Security Update: Phishing Alert
On Friday 25th of April, a fraudulent email was sent to some members of our community, falsely claiming that Good & Fugly is offering a crypto promotion, including a personal BTC reward.
While the email appears to come from our admin account, we want you to know:
- This message is not from us
- We are not running any cryptocurrency promotions.
- If you clicked on any links in the message, we recommend running a malware scan and resetting your email or account password. (This is an excellent resource for knowledge and best hygiene around phishing scams.)
What We're Doing
- Continuing to investigate this phishing attempt in partnership with cybersecurity experts and our service providers
- As part of this process, we’re confirming all account credentials and thoroughly reviewing any third-party integrations that could be involved
- Reporting the incident to the Australian Cyber Security Centre (ACSC) to help raise awareness in the wider community
- We are complying with all notification obligations that apply under the Privacy Act 1988 (Cth)
Our Initial Assessment
- This incident appears to involve the unauthorised use of a third-party marketing tool used to send select marketing emails and newsletters.
- Our core systems, including customer payment information, e-commerce platforms, and internal databases, have not been compromised.
- Payments on our site are handled via secure third-party providers and remain unaffected. Therefore, you do not need to change your payment information for Good & Fugly purchases.
- No evidence at this time indicates broader unauthorised access to our customer database beyond email addresses used for newsletters.
Stay Informed Here
This page will be updated with any additional information we learn.
Questions?
Reach out to us directly at hello@goodandfugly.com.au. We’re here to help.