Scammer? Bitdefender leaking e-mail addresses?

Hello,

Today I have received an email coming from marketing@softsecurepro.com. The email subject is "Bitdefender-New Year, New Security! Secure yourself for 3 years". The content itself promotes Total Security and asks me to click a few links.

Assuming it is not an official email coming from Bitdefender, two details are very relevant in this case:

  1. The email address I use on Bitdefender is exclusive and not trivial to guess! I can firmly assure that my email address was NEVER used anywhere else nor shared with anyone else. Only me, a famous and trusted e-mail provider, and Bitdefender knows this email address.
  2. The exact moment I received the email notification, Bitdefender app triggered a scam alert on the screen.

Now, what concerns me the most is the following: how the hell this scammer got the email address I use on Bitdefender and knows I use Total Security?

It is important to note that I have been using unique email addresses for important accounts for a long time and this is the first time something like this happens.

Again, I am assuming here that this is not an official email coming from Bitdefender.

Answers

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    I believe that @Alexandru_BD, who works for Bitdefender, can answer your questions and help you with the issue.

    Regards.

  • Alexandru_BD
    Alexandru_BD admin
    edited January 29

    Hello,

    We've seen two similar reports on the forum in the past:

    Definitely not an email from Bitdefender and I strongly advise against responding to that.

    Regarding your question, how did they get your email address, I can't comment on that. What I can tell you is that Bitdefender does not leak email addresses. Bitdefender offers data security solutions and services. Their goal is to ensure information and network security by providing quality solutions and services in these areas while also respecting privacy and personal data of customers, Internet users and business partners.

    You can use this link to check if the email address was leaked from other sources at some point:

    https://haveibeenpwned.com/

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • I think we can only assume the possible ways in which your email address might have ended up in the wrong hands, even if you only ever used that address for a single account and never shared it publicly.

    Some spammers or bad actors use automated tools to generate or “guess” email addresses. They might systematically try common names or patterns, (e.g., firstname.lastname@domain.com). If your address is guessable, it can end up on spam or phishing lists. Also, even if the spammer has no idea which services you use, they might send brand-specific phishing emails to millions of addresses by automatic means, hoping some portion of the recipients use the impersonated service.

    The reality here is that scammers do not always know which company each target uses; and they send blanket phishing emails for major brands to vast lists. Because big companies have so many customers, the odds are good that at least some recipients will indeed have an account and fall for the scam. 😉

    Premium Security & Bitdefender Endpoint Security Tools user

  • Regarding the method used by criminals that involve sending brand-specific phishing emails to millions of addresses hoping to reach a few users of the service: it is very unlikely to be the case for the reason that follows.

    This method also involves millions of addresses receiving emails for services they don't use, right? The only way scammers using this method can reach real users of the service is sending fake emails also to many people that also don't use the service.

    As I have stated above, this is the first time something like this happens to me ever since I began using exclusive email addresses. What are the odds that the very first scam email randomly sent to me guesses the exact email address I use for Bitdefender and also that this email is used on Bitdefender? Statistically speaking, I should have received many other scam emails for other services on any other of my email addresses. That didn't happen.

    The email address itself is not easily guessable for the reasons: it is a personal custom domain that only I use, it is not a domain I use for all services I sign up for, and the address itself is not so easily guessable if some of my other email addresses leaked, because even though it has a simpler format, the addresses I use for other sites are more complex.

    No pwnage found at Have I Been Pwned.

  • To add here, Bitdefender already blocks the website from which you received the email.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Alexandru_BD
    Alexandru_BD admin
    edited January 30

    Then it's a guessing game, really. 'Have I Been Pwned' is a database of information gathered from publicly known data breaches. This collects these leaked data sets (only publicly available ones or those provided by reliable sources) and consolidates them into the Have I Been Pwned database. If your email address doesn't appear as leaked, then chances are it isn't.

    I have one more question here: did you initially purchase Bitdefender from the official website, from a reseller or marketplace?

    Premium Security & Bitdefender Endpoint Security Tools user

  • Timothy M.
    edited February 16

    Hey @Alexandru_BD , just wanted to chime in and say that I just got one of these myself the other day. It had the exact same wording and visuals as the top one that you listed, though the email URL it was sent from was different.

    I double-checked my email on haveibeenpwned and it wasn't listed in any (known) breaches or pastes, so I'm not sure what the deal is either. However, like others have mentioned, it did coincide with the renewal of my Bitdefender subscription, which makes me a bit suspicious. (In my case however, the email came after my subscription had already been auto-renewed.)

    How would scammers have an idea of what our subscription renewal times are, let alone that we're using Bitdefender in the first place? Could this potentially be an indicator of something being compromised on 2Checkout's end or am I jumping to conclusions?

    *EDIT*

    Forgot to mention; my license was bought directly through the Bitdefender store, not a third-party.

  • Rtp
    Rtp
    edited February 17

    I always purchased it from the official website. Received the fraudulent email short after renewing my subscription, just like the person above.

    Edit: I contacted support and they asked me the fraudulent email in .eml format, but it would not be useful in this case due to my email setup: it first passes through an intermediary (owned by same company as my email provider) which E2E encrypt it and then forwards it to its final destination.