Thailand Pass Scam

[tpbon]

I just received an email supposedly from Thailand Pass that said “ There is a problem related to the request, please download the attachment and update the information” It also said it must be downloaded to a PC, not a cell phone. Sounds fishy. I then received a line message from. AQ.in.th warning of a scam. The message referred to the exact email I received. 
I just returned to Thailand a month ago and had used the Thailand Pass. Beware.
Not sure what forum to use but this needs to get out.

 

 

 

[tpbon]

This what I received.

[mnomad]

In other words, another predictable data leak sweeped under the rug

[tpbon]

2 minutes ago, mnomad said:

In other words, another predictable data leak sweeped under the rug

I don’t know about swept under the rug. I was informed.

[anchadian]

WARNING: It looks like the Thailand Pass email database has been hacked and is sending out spoof emails with a link that sends people to a malware site after they click on “download”. Everyone is getting the same QR Code for a Mr Hongkam. Please share this news with others

 

https://twitter.com/RichardBarrow/status/1486930524736135168

[FritsSikkink]

48 minutes ago, mnomad said:

In other words, another predictable data leak sweeped under the rug

He was informed, don't talk nonsense.

[poohy]

Phew thank god Barrow the brown nose is on the case  

[ezzra]

We are inundated with daily scams, hustles and fraud all around us as our "smart" devices become a tool for the fraudsters to get in and try their luck specially since the pandemic started as those guys sit home and think of ways to swindle people...

[mnomad]

24 minutes ago, FritsSikkink said:

He was informed, don't talk nonsense.

He was informed by aq.in.th - is that anything to do with Thailand Pass?

[FritsSikkink]

11 minutes ago, mnomad said:

He was informed by aq.in.th - is that anything to do with Thailand Pass?

Yes

[internationalism]

The foreign ministry doesnt take responsibility for this hack or wmail leak and blame users for visiting spoof websites (claiming to be thailand pass).

The outdated free software the ministry is using for thailand pass was discontinued in 2014 because of week security. 

[Enoon]

On 1/28/2022 at 1:47 PM, mnomad said:

He was informed by aq.in.th - is that anything to do with Thailand Pass?

Aq.in.th is a Quarantine/T&G hotel booking agency, they have an assosciate company that will submit TP applications on your behalf.

 

They did mine.

 

 

 

 

Edited January 29, 2022 by Enoon

[wprime]

12 hours ago, internationalism said:

The foreign ministry doesnt take responsibility for this hack or wmail leak and blame users for visiting spoof websites (claiming to be thailand pass).

The outdated free software the ministry is using for thailand pass was discontinued in 2014 because of week security. 

I use a wildcard email system to trace leaks and can confirm the official Thailand Pass is responsible for leaking the email addresses.

[kennw]

On 1/28/2022 at 12:25 PM, tpbon said:

This what I received.

Yes I got the same as an email to my computer. I returned about 2 weeks ago with a valid Thai pass so it sounded fishy to me so I deleted it without opening it

[internationalism]

8 minutes ago, wprime said:

I use a wildcard email system to trace leaks and can confirm the official Thailand Pass is responsible for leaking the email addresses.

They had time since 22.12 (as they promised to) to upgrade their software and solve multiple serious problems, including security. 
they did nothing in over a month and now are hit at the worst possible time, just before launching the 2 T@G

[Bangkok Barry]

On 1/28/2022 at 1:21 PM, FritsSikkink said:

He was informed, don't talk nonsense.

You miss the point. The Thailand Pass system has been hacked and the authorities are, again and as usual, shutting the stable door after the horse has bolted by informing people there is a problem. If the government hadn't screwed up, again and as usual, there would be no need to inform anyone of anything.

[sandyf]

14 hours ago, Bangkok Barry said:

You miss the point. The Thailand Pass system has been hacked and the authorities are, again and as usual, shutting the stable door after the horse has bolted by informing people there is a problem. If the government hadn't screwed up, again and as usual, there would be no need to inform anyone of anything.

No government gets things right all the time, and even more so those with limited resources. Why would any government see issues regarding visitors to the country to be of particularly high importance. I can only assume that those complaining have had little to do with UK immigration and their farcical procedure to visit the UK.

If people do not like the way that Thailand does things, there are nearly 200 other countries to choose from. 

They acknowledged the problem so it really is a case of live with it and move on.

[mancub]

47 minutes ago, sandyf said:

Why would any government see issues regarding visitors to the country to be of particularly high importance

Indeed so, especially one of "limited resources" for whom tourism accounts (directly or otherwise) for a mere 20% of GDP !

[FritsSikkink]

15 hours ago, Bangkok Barry said:

You miss the point. The Thailand Pass system has been hacked and the authorities are, again and as usual, shutting the stable door after the horse has bolted by informing people there is a problem. If the government hadn't screwed up, again and as usual, there would be no need to inform anyone of anything.

Government IT systems are hacked all the time all over the world.

