cancel
Showing results for 
Search instead for 
Did you mean: 

Message for Plusnet Security regarding my email account

Baldrick1
Hero
Posts: 3,586
Thanks: 1,542
Fixes: 99
Registered: ‎30-06-2016

Re: Message for Plusnet Security regarding my email account


@jab1 wrote:

@Baldrick1 wrote:

Either way it looks to me that the emails from @penneck are phishing so my previous advice that it's the email address and not the password that's the issue that needs addressing.


Understand what you are getting at now, but I still can't quite see why @penneck needs to change anything, and until he comes back and confirms or otherwise that he actually has that ticket on his account, we don't know the validity of those emails.


I agree that we need to hear from @penneck but if they do turn out to be phishing emails it's very much a personal decision as to whether anything needs changing.

As @Townman advises, I use different email addresses, be they not with Plusnet, for different functions. I also keep an up to data list of who has those addresses along with different account passwords for each contact, in a password safe. If I get a phishing email on any email address then I drop that address. It's a pain but in my view is better than having to constantly delete phishing emails. Fortunately to date it's only happened twice.

I have checked some personal contacts against the Have I Been Pwned database and found that around a half have their email addresses pwned. One has been leaked on 9 different occasions so heaven only knows how much dross they get!

Edit

I see that the emails were genuine. At least I have learnt more about the mysteries of Plusnet's email system from this topic. I am still struggling to understand why a ticket is raised on your account and you are advised to change your password if you receive four emails from abroad in an hour.

jab1
Hero
Posts: 3,253
Thanks: 1,041
Fixes: 19
Registered: ‎24-02-2012

Re: Message for Plusnet Security regarding my email account

@Baldrick1 Have you seen @MatthewWheeler 's response?😉

John
Baldrick1
Hero
Posts: 3,586
Thanks: 1,542
Fixes: 99
Registered: ‎30-06-2016

Re: Message for Plusnet Security regarding my email account

@jab1 

Yep, posts that cross again! Cheers.

Superuser
Superuser
Posts: 14,785
Thanks: 5,763
Fixes: 33
Registered: ‎22-08-2007

Re: Message for Plusnet Security regarding my email account


@Baldrick1 wrote:

 

If I get a phishing email on any email address then I drop that address. It's a pain but in my view is better than having to constantly delete phishing emails.

 

 


Actually I would suggest that it is pure sanity!

I use a unique email address (alias) for each organisation I communicate with.  If their system (that email address) becomes compromised, I can change that one email address and kill of the abuse without needing to change my whole email identity with everyone else.

Such a strategy also identifies who sells contact information.

Off topic: The ability to have unlimited email addresses with PlusNet's email platform is one of the things which makes it so great, compared to having a Gmail, Yahoo or Outlook single email address.  The only features missing from the Plusnet service are auto-response and auto-forwarding on a 'real' mailbox.

penneck
Rising Star
Posts: 864
Thanks: 33
Registered: ‎03-08-2007

Re: Message for Plusnet Security regarding my email account

I apologise to all but I had to go out for a few hours - I got called out to look after one of my grandchildren. That's what happens when you have retired.

Now to catch up. PlusNet have confirmed their emails were genuine, so the question now is what to do about it, if anything.

I don't see how changing any of my passwords will affect my receiving iffy emails, particularly as I use MW to check them before I download them to my pc. The sender wont need to know my passwords to send emails to me and get them that far through the system, so why do anything? Controlling who gets my email address is only good so far as people who should have it keep it to themselves.

jab1
Hero
Posts: 3,253
Thanks: 1,041
Fixes: 19
Registered: ‎24-02-2012

Re: Message for Plusnet Security regarding my email account

My advice, FWIW, @penneck , is do nothing. as you say this was incoming (presumably spam) mail that didn't even get as far as MW.

EDIT Without knowing the full context of the PN message, I'm a little confused as to why yhey are suggesting changing your password will prevent INCOMING mail.

