productcartexpert.com - Legit or Scam??

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Got the following message from 'duc@productcartexpert.com' - is this a scam (my gut tells me yes)??

Hello 'Endoscopy Support Services, Inc.',

My name is Truong Anh Duc, I am the official ProductCart developer since 2003.

I want to let you know that I found VERY SERIOUS security vulnerabilities on your store.

They are highly critical and very dangerous. With these vulnerabilities, hackers can control everything on your store, remove your files, erase your products and orders, steal your customers information, fake your store and steal money from your customers, destroy your database, shut down your store and so much more.

WARNING: I found them on all of ProductCart versions. Upgrading to new versions or using latest ProductCart files will not fix all of these vulnerabilities. I am pretty sure that the NetSource Commerce team - the ProductCart official development team cannot locate and fix all of these security vulnerabilities in a short term because I am the main part of this team and I have left. I knew they found and fixed some of them by following some of my traces when testing. But it's not all, there are many trails that hackers can use to attack your store.

I found these vulnerabilities before the Thanksgiving day 2016, but I kept them in secret because I don't want you to be in a panic about these security vulnerabilities in your important holidays: Thanksgiving day, Black Friday and Cyber Monday.

I don't release these security vulnerabilities reports, my test results, list of affected stores and their information to public yet because I want to give ProductCart store owners a chance to protect their stores and fix these vulnerabilities before hackers can find them.

Please follow the instructions below to protect your store and fix these vulnerabilities as soon as possible:
1. Back-up your store's database and your files
2. You can check your store's security test results, contact ProductCart Expert to protect your store and get the FREE security patch for your store by visiting the URL below:

http://www.productcartexpert.com/index.asp?k=UY2SJ5M9R4422I3489O73W50Y4L2N3&c=9702W06185GAAVV6YBKO8I91CP5BAV

(Please save this URL and keep it privately to check your store's security test results and its status)

You only have 24 hours before I release the ProductCart security vulnerabilities reports, list of affected stores and their information to public.

Please hurry up!!!

Also, with my experiences of ProductCart development, my skills and my knowledge of ProductCart codes, if you want to customize your ProductCart store, create new features or add-ons, fix bugs and security issues, I am the best choice for you with best services of a ProductCart official developer and lower fees. My custom ProductCart development fee is only $35usd per hour.
Thanks and best regards,

PRODUCTCART EXPERT
http://www.productcartexpert.com/index.asp?k=UY2SJ5M9R4422I3489O73W50Y4L2N3&c=9702W06185GAAVV6YBKO8I91CP5BAV

Note: I did some tests and researches on your store only, I didn't harm anything on your store. I only want to send you a security alert, let you know about my ProductCart experiences and skills, and want to help you fix these security vulnerabilities to against security threats online before it's too late.

If this is a scam, please can a REAL ProductCart official confirm this for other ProductCart users to be aware?  Thank you.

