cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

email support

Ask us about your TalkTalk email account and Webmail.

Lack of quality service to Tiscali account holders: Ongoing security issues (Phishing and spam)

RA695
Participant
Private Message TalkTalk
Message 14 of 14

Despite having paid £50 to renew/keep my Tiscali email address, I cannot help feeling that TalkTalk service to Tiscali account holders continues to fall short of that provided to TalkTalk email address holders. Like other Tiscali account holders, having read this blog I see that many have over the last 2 months been suffering a continuous and increased stream of Phishing and spam emails from long-winded Gmail accounts using false pseudonyms such as DPD, J'Adore Parfam, the FBI, PureCBD and other high profile brands/sources. Despite creating detailed processing rule after rule, the TalkTalk system does not prevent what are clearly fraudulent emails from entering my In-Box, risking a breach of personal data ...Why????????? 

I have viewed the meta-data behind the emails (without opening) and utilised specific data to create the blocking rules. Still, nothing is proving effective in the emails gaining access to my inbox. When I update the rules the system says "This request may take some time". Clearly, there is something wrong at TalkTalk processing accounts rules. Can anyone provide any further ideas or perhaps TalkTalk can explain why the processing rules are ineffective? 

Has anyone been able to resolve this issue or received recent advice from TalkTalk on the subject 

 

 

13 REPLIES 13

Message 1 of 14

There is no evidence of any TalkTalk security breach. Only a new wave of spam from Gmail using addresses from old data breaches. Enter your email address at https://haveibeenpwned.com to see where your email address is implicated in a data breach.

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

Message 2 of 14

Hi Gondola

Thank you for your response, however, with respect, I am not sure why you have responded in the way you have, as it detracts from the primary issue. I accept that you're a huge TalkTalk fan with a good working knowledge of the platform, but clearly, we are talking about the impact of a security breach (whether by TalkTalk or one of its "trusted-partner), the root cause of which TalkTalk are aware of. (see response from Ady-TalkTalk.

 

By the way... I accept that even spam emails originate from 'genuine email addresses', they have to be, to be accepted onto the relevant platform. However, often the details used to create them are false and the emails that are then issued are used for an illegitimate purpose. Often an examination of meta-data will identify complex email address formats with a front-facing pseudonym to fool recipients into believing the emails are genuine.

 

Please refer to the conversation between Ady and I, on this subject matter.

 

Thanks

RA

0 Likes

Message 3 of 14

Hi Ady

 

Thank you for your responses on this matter.

It is worrying to hear that your company's 'trusted' Google/Gmail domains' security failures have been allowed to impact TalkTalk servers to the point where they cause a security breach (severe influx of phishing emails) that allows scammers to actively target your customers. The scenario you explain tends to suggest that TalkTalk, lowered its security screening for 'trusted' Google/Gmail domains, which if correct, suggests a failure of your risk assessment and strategy. The key issue is that TalkTalk servers should have identified the security breach or at least the possibility of a breach and either automatically blocked the security breaching emails or severed the connection between your server and the 'trusted' domain(s). Furthermore, considering the scale of the incident TalkTalk/Tiscali should have issued a specific security warning (maintaining a general security/scam page on your website is insufficient) to each customer providing them with;

1. Details of the security breach, which accounts are affected, warning of an enhanced risk of receiving scam emails purporting to be from particular companies.

2. Detail what TalkTalk are doing to remedy the issue and an indication of how long the matter will take to resolve,

3. Warn of the need for increased vigilance

4. Detail what action should be taken by customers including, the implementation of emailing processing rules should be implemented to divert suspicious emails to spam but warn that this may not prevent scam emails from entering their inboxes.

This is important, as I should not have to raise the matter on a blog to establish why my inbox is receiving increased spam and that your filters are ineffectual as it is a server security problem. After all, we are not talking about simple advertising spam emails, they are all phishing emails/scams targeting your customers to get them to click on links that then take them to fraudulent websites that steal their data, fool them into fraudulent purchases and the hacking of their computers to steal thousands of pound from bank accounts. So it's not an issue that should be taken lightly by TalkTalk. There are also the legal ramifications attached to your company's failure to disclose the incident(s)/risk which clearly from your response your company is aware of. If a TalkTalk account holder suffers financial loss as a result of one of the scam emails and your company knowing of the enhanced risk, failed to advise your customers, potentially TalkTalk could be held liable for some or all losses suffered.

 

It's about time that server managers take responsibility for the extent of fraud that costs the economy hundreds of millions of pounds each year, as it's the consumer who becomes the victims as banks remain highly reluctant to repay victims who fall for the scam emails such as those passing through your server!

 

Regards

 

RA

 

0 Likes

Message 4 of 14

I'm told additional filters have been put in place to try to limit the impact. 

 

Ady


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


0 Likes

Rootin
Conversation Starter
Private Message TalkTalk
Message 5 of 14

Thank you Ady. That is very helpful to have an explanation/diagnosis. It is always good to know what it is you are dealing with. Any idea of a timeline for adj the filters? Please keep us in touch with progress. Thanks

Message 6 of 14

What's going on at the TalkTalk end is that we have Google/Gmail domains as trusted senders due to their excellent MTA as they normally manage their outgoing mail very well. However, at present they've failed to control the spam coming out of their domain so we're being hit by it. Cloudmark are adjusting the filters to cope with the new influx of spam from Google. 

 

Ady


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


Rootin
Conversation Starter
Private Message TalkTalk
Message 7 of 14

Replies from Gondola are like getting spam, full of largely irrelevant information and veering us off what is the main problem ie something going on at the TalkTalk end.

Occams razor - look forf the most obviosu cause. If laods of tiscali customers are all getting spam, when for years they haven't is it all of a sudden down to them and their IT habits. Of course its not.

Can we please have some transparency TalkTalk and what action you are taking. Even if it is a don't know at the moment, that's fine; at least it demonstrates you are trying. Thank you.

Message 8 of 14

TalkTalk are blocking some of the spam content that's been fingerprinted as a consequence of TalkTalk users marking as spam.

 

The email addresses are perfectly valid and genuine mail services also use similar techniques of user+detail@domain in order to identify and filter mail responses from their customers that are identified by what you call the "convoluted" detail part after the + symbol.

 

Even if sent from the same user mailbox the detail part of the local part email address can change with every message so there's no point in trying to filter on the whole sending address.

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

Message 9 of 14

Hi Gondola

I have responded to your initial response. As for your last one;

 

I'd be confident that TalkTalk email admins have asked Gmail email admins to stop spam sending at source. The issue was being investigated by TalkTalk.

 

Response: The TalkTalk system should be able to cope with obviously fraudulent emails from the Gmail servers.

 

Spammers frequently change sending email addresses so how is it possible in your opinion for a recipient mail server to know that you haven't solicited mail from a particular source.

 

Response: Legitimate email addresses are simple and not convoluted. Convoluted email addresses are often linked to fraud.

 

Have you blocked all Gmail and Googlemail? Or should TalkTalk do that for you?

 

Response: Blocking all gmail/Google-generated emails is not a convenient  option

0 Likes

RA695
Participant
Private Message TalkTalk
Message 10 of 14

Hi Gondola

Thank you for your response. Whilst I appreciate your comments, the bottom line is that if TalkTalk cannot adequately secure Tiscali accounts then they should not continue to offer the service and if that is the case then they certainly should not be charging customers.

I am well versed in the issues surrounding compromised accounts but what we are seeing here is not highly sophisticated scam/phishing emails in terms of source origins and content. They are readily identifiable from their outrageously long source email addresses which can be viewed within metadata as opposed to the visible pseudonym. In reality, they should auto-flag on TalkTalk security systems and be destroyed before entering in-boxe., I do not doubt that the source email address issues thousands of these emails at a time and that thousands of Tiscali and TalkTalk customers have flagged them as spam expecting TalkTalk to take appropriate action. Secondly, if they make it through, Tiscali customers placing the emails into spam, should if I understand it, flag the email to TalkTalk for review and action. This does not seem to happen as the emails keep coming. Finally,  the Tiscali user setting up processing rules that flag both the pseudonym and source email address is also ineffectual at reducing the constant flow. Ordinary legal email accounts do not use convoluted email addresses.

 

As requested, here is an example of the rules set up to process DPD/FBI scam/phishing emails shown below should capture an array of email content and format but it doesn't. As you can see the email address is intentionally convoluted. I have only posted a section of it, it goes on and ends @gmail.com

 


Page 1Page 1

Page 2Page 2

0 Likes

Message 11 of 14

I'd be confident that TalkTalk email admins have asked Gmail email admins to stop spam sending at source. The issue was being investigated by TalkTalk.

 

Spammers frequently change sending email addresses so how is it possible in your opinion for a recipient mail server to know that you haven't solicited mail from a particular source.

 

Have you blocked all Gmail and Googlemail? Or should TalkTalk do that for you?

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

0 Likes

Rootin
Conversation Starter
Private Message TalkTalk
Message 12 of 14

Why should we have to delete our mailboxes? This problem is something new; it has only just happened over the last 10 days or so. If we can set up message filters at our end surely it is not beyond the wit of TalkTalk to do something to stop them at source.

 

It seems to be sort it or lose customers. Your choice.

0 Likes

Gondola
Philosopher
Private Message TalkTalk
Message 13 of 14

When your email address has become known to criminals, whether scammers or spammers, then your mailbox will be targeted. A lot of the tiscali email addresses were known as a result of onliner spambot malware in 2017.

 

The only sure way to deny criminals a mailbox to target is to delete the mailbox. But if you wish to continue with filter rules then show me a screenshot of a rule or rules that you say are ineffective and I'll take a look to see why some might not be working as you expect.

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

0 Likes