[jomtienisgood]

On 1/28/2022 at 12:39 PM, anchadian said:

WARNING: It looks like the Thailand Pass email database has been hacked and is sending out spoof emails with a link that sends people to a malware site after they click on “download”. Everyone is getting the same QR Code for a Mr Hongkam. Please share this news with others

 

https://twitter.com/RichardBarrow/status/1486930524736135168

55555. Why doesn't it have a link to Femaleware?? Sexist hackers....

[Puccini]

On 1/28/2022 at 7:21 AM, FritsSikkink said:

He was informed, don't talk nonsense.

The OP was informed by "TP.in.th (VIP SERVICES)", apparently via a messaging application the name of which this OP has not mentioned, and had an exchange of messages with TP.in.th on that app.

 

The official Thai government agency for the Thailand Pass accepts applications exclusively via the website tp.consular.go.th.

 

Therefore, I am inclined to assume that the OP used the services of TP.in.th for his Thailand Pass application and that it was the database of TP.in.th that was hacked, not the database of tp.consular.go.th

 

The design of the website TP.in.th, as per screenshot of a Twitter message posted in this thread,  may have given some people the wrong impression this was it was the site of the official government agency issuing the Thailand Pass. From what I see, the URL TP.in.th now redirects users to asq.in.th/thailand-pass, which is of course again not the website of the government agency dealing with the Thailand Pass.

[Puccini]

The details of the domain registration for TP.in.th and for its successor asq.in.th are as follows:

 

Source: https://www.whois.com/whois/tp.in.th

 

Source: https://www.whois.com/whois/asq.in.th

 

With both Whois entries, the penultimate line is truncated (bad coding?). The full text is as follows:

Quote

If you have a legitimate interest in viewing the non-public WHOIS details, send your request and the reasons for your request to @thnic.co.th and specify the domain name in the subject line. We will review that request and may ask for supporting documentation and explanation.

 

[Puccini]

https://tp.consular.go.th, which is the official government website for the Thailand Pass, now has the following notice on its website:

 

[thisisrascal]

11 hours ago, Puccini said:

The OP was informed by "TP.in.th (VIP SERVICES)", apparently via a messaging application the name of which this OP has not mentioned, and had an exchange of messages with TP.in.th on that app.

 

The official Thai government agency for the Thailand Pass accepts applications exclusively via the website tp.consular.go.th.

 

Therefore, I am inclined to assume that the OP used the services of TP.in.th for his Thailand Pass application and that it was the database of TP.in.th that was hacked, not the database of tp.consular.go.th

 

The design of the website TP.in.th, as per screenshot of a Twitter message posted in this thread,  may have given some people the wrong impression this was it was the site of the official government agency issuing the Thailand Pass. From what I see, the URL TP.in.th now redirects users to asq.in.th/thailand-pass, which is of course again not the website of the government agency dealing with the Thailand Pass.

I received the same spam email and have only used http://tp.consular.go.th/

[tpbon]

On 1/31/2022 at 2:27 AM, Puccini said:

The OP was informed by "TP.in.th (VIP SERVICES)", apparently via a messaging application the name of which this OP has not mentioned, and had an exchange of messages with TP.in.th on that app.

 

The official Thai government agency for the Thailand Pass accepts applications exclusively via the website tp.consular.go.th.

 

Therefore, I am inclined to assume that the OP used the services of TP.in.th for his Thailand Pass application and that it was the database of TP.in.th that was hacked, not the database of tp.consular.go.th

 

The design of the website TP.in.th, as per screenshot of a Twitter message posted in this thread,  may have given some people the wrong impression this was it was the site of the official government agency issuing the Thailand Pass. From what I see, the URL TP.in.th now redirects users to asq.in.th/thailand-pass, which is of course again not the website of the government agency dealing with the Thailand Pass.

If by “OP” you mean me, no I did not use their services. I filled out the information in Thai Pass on my own,, 

[fdsa]

A modest reminder on the quality of the local government websites:

 

[Puccini]

11 hours ago, tpbon said:

If by “OP” you mean me, no I did not use their services. I filled out the information in Thai Pass on my own,, 

This makes one wonder how TP.in.th (VIP SERVICE) got gold of the contact details of applicants for the Thailand Pass. Something does not add up.

[tpbon]

I’m thinking it may have been through the hotel I booked with. As soon as I booked I got the line message offering to help with the pass. I still get messages from them and I have to say they are very informative.

[internationalism]

41 minutes ago, tpbon said:

I’m thinking it may have been through the hotel I booked with. As soon as I booked I got the line message offering to help with the pass. I still get messages from them and I have to say they are very informative.

You booked through a commercial website, which company also do thai visas. 
They are not a source of this leak. You can opt in or out from their mailing list. Yes, they are fast and efficient. It is them who first reported this leak from the T&G site

Edited February 2, 2022 by internationalism

[internationalism]

This scam is ongoing.
I got emails from them yesterday and today. Same content. 
 

would be interesting to know if the site was upgraded to be secure or still leaking to spider nets. 
i am afraid that hackers still have access after that time. Possibly found a new entry gate