Post

3 followers Follow
0
Avatar

New phishing email

Got this email recently. I suppose the silver lining is it implies our favorite phone carrier has become mainstream enough to attract the attention of phishers.

 

Dan Goodell

Please sign in to leave a comment.

4 comments

0
Avatar

Really?? Wow, then that seems like a Ting fail on so many levels.

 

The sending mail server, the "click here" link, and the "Reset Password Link" all look totally bogus and don't look like they belong to Ting at all. I never click links in email anyway and always go directly to the website to check the legitimacy of such things, but the Ting website had absolutely no mention about this "unauthorized access" that allegedly occurred or that anything else had happened. I checked the Ting home page, the Ting blog page, my account page, and my alert page. Zilch. Nada. That led me to conclude the email wasn't legit. If it was legit, there really should have been at least a brief blurb on my alerts or a blog post mentioning, "Some people may have received an email from us, go here for more information."

 

What convinced me it was a phishing scam was that I was, in fact, *not* prompted to change my password. Since receiving the email I've routinely accessed my account online several times via both computer and my phone, and have had no problem and have not been prompted to change my password.

 

Dan Goodell 0 votes
0
Avatar

Okay, so my computer and my phone both stay logged in to Ting, so I'm not logging in every time. I manually logged out just now, and then when I tried to log back in it told me my password had expired and I had to set a new one. So I guess the email was legit, even though it didn't accurately reflect what the user experience would be.

Even so, the lack of publicly revealing the breach occurred and the non-existent information about what happened leaves me uneasy. This should have been a blog post. A failure to be open and forthright leads to an impression Ting is keeping secrets about information its customers have a right to know.

 

 

 

 

Dan Goodell 0 votes
0
Avatar

Hey guys!

 

Thanks for checking up about this before clicking links. It's always a good idea to check before :) Since you've logged out and back into your account you saw that we were, in fact, prompting people to reset some password, that's good :)

It didn't affect absolutely everyone so we only sent emails to those that needed to reset their passwords.

I think the explanation on the reddit thread (https://www.reddit.com/r/ting/comments/63hxno/password_reset_email_legit/) was a really good one. If anyone else pops in here with questions, just take a look there first and let us know if you have any other questions! :)

 

Thanks guys!

Ariel Elliott 0 votes