John
Plusnet Help Team
Plusnet Help Team
Posts: 7,349
Thanks: 771
Fixes: 294
Registered: ‎01-01-2012

Re: Message for Plusnet Security regarding my email account

Thanks for getting back to us @penneck

The issue is that we've noticed your account has been logged into from 4 different foreign IP addresses hence the advice to change your password as we believe your account may be compromised

If this post resolved your issue please click the 'This fixed my problem' button
 Matthew Wheeler
 Plusnet Help Team
jab1
Hero
Posts: 3,253
Thanks: 1,041
Fixes: 19
Registered: ‎24-02-2012

Re: Message for Plusnet Security regarding my email account

@MatthewWheeler Thanks for that info - I've been barking up the wrong tree, thinking along the lines of virus/spyware carrying mail caught by the incoming AV checks.

John
Superuser
Superuser
Posts: 14,785
Thanks: 5,763
Fixes: 33
Registered: ‎22-08-2007

Re: Message for Plusnet Security regarding my email account

Folks there’s a barking up the wrong tree here. The emails are genuine - Plusnet sent them because they saw a multiplicity of logins from various overseas IP addresses. This is a legitimate security concern and the emails advising a change of ACCOUNT password if this relates to the default email address is very sensible. That action will also change the password for the default mailbox.

If it relates to loging into the smtp relay server using a secondary email account, then that email address password should should be changed.

There is some small possibility that these logins are quasi legitimate - if for example some off shore VPN provider is involved, the presented IP address could be anywhere.

Also if the user has set up some IT device or virtual service which sends email via the Plusnet relay service, such could give rise to these symptoms.

In the absence of any such sophistication one has to conclude that the userID (account name or email address) / password has become compromised. Therefore any and every service which uses the same identity and password combination is also extremely vulnerable.

You need to worry about your credentials integrity rather than the emails reporting the issue.
jab1
Hero
Posts: 3,253
Thanks: 1,041
Fixes: 19
Registered: ‎24-02-2012

Re: Message for Plusnet Security regarding my email account

I've admitted my mistake.😁

The initial post threw me, but I was coming to that conclusion myself, @Townman . Next time, I'll stay quiet until things become clearer - or stay out altogether.

John
Baldrick1
Hero
Posts: 3,586
Thanks: 1,542
Fixes: 99
Registered: ‎30-06-2016

Re: Message for Plusnet Security regarding my email account

@Townman 

I agree, we have all been going off half [-Censored-] This is what threw me:


@penneck wrote:

Last night I received a couple of identical emails, supposedly from PlusNet, that my Inbox had received at least 4 emails in an hour from foreign parts. 


If the OP read that, the account had been accessed from abroad four times then it would have thrown a completely different light on the issue.

Presumably if @penneck  is logging into the account via a VPN then this could be the cause?

 

 

penneck
Rising Star
Posts: 864
Thanks: 33
Registered: ‎03-08-2007

Re: Message for Plusnet Security regarding my email account

Sorry for the delay - that grandchild again. Have just got back. Thanks everyone for all your help and patience. Unfortunately, tomorrow is going to be worse for me having to be away - not back until about 3 pm.

Originally, all I asked was for PlusNet to confirm they had sent the emails. They have done so.

Both emails only talked about my secondary email address (assuming postmaster@etc is my primary email address - is that correct?).

As far as I know I don't use a VPN - what is a VPN?

If I change my PlusNet account password, will that solve this problem?

I understand changing the account password automatically changes any password that my postmaster address uses - is that correct?

If the postmaster address has a password, then the secondary address will have a password - is that correct?

Is there a knock-on to other places? This question doesn't include Mailwasher or Firefox - I've assumed they are affected by the above.

My PlusNet account has a third email address for my wife's emails. My Mailwasher and Firefox pick up the emails for postmaster and my secondary address onto my pc. My wife has her own pc where her Mailwasher and whatever she uses for emails picks up only those emails addressed to her. Could the problem have been caused by her email system? My pc is hard-wired to the modem, my wife's pc is connected to the same modem via the wireless link.

Plusnet Help Team
Plusnet Help Team
Posts: 1,019
Thanks: 122
Fixes: 45
Registered: ‎26-03-2018

Re: Message for Plusnet Security regarding my email account

Hi @penneck,

A VPN is a "Virtual Private Network" and can be used for a multitude of reasons, such as allowing you to connect with a foreign IP Address. In this case, as you've been unaware as to what a VPN is, the foreign IP Address logins suggest that your account may have been compromised. As such. we'd advise that you change your password as soon as possible.

If this post resolved your issue please click the 'This fixed my problem' button
 Alex H
 Plusnet Help Team
Superuser
Superuser
Posts: 14,785
Thanks: 5,763
Fixes: 33
Registered: ‎22-08-2007

Re: Message for Plusnet Security regarding my email account

@penneck 

If it is the secondary email address then only the password on that mailbox needs to be changed.  In that case the main account password (if it is different!!) does not NEED to change, though you might wish to do so.

If that is your "usual" email address which you have used to register with other services - for example Netflix, Amazon, Ebay - and you have used the SAME PASSWORD then it is IMPERATIVE that you also change the password on those service accounts as well.  This is nothing to do with Plusnet, but about protecting your other services and associated payment arrangements.

If you receive any 'unexpected' order 'issue' emails from Amazon etc, then DO NOT click links in the emails, go to the direct to their web sites direct and log into your account there.  A link in an email could be taking you to a spoofed site.

@jab1 

"Barking up the wrong tree" was not "aimed" at you … we all got focussed on the merits or otherwise of these email being scams / spam, whereas they (now being shown to be legitimate) have a more sinister portend than the emails themselves being malisicious.

If @penneck has used the one email address as their userID on a multitude of services using the SAME PASSWORD as that for the email account itself, then they may be exceedingly vulnerable to widespread fraud elsewhere.

Sorry if you felt barking up the wrong tree was aimed at you and came across as harsh - the message I wanted to convey is the risk that the email address / box issues might be the least of @penneck 's issues.  In their situation I would be worrying about where else I had used the same email address and password.

This is worth a listen - https://www.bbc.co.uk/programmes/m000bnbn - from Wednesday R4 You & Yours - An investigation into why some former Netflix users have had accounts reactivated months after cancelling.

The evidence suggests that someone's email address and password had become compromised … then the criminals use those credentials in an attempt to access the commonly used services using the same credentials … knowing that many people use one email address and one password.

The advice to make good use of PlusNet's unlimited email addresses (via catchall or aliases) and give a unique address to each company remains sound advice.

 

The monitoring of odd behaviour by PN in this profile of issue is invaluable - without it @penneck might have been totally unaware that there is a potential of an expensive issue.  There might be nothing to worry about here, but better safe rather than sorry.

Superuser
Superuser
Posts: 14,785
Thanks: 5,763
Fixes: 33
Registered: ‎22-08-2007

Re: Message for Plusnet Security regarding my email account

@penneck 

"My PlusNet account has a third email address for my wife's emails. My Mailwasher and Firefox pick up the emails for postmaster and my secondary address onto my pc. My wife has her own pc where her Mailwasher and whatever she uses for emails picks up only those emails addressed to her. Could the problem have been caused by her email system? My pc is hard-wired to the modem, my wife's pc is connected to the same modem via the wireless link."

This has nothing to do with mailwasher, your PC, you wife's PC mail box or anything like that.

Plusnet have adised you that there has been suspicious activity of your XXXX being logged into from multiple overseas IP addresses is a short timeframe.

If XXXX referes to your MAIN email account or your USER account then you need to change the password for the main account.  That will change the passoerd you use to log into the portal, your postmaster mailbox (impacts mailwasher) and the password used by your router.

If XXX refers a secondary mailbox than only that mailbox is impacted in respect of Plusnet.  However as per the above reponse if you used that email address and the same password with other service providers then they too are potentinally at risk of being abused.

I hope that clarifies things for you?