I suspect you won't believe this, but please be assured it is true - multiple phone calls and cases with support have confirmed it, and even today we paid a qualified IT technician to assist. They spoke to Plusnet who confirmed the same.
I am trying to help a friend who originally was a freenetname customer, then madasafish and now a plusnet broadband customer.
They got a domain (theirname.co.uk) as part of signing up to freenetname 20 (yes, twenty!) years ago, which they've been using for their email address ever since.
Anyway, unfortunately 3 or 4 weeks ago they clicked on a link in a phishing email, and entered their webmail password.
Straight away we tried to change the password... the first odd thing... there's no option when you log in to webmail to change your password!
Ok, so we called PlusNet support. "No problem, we've changed it" they said.
We tried to log in to webmail with the old password... it still worked!
Several calls back and forth, support just didn't believe it at first - "We've changed it, you can't be able to log in with the old password". Well, we could! And, of course, this meant whoever had phished the password could too.
A week or so passed, and my friend received a call from someone they were talking to about selling a vehicle to through a well-known auction website.
They'd been contacted through my friend's email address and were attempting to get the buyer to send money to their (dodgy) account.
This was not a small amount of money at all, and it was only the diligence of the buyer that stopped the scam happening.
We called PlusNet again. They can't help. They literally cannot change the password on the webmail account!
With the help of the IT professional, we tried to make enquiries about changing the MX records so we could at least migrate to a new email provider. No, not possible according to support - the only option is to wait another couple of months until the domain is within 30 days of expiry, and at that point PlusNet said they'd be able to either extend or migrate it.
I've put exclamation marks in this post, but really it is no laughing matter. My friend is so worried (and rightly so) - some criminals have full access to their emails - not just seeing them but sending too. Every time they see a PlusNet advert on TV the just can't believe how they can be advertising for new business and making all these claims on TV about how great they are, and all the while allow this to happen.
It's been going on for nearly a month - can you imagine? Your only email address of two decades has been hacked, someone is actively trying to defraud you, and the provider can't help you to change the password. As I said, you probably won't believe it, but here we are.
I'm really hoping someone senior from Plusnet will pick this up and help with a solution. Thanks for reading this, it's quite a story and I hope it can have a happy ending.
Fixed! Go to the fix.
I’m really sorry to see this and thanks for posting. I’m not in the office now but my thoughts which may help:
I suspect we’ve changed the account password that’s for the default mailbox but your friend may be using an additional mailbox for their domain which we can’t manage from our side due to the way our systems are set up. However, in either case, they can change the passwords through the Madasafish portal.
How to change the account password > http://www.madasafish.com/support/billing/change_account_details/password_information/forgotten_pass...
For additional mailbox passwords > http://www.madasafish.com/support/features/domain_names/additional_mailboxes.shtml
The hosting MX records can’t be changed for a domain, again due to the way our domain control system works for a Madasafish account, but that doesn’t mean they can’t transfer it to another provider though.
They’d have to find a new registrar to register the domain which can be done anytime. All we’d need is the IPSTAG of the new registrar and we’d transfer it. They can then configure the MX records but if they’re wanting the records set to a provider that’s not the registrar, I’d recommend making sure that the new registrar allows this.
It’s also worth noting that existing emails won’t transfer over so they’ll need to back them up to local storage, like to a computer or laptop through a mail client.
If you can ask them to private message me the IPSTAG, domain name and Freenetname username/email address, I can arrange the transfer through a support ticket.
Let me know how it goes.
Re: Plusnet Webmail Password... you won't believe this...
Thank you so much for your help. We followed the steps you suggested ... and it worked! I can't tell you how pleased my friend is - this will genuinely improve their health and wellbeing after what was such a worrying and seemingly hopeless situation.
It is such a shame the various support staff we spoke to over the past few weeks weren't able to advise of this solution, but nevertheless we're so pleased to have hopefully put an end to the drama.
I will check with the IT professional how they want to proceed regarding the domain/MX records - we were told by support that the domain could ONLY be transferred out when it is within 30 days of expiring though.
Re: Plusnet Webmail Password... you won't believe this...
Thanks for getting back to me! Awesome, I'm glad to see that's sorted it for your friend now.
I'm genuinely sorry again for the stress and worry they've been through. And I hope they can rest easy now.
Apologies also once more for the incorrect advice we've given as a domain can be transferred out anytime.
Just feel free to ask your friend to private message me, or if you know the details, send me a message and I can create a support ticket he can reply to from here > https://secure.madasafish.com/contact/tickets.shtml to begin the transfer.
I'm on holiday for 6 days from tomorrow, but my colleagues should be able to pick up my private messages while I'm away.