email support

Ask us about your TalkTalk email account and Webmail.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Another Pipex email hack

SiHancox
Super Duper Contributor
Message 13 of 13

@Ady-TalkTalk

 

Hi Ady,

 

Can I ask, is this discussion about the "scam mail" currently doing the rounds alledging to have broken into the user's pipex account and using that to then infect said computer with spyware.

 

If it is, I had one this morning, very bad English and if I say so myself, not very well put together, it came over as some sort of kid's prank, I just trashed it.

 

I haven't noticed any unusual account activity at my end, and I would expect Talk Talk constantly monitor connections as well so if the server was being accessed from another (unexpected) location alarm bells would ring and someone would inform the account holder.

 

Anyhow, have a good day.

 

ps. Forgot to ask, I take it TalkTalk haven't experienced another breach of security recently.

0 Likes
12 REPLIES 12

Ady-TalkTalk
Support Team
Message 1 of 13

I'm sorry this is still outstanding I've sent a chaser and hopefully you'll get a call today. 


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


0 Likes

SiHancox
Super Duper Contributor
Message 2 of 13

@Pianist2 wrote:

I'm sure I have changed my password in the past, and it was OK on both addresses. Interesting that it seems to be harder to do so now.


Yes, I can remember being able to change mine a while back as well, not sure if this ability still exists for other TT customers and we are the odd ones out, if we are it could be something to do with the "different" equipment "Ex Pipex customers" appear to be on at the moment.

 

I just can't remember that far back when I did make the last change (think it was the last big TT data breach so that puts it 2 yrs ago), and which ever address I chose to change I believe both got updated, but it would be nice to get this confirmed.

 

If I don't get a response I will start a new topic asking such a question, because I've read previously some that changed passwords had issues connecting thereafter, and that might be due to the fact your first alias gets out of sync with your default address (but that's pure guess work).

0 Likes

Message 3 of 13

I'm sure I have changed my password in the past, and it was OK on both addresses. Interesting that it seems to be harder to do so now.

0 Likes

SiHancox
Super Duper Contributor
Message 4 of 13

@Pianist2

 

I can’t say I have seen that “flash” message type behaviour, but someone else that has may respond shortly.

 

With respect to changing mail password, I tried via My Account and wasn’t able to do it, the mail addresses that have “change password” against them just seemed to change the My Account password only.

 

Not sure if this is just a “Pipex” thing or additional security for every TalkTalk customer, but if it’s the latter I would suggest TT need to update information on their web site, because it still states the user can do this.

 

One area I’m concerned about before asking for my mail password to be changed is how does the process affect to two or more addresses, the original Pipex issued one (containing numbers and letters) and the easier to remember one created by the user (mine has my name in front of the domain name, or whatever you call it), if they are changed together then great, if not what happens!

0 Likes

Pianist2
Whizz Kid
Message 5 of 13

Noticed something odd in my pipex email this afternoon. A message popped up briefly as if I had received an e-mail, showing my webmail address with the message "does this work.". I checked my inbox and there was nothing there, checked my sent messages nothing there, checked my webmail and couldn't see anything there. Has anyone else experienced anything like this? I wondered if it was anything to do with the troubles we have been having recently.

 

If I want to change my e-mail password can I do this onlineor does someone at Talk Talk have to do it for me?

0 Likes

SiHancox
Super Duper Contributor
Message 6 of 13

Thanks again for the response @Gondola

0 Likes

Message 7 of 13

Hi @SiHancox

 


@SiHancox wrote: these so called "Hacks" are just "Fake Hacking". Is that the long and short of it?

The long and the short is exactly it!  Perfectly perceptive of you. Why do you think the TalkTalk email system resets hundreds of password each week?  Because they're too short to be of any use against hackers. So, inevitably some pipex email accounts with short (weak) passwords are going to have been vulnerable to hacking. 

 

As the security experts have confirmed, the claim made in the blackmail email being circulated to have hacked into an account is likely fake, the claim to have sent the email from the user account is likely fake, the customer can confirm if the password in the email is accurate or not and most confirm fake (but that depends on their use of passwords) and we don't need to know about the claims made in the blackmail attempt because the whole point of the scam is to scare people into paying the blackmail money!

 

And don't be fooled into thinking that an ultra-strong unique password for your pipex account is good enough...it isn't...your entire security regime needs to be watertight as well.

 

For example, not protecting against keyloggers and not using VPN security when using insecure hotspots and not guarding keystrokes from being observed can all lead to your ultra-strong unique password and account being compromised.

 

As I said... We're all staying on guard, as ever.

GondolaVolunteer 2017-2021

 Like below to appreciate my help . . . Best answer is + Accept as Solution

0 Likes

SiHancox
Super Duper Contributor
Message 8 of 13

@Gondola wrote:

Hi @SiHancox and @Skynet_TX

 

 

...It looks like 'blackmail' scammers have harvested and collected together pipex email addresses and passwords from other websites. Inevitably some passwords being quoted in scam emails have been similar to and a few even the same as pipex email account passwords.  Passwords do get repeated despite advice to make passwords ultra-strong and unique and never before used anywhere...

 


Hi @Gondola

Thanks for the update.

 

So just to confirm, if you employ a unique password for Pipex Mail that's never been used as a password for any other site, and TalkTalk haven't had a breach of security (they haven'nt, have they?), then these so called "Hacks" are just "Fake Hacking".

 

Is that the long and short of it?

0 Likes

Message 9 of 13
Thanks for the info @Gondola
0 Likes

Gondola
Community Star
Message 10 of 13

Hi @SiHancox and @Skynet_TX

 

On 3 October I'd noted and alerted a spike in reports of suspected pipex account hacking.  Ady and the security team have confirmed spoofing of the email address, not email account hacking. 

 

You are quite right to be aware of the possibility that any email, whether a blackmail email, a fake hacking email or an email spoofing the address of a friend could contain a malware payload.  Being alert to the possibility and having effective security and real time scanning is essential.

 

It looks like 'blackmail' scammers have harvested and collected together pipex email addresses and passwords from other websites. Inevitably some passwords being quoted in scam emails have been similar to and a few even the same as pipex email account passwords.  Passwords do get repeated despite advice to make passwords ultra-strong and unique and never before used anywhere.

 

Deleting a scam email, not clicking any links, is great advice but if you've received a phishing / blackmail email, please report it by following the steps in the reporting guide.

 

We're all staying on guard, as ever.  Ady is on holiday leave but I'm sure will respond on his return.

GondolaVolunteer 2017-2021

 Like below to appreciate my help . . . Best answer is + Accept as Solution

SiHancox
Super Duper Contributor
Message 11 of 13

@Skynet_TX

 

Hi, I can confirm no password or user name was detailed (on the one I received anyhow), in fact it was very vague and childish, almost prankish.

 

Thanks for reminding me of GDPR, I've asked Ady if TalkTalk have noticed any unusual activity but I would expect if they had we wouldn't by now still have access to the server.

 

It's times like this that you are glad you chose a difficult, mixed letter/digit/symbol password unique to just Mail!

Skynet_TX
Community Star
Message 12 of 13
@SiHancox I've not received one of these emails so far, but assuming it does not show your real account password I'd agree it does just sound like random spam spoofing the 'from' address.

If TalkTalk actually thought there had been a hack of their systems then under the new GDPR regulations they would have to notify us quickly by law.