email support

davecm · ‎11-12-2023

My partner's Talktalk email address has been abused. People should be aware that the Netflix Extra Members ID and password seems not to be adequately secured.

The Netflix Extra Members ID (Talktalk email address) was changed multiple times within a few days by someone else. On contacting Netflix support by phone it would appear that their call centre staff have access to view and change this, so possible abuse by Netflix staff. Only other possibility would be a brute force attack to discover the password, but you would expect failed attempts to be blocked after a few failed tries.

Since then fraudulent attempts have been made to use the Talktalk email address to set up accounts on Bookings.com, and LinkedIn. Attempts to change Facebook password, blocked due to confