cancel
Showing results for 
Search instead for 
Did you mean: 

Is this genuine?

frankleebrain
Newbie
Posts: 3
Registered: ‎24-08-2020

Is this genuine?

Had problems receiving email earlier today, both MS Outlook and Webmail suggested my logon details were incorrect.  Had no problems yesterday and changed nothing in the interim.  Contacted Plusnet and they reset something and bingo problem solved.  Having then checked my mail I found one proporting to be from Plusnet, copy of text below in italics.  I've been getting a whole bunch of spam mails in the last few days, really obviously spam but not filtered by Plusnet, and now this one.  Probably coincidence but just thought I'd see if anyone else has received anything like this.  Looks a complete bag of cack to me, do the Plusnet Abuse Team even exist?

Thanks.

 

During the Monitoring of our email platform, we noticed a number of emails are being sent from either a remote IP or local IP address using your account login credentials.

 

These mails were identified as unsolicited by our spam filtering software and were brought to our attention, we then sanity checked the source IP address, Subject Line, the From and To addresses and content. Based on these factors, we believe it's quite possible your log-in credentials have been compromised.

 

The most probable reason is an insecure or weak password, possibly plain text which could have been obtained by a local virus/keylogger or brute-forced using normal dictionary words.

 

We suggest you now perform an audit of all passwords and sensitive information that may have been accessible from keyloggers etc and perform a full security audit & Virus/malware scan of any Pc's connected to your network.

 

Once you have taken action, please contact us to arrange for a new strong (cryptic) password to be applied to your account, please use upper / lower case characters and numbers or special characters mixed.

 

Alternatively, if you are confident you have secured all your local network/computers, you can update your account password with a more secure cryptic password via your customer portal. https://portal.plus.net/my.html?action=change_password&s=0

 

Please note once you make these changes you will need to update any mail software which uses the password your changing to reflect the new password. If the password you are changing is your default password for your account and if you use our broadband service and you are not using a Plusnet supplied router, You will need to update the authentication details in your broadband router configuration to reflect the changes made.

 

Before making these changes we recommend you familiarise yourself with Plusnet supplied routers here:-  http://www.plus.net/support/broadband/hardware/

 

If you are unsure how to change your email configuration, please see our help guides here:- http://www.plus.net/support/email/index.shtml

 

Alternatively, if you require support on this matter, please do not hesitate to contact us. https://www.plus.net/home-broadband/contact/

 

[-=Internal=-]

The main account password requires updating to a secure cryptic password.

 

If the customer had a cryptic password previously, this would suggest local keylogger/viral activity, please ensure an audit is done prior to changing the password.

 

Kind Regards,

 

Plusnet Abuse Team

 

This email has been sent as it contains important information about your service from Plusnet. Please do not reply to this email, as this is an unmonitored address.

 

PlusNet PLC Registered Office: The Balance, 2 Pinfold Street, Sheffield, S1 2GU. Registered in England no: 3279013

5 REPLIES 5
jab1
Aspiring Legend
Posts: 11,244
Thanks: 3,686
Fixes: 136
Registered: ‎24-02-2012

Re: Is this genuine?

@frankleebrain That email is genuine, and I would suggest you take note of any action it asks of you - to avoid any future problems.

John
frankleebrain
Newbie
Posts: 3
Registered: ‎24-08-2020

Re: Is this genuine?

Thanks JAB1.  So many convincing scammers about nowadays you just can't be sure what is and isn't the real thing. 

Townman
Superuser
Superuser
Posts: 19,716
Thanks: 8,043
Fixes: 94
Registered: ‎22-08-2007

Re: Is this genuine?

Reset email password

Which ISP are you with, Plusnet or one of the other / legacy vISPs?

If you are not able to login to the email address using webmail, then it is likely that your email address has been identified as being compromised and has has its password changed. Where email address passwords have been changed to protect the integrity of the service, the account password is left unchanged.

Plusnet / Force9 / FreeOnline users can only change the password on the DEFAULT email address by changing the password on the user ACCOUNT through the user portal. You can change the password on a secondary mailbox using the Manage My Mail options in the user portal.

Brightview users (Madasafish / FreeNetName / GlobalNet / IC24 / ICScotland / Dialstart / Totalise) logging into webmail should use their full email address. Use the MAAF user portal to update the password on the default email address (change the account password) and use this MAAF guide to change the password on a secondary mailbox address. If you cannot recall the account password, you will need to contact support ... because the account password change process sends an email to the mailbox you cannot now access.

DO NOT USE THE SAME PASSWORD AGAIN for that would allow the continued exploitation of the account. The new password should be cryptic and not one used before.

Note that changing the account password will change the password used for logging on to the relevant user portal. If your email service is NOT a retained legacy service (one associated with a retired internet service account), then the password required by the router to connect to the internet will be changed too. If the router is a Hub Zero or a Hub One supplied by Plusnet it should update automatically. If not, you will need to log into the router, drop the connection, change the password yourself and reconnect.

On the assumption that the email address password has been compromised, I strongly recommend that wherever you have used that email address / password combination as access credentials to services such as Amazon, Netflix, eBay etc., that you also change the passwords on those service as well.

 

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

frankleebrain
Newbie
Posts: 3
Registered: ‎24-08-2020

Re: Is this genuine?

Thanks for your informative reply Townman.

I'm with Plusnet.  Initially spoke to Tech Support on Monday, they refreshed my email and it sprung back into life.   I followed the advice in a mail they'd sent me and all seemed fine.  However, despite changing my password, three days later the exact same thing happened again and I had to ring Tech Support for a 2nd time on Thursday.  Presently my email is still working.

The fact it has happened a 2nd time, despite changing my password to something totally random, is all a bit worrying.  Makes me think my laptop is the problem.  I'm not really helping myself here actually as it's nearly 10 years old and still running Windows 7!  On the plus side though I'd never used the original mail\password combo on anything remotely important.

jab1
Aspiring Legend
Posts: 11,244
Thanks: 3,686
Fixes: 136
Registered: ‎24-02-2012

Re: Is this genuine?

@frankleebrain Although your machine is running an unsupported OS, that in itself should not have this effect. I suspect you either have no antivirus protection, or you have a keylogger installed which is intercepting your passwords &c.

I would suggest ensuring you have an active AV program running, and you also download and install and run Malwarebytes from this location ONLY: - https://www.malwarebytes.com/mwb-download/

John