on 13-10-2018 05:46 PM - last edited on 13-10-2018 06:25 PM by Gondola
Can I ask, is this discussion about the "scam mail" currently doing the rounds alledging to have broken into the user's pipex account and using that to then infect said computer with spyware.
If it is, I had one this morning, very bad English and if I say so myself, not very well put together, it came over as some sort of kid's prank, I just trashed it.
I haven't noticed any unusual account activity at my end, and I would expect Talk Talk constantly monitor connections as well so if the server was being accessed from another (unexpected) location alarm bells would ring and someone would inform the account holder.
Anyhow, have a good day.
ps. Forgot to ask, I take it TalkTalk haven't experienced another breach of security recently.
on 18-10-2018 11:39 AM
I'm sorry this is still outstanding I've sent a chaser and hopefully you'll get a call today.
on 16-10-2018 07:22 PM
I'm sure I have changed my password in the past, and it was OK on both addresses. Interesting that it seems to be harder to do so now.
Yes, I can remember being able to change mine a while back as well, not sure if this ability still exists for other TT customers and we are the odd ones out, if we are it could be something to do with the "different" equipment "Ex Pipex customers" appear to be on at the moment.
I just can't remember that far back when I did make the last change (think it was the last big TT data breach so that puts it 2 yrs ago), and which ever address I chose to change I believe both got updated, but it would be nice to get this confirmed.
If I don't get a response I will start a new topic asking such a question, because I've read previously some that changed passwords had issues connecting thereafter, and that might be due to the fact your first alias gets out of sync with your default address (but that's pure guess work).
16-10-2018 04:39 PM - edited 16-10-2018 04:41 PM
I can’t say I have seen that “flash” message type behaviour, but someone else that has may respond shortly.
With respect to changing mail password, I tried via My Account and wasn’t able to do it, the mail addresses that have “change password” against them just seemed to change the My Account password only.
Not sure if this is just a “Pipex” thing or additional security for every TalkTalk customer, but if it’s the latter I would suggest TT need to update information on their web site, because it still states the user can do this.
One area I’m concerned about before asking for my mail password to be changed is how does the process affect to two or more addresses, the original Pipex issued one (containing numbers and letters) and the easier to remember one created by the user (mine has my name in front of the domain name, or whatever you call it), if they are changed together then great, if not what happens!
on 16-10-2018 04:10 PM
Noticed something odd in my pipex email this afternoon. A message popped up briefly as if I had received an e-mail, showing my webmail address with the message "does this work.". I checked my inbox and there was nothing there, checked my sent messages nothing there, checked my webmail and couldn't see anything there. Has anyone else experienced anything like this? I wondered if it was anything to do with the troubles we have been having recently.
If I want to change my e-mail password can I do this onlineor does someone at Talk Talk have to do it for me?
on 14-10-2018 12:22 AM
@SiHancox wrote: these so called "Hacks" are just "Fake Hacking". Is that the long and short of it?
The long and the short is exactly it! Perfectly perceptive of you. Why do you think the TalkTalk email system resets hundreds of password each week? Because they're too short to be of any use against hackers. So, inevitably some pipex email accounts with short (weak) passwords are going to have been vulnerable to hacking.
As the security experts have confirmed, the claim made in the blackmail email being circulated to have hacked into an account is likely fake, the claim to have sent the email from the user account is likely fake, the customer can confirm if the password in the email is accurate or not and most confirm fake (but that depends on their use of passwords) and we don't need to know about the claims made in the blackmail attempt because the whole point of the scam is to scare people into paying the blackmail money!
And don't be fooled into thinking that an ultra-strong unique password for your pipex account is good enough...it isn't...your entire security regime needs to be watertight as well.
For example, not protecting against keyloggers and not using VPN security when using insecure hotspots and not guarding keystrokes from being observed can all lead to your ultra-strong unique password and account being compromised.
As I said... We're all staying on guard, as ever.
13-10-2018 09:11 PM - edited 13-10-2018 09:13 PM
...It looks like 'blackmail' scammers have harvested and collected together pipex email addresses and passwords from other websites. Inevitably some passwords being quoted in scam emails have been similar to and a few even the same as pipex email account passwords. Passwords do get repeated despite advice to make passwords ultra-strong and unique and never before used anywhere...
Thanks for the update.
So just to confirm, if you employ a unique password for Pipex Mail that's never been used as a password for any other site, and TalkTalk haven't had a breach of security (they haven'nt, have they?), then these so called "Hacks" are just "Fake Hacking".
Is that the long and short of it?
13-10-2018 06:56 PM - edited 13-10-2018 06:58 PM
On 3 October I'd noted and alerted a spike in reports of suspected pipex account hacking. Ady and the security team have confirmed spoofing of the email address, not email account hacking.
You are quite right to be aware of the possibility that any email, whether a blackmail email, a fake hacking email or an email spoofing the address of a friend could contain a malware payload. Being alert to the possibility and having effective security and real time scanning is essential.
It looks like 'blackmail' scammers have harvested and collected together pipex email addresses and passwords from other websites. Inevitably some passwords being quoted in scam emails have been similar to and a few even the same as pipex email account passwords. Passwords do get repeated despite advice to make passwords ultra-strong and unique and never before used anywhere.
Deleting a scam email, not clicking any links, is great advice but if you've received a phishing / blackmail email, please report it by following the steps in the reporting guide.
We're all staying on guard, as ever. Ady is on holiday leave but I'm sure will respond on his return.
on 13-10-2018 06:40 PM
Hi, I can confirm no password or user name was detailed (on the one I received anyhow), in fact it was very vague and childish, almost prankish.
Thanks for reminding me of GDPR, I've asked Ady if TalkTalk have noticed any unusual activity but I would expect if they had we wouldn't by now still have access to the server.
It's times like this that you are glad you chose a difficult, mixed letter/digit/symbol password unique to just Mail!
on 13-10-2018 05:58 PM