Is this a Scam? (BMFA)

[Martin Harris - Moderator]

Sorry if I’m being a bit slow on the uptake but I think what people need to know is as a club member who paid their CAA OP ID renewal fee via their club to have it processed by the BMFA, do they have to take any action within 28 days of the current expiry date or will the BMFA system pick it up automatically and submit their applications?

[Andy Symons - BMFA]

They will be submitted automatically once within 28 days.

[Rich Griff]

When I renewed bmfa membership just before new year, I was told that a caa reminder would be sent via email. My RCC ( not needed due to certificates ) does not expire for a few years but I checked anyway. I took the RCC last year, it was it the one before. I will of course re read all current regs etc., any update being in bmfa mag due shortly....refresh....

 

Much better safe than sorry.

[GONZO]

My scam email was slightly different. It looked the same but claimed to originate from the Delyn club treasurer. Nothing looked untoward when I passed my cursor over the email so I opened it. It wanted me to sign in to my Microsoft acct, WHICH I DONT HAVE. Last Friday I went to the club meeting and others had had one or the other of these emails. The club denied any responsibility and that the treasurers email address book had been hacked. 

This Monday I contacted the BMFA and was told that it was Helen Feaver who had had her email address book hacked. I further enquired if there was any knowledge concerning the consequences from this scam email. There was not. I was given Andy Symons telephone number as he was dealing with the IT people. I have tried repeatedly to get more info and contact Andy with no success.

I have three current accounts with a rather large total of money held. I am loath to engage in any on line banking, although it's becoming urgent that I do, until I have some reassurance. My concern it heightened due to the fact that my wife has had her identity stolen three times causing considerable problems. All occasions were caused by large organisations having their data base hacked, like the current situation I find myself in.

I have received no explanatory email from the BMFA, I can get no explanation from them. IMO they should have protected the data better (data protection act?) and at least provide full and detailed information to those affected.

A most unsatisfactory state of affairs.

[Andy Stephenson]

The rule I use is to float the mouse cursor over any links posted in an email (you may not be able to do this on phone or tablet) and look at the link's real address, usually exposed at the bottom left of the browser. If it looks nothing like or even slightly different to where it's purporting to come from, then I ignore it. This was the case with the "Helen Feaver" email.

[GONZO]

That's all well and good, but I didn't notice anything.

But there has been little back up/info/advice from the BMFA concerning the consequences of this scam. What were the scammers after, have they downloaded some malware/key logger/etc?

I have three separate malware programs and have done full scans with them all, nothing found. But that doesn't mean there is nothing. Just nothing that match's their data base.

I checked two of my accounts via a cash point last Friday and they were OK. Since then it's not been possible to get to it, bit of snow and ice about and I live on a hill.

[Denis Watkins]

With the address book hack Gonzo, it is just a list of emails that the hack can contact.

From there, it depends what you do with their email, you download parts or you contact them.

If you do none of those things, then nothing will happen.

They cannot possibly get your bank from an email address alone.