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
MGatESS Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 12-July-2006 Location: United States Status: Offline Points: 73	Post Options Post Reply Quote MGatESS Report Post Thanks(0) Quote Reply Topic: productcartexpert.com - Legit or Scam?? Posted: 01-December-2016 at 9:38am
	Got the following message from 'duc@productcartexpert.com' - is this a scam (my gut tells me yes)?? Hello 'Endoscopy Support Services, Inc.', My name is Truong Anh Duc, I am the official ProductCart developer since 2003. I want to let you know that I found VERY SERIOUS security vulnerabilities on your store. They are highly critical and very dangerous. With these vulnerabilities, hackers can control everything on your store, remove your files, erase your products and orders, steal your customers information, fake your store and steal money from your customers, destroy your database, shut down your store and so much more. WARNING: I found them on all of ProductCart versions. Upgrading to new versions or using latest ProductCart files will not fix all of these vulnerabilities. I am pretty sure that the NetSource Commerce team - the ProductCart official development team cannot locate and fix all of these security vulnerabilities in a short term because I am the main part of this team and I have left. I knew they found and fixed some of them by following some of my traces when testing. But it's not all, there are many trails that hackers can use to attack your store. I found these vulnerabilities before the Thanksgiving day 2016, but I kept them in secret because I don't want you to be in a panic about these security vulnerabilities in your important holidays: Thanksgiving day, Black Friday and Cyber Monday. I don't release these security vulnerabilities reports, my test results, list of affected stores and their information to public yet because I want to give ProductCart store owners a chance to protect their stores and fix these vulnerabilities before hackers can find them. Please follow the instructions below to protect your store and fix these vulnerabilities as soon as possible: 1. Back-up your store's database and your files 2. You can check your store's security test results, contact ProductCart Expert to protect your store and get the FREE security patch for your store by visiting the URL below: http://www.productcartexpert.com/index.asp?k=UY2SJ5M9R4422I3489O73W50Y4L2N3&c=9702W06185GAAVV6YBKO8I91CP5BAV (Please save this URL and keep it privately to check your store's security test results and its status) You only have 24 hours before I release the ProductCart security vulnerabilities reports, list of affected stores and their information to public. Please hurry up!!! Also, with my experiences of ProductCart development, my skills and my knowledge of ProductCart codes, if you want to customize your ProductCart store, create new features or add-ons, fix bugs and security issues, I am the best choice for you with best services of a ProductCart official developer and lower fees. My custom ProductCart development fee is only $35usd per hour. Thanks and best regards, PRODUCTCART EXPERT http://www.productcartexpert.com/index.asp?k=UY2SJ5M9R4422I3489O73W50Y4L2N3&c=9702W06185GAAVV6YBKO8I91CP5BAV Note: I did some tests and researches on your store only, I didn't harm anything on your store. I only want to send you a security alert, let you know about my ProductCart experiences and skills, and want to help you fix these security vulnerabilities to against security threats online before it's too late. If this is a scam, please can a REAL ProductCart official confirm this for other ProductCart users to be aware? Thank you.
	~ Mark G. ESS, Inc. - www.endoscopy.com

sbryan Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 24-August-2012 Status: Offline Points: 6	Post Options Post Reply Quote sbryan Report Post Thanks(0) Quote Reply Posted: 01-December-2016 at 10:54am
	I received the exact same message but with our site name of course. Considering the domain was registered in September 2016 and he is wanting you to pay money to "protect" your store I'd say it is probably a scam.

Greg Dinger Members Profile Send Private Message Find Members Posts Add to Buddy List Certified ProductCart Developers Joined: 23-September-2006 Location: United States Status: Offline Points: 238	Post Options Post Reply Quote Greg Dinger Report Post Thanks(0) Quote Reply Posted: 02-December-2016 at 3:01pm
	Hi guys - Matt and others at Netsource are in the midst of dealing with this, but I know some details and will share them. Netsource may want to add more details at the point that they can breathe. Duc is indeed a programmer who has been involved in the core development of the platform since 2003. He recently lost his job, and made a very foolish decision to take this "marketing approach" to attract clients to his new enterprise. Had he not made this poor choice, and instead reached out to the developers who know his work and recognize his skills, he might have been able to "write his own ticket". Unfortunately, he made a poor decision with his scare tactics, and he has caused a great amount of disruption for all involved. One of the developers has been in contact with Duc, who seems to be apologetic for his actions. He has updated his web site and appears to no longer be making the sorts of threats that are reflected in the above e-mail. It is recommended that all ProductCart users update their Master Admin User Password. Look down the SETTINGS menu in your admin and you will see that option. If you have secondary admin users, you should reset those as well (find the menu option: Manage Control Panel Users ). Also recommended is that your FTP passwords be updated. I wish Duc good fortune, but his actions have really made him somewhat untouchable at this point, at least for those I'm in contact with and have been impacted by his actions. It's a real pity... The dude is a really good programmer, but this bad judgment is going to be hard to look past.