it feels like a race every year!) I did not think hard about all of these items. I know now and don’t want anyone else to make my mistake.
Could you post the raw header information from the email? That might help us pinpoint where exactly the email came from.
It’s possible the email list of all registered lead mentors may have been passed to some travel/hotel partners, and said partners were a little “loose” in security.
There is a website for “exhibitorshub” with the same logo that looks like it serves large business conventions and such. Looking up the address at the top of the webpage, one finds a small building with a sports nutrition store. Google Maps shows a company at the same address that does “company registries” where one can incorporate your business for $179.
I would like to introduce you to some of the quality information on exhibitorshub.com, the website that email is coming from.
It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum The man, who is in a stable condition in hospital, has “potentially life-changing injuries” after the overnight attack in Garvagh, County Lono donderry. He was shot in the arms and legs.”What sort of men would think it is accepttable to sub ject a young girl to this level of brutality and violence?
They also have been identified as scammers on other sites.
It appears that the email was sent using MailChimp. It does appear they have a unique id embedded into every email, so I encourage everyone who was sent this email to look for the original email headers and submit them.
One can’t help but think where they sourced the email addresses for this.
Either FIRST or one of their vendors presumably was breached or sold their list – this is too on the nose to be random. Given how strict FIRST is with their data, I’d suspect it wasn’t a buy/sell situation and the most likely seems that one of their vendors was breached. I suppose it could have even been one of the Houston hotels that was breached, or some other entity associated with GRB. Curious.
I noticed that the email was “via” mailchimpapp dot net, and not mailchimp dot com. Anyone know if that’s standard for actual MailChimp routings?
Yes. That’s normal practice, however the information can be removed with proper DKIM/verification of ownership of the address. It’s not uncommon for small businesses to not do this, though they should!
It is most likely that spammers/scammers were able to get a contact list from someone they breached.
At a previous job, I got more and more solicitations from real businesses and scammers after some time because I had to correspond with a lot of suppliers. A tech writer who only corresponded with people within the company didn’t get any solicitations.
I received an email this morning from a third-party company (Exhibitors Hub LLC) advertising downtown Houston Hotel rooms for WCMP dates. World Championship is not mentioned either. The links go to a jot form with very little information. The email address they used was from our non-profit website and not from any email address we use with FIRST/FRC.
While there’s a chance the lead mentor email list leaked, I haven’t heard from many teams that they’ve received a similar email, and we did not receive this email (to my knowledge).
My best guess would be a smaller email list leaking, an individual’s email getting hacked (happened with someone in my boy scout troop like 6 years ago and I still get emails about it), or good-old-fashioned OSINT (open source intelligence).
OSINT or data purchasing seems likely to me. This is a targeted scam that appears to be associated with other large conferences. They don’t mention FIRST Champs, so it isn’t very personalized to FIRST, just to conferences in general. The sender probably finds large conferences and looks for potential attendees for those conferences. There may be some nefariously obtained data involved, but probably not as a primary source.
red flags. 