Be careful of new Spam email sent to IAA members

If you got an email that looks like this do not click the link in it or open it.

Also, let me know if you did get this email.

1 Like

Hi Aaron,

I got it also. It didn’t look right, so I came here to see if there was any discussion and saw your post.

Thank you for letting us know.


To what end? I don’t see why anyone would want to attack the forum with spam, it’s not like we have connected bank accounts or CCs to it. Stupid spammer/scammers.

I have not looked at their application, nor will I open it under any circumstances. However, it probably includes the usual personal information. That is one “end” for doing what they want. Another could well be simply that the spam is created by an anti-gun extremist or extremist organization. of which the left in America has an abundance of. Their normal tactics would not preclude “spamming” a pro-gun site. things like that are just part of the program for them.


Most probably it is not just spam but the attempt to hijack the user’s computer. The current modus operandi of professional hacker groups like Emotep is:

  • the click on the link downloads a word document
  • then the word document shows a message like “The document contains macros for full display. Please activate macros on you computer, otherwise you cannot see what it is.”
  • If one does that, he is doomed. It effectively opens up the computer for the attackers to install malware as they please, for example software that encrypts all data or makes the computer part of a botnet, using it as a tool for attacking other computers.

Peelen - thanks for the technical description.


I’m hoping that not many people got it.

Mine actually went into spam so I would’ve never seen it if someone didn’t bring it to my attention.

I’m hoping that no one shared their membership directory somewhere online where some kind of bot scraped it.

Anyway, I actually clicked the link to see what would happen and it’s not a file or anything it is a website that pops up a spammy pop-up that tries to get you to install something.

Didn’t get it (nor was it in my SPAM filter). For me, the wording was a clear clue that this was not legitimate. Most of these have ‘interesting’ uses of English, which should set off the alarm bells.

One of the big risks is when people have their browsers set to remember passwords, or worse, credit card details. That is when some serious mischief can be done. The other stems from the risk associated with using the same password for email and for other accounts. If they can trick you into resubmitting the password for the forum (and that happens to be the same password for your email) then they can take ownership of your email account and in turn, take over your PayPal account and others.

Most sites use your email address as your unique identifier. Scammers know this, which is why your email address and password are very valuable. Once they have this, they can change the password to any of your linked accounts, using the “forgotten password” feature.

If you haven’t already done so, set up two step verification for any accounts that you have that have access to money (or other sensitive info). This adds an additional level of protection where the web site requires an additional pin code to be entered, which they send to your mobile phone. They also send you alerts to your phone if passwords or key info has been changed.

Aaron is quite careful when he sends out his emails, so here is something easy to remember:

The IAA will not send you any “Click this link” emails. We will say, “go to our site and do this…”
It’s the simplest way to tell if any email (even with our logo) is fake or not.

Why this was done & what was to be accomplished is a mystery.

Take your time, be vigilant!

Dwight Jackson
Editor, IAA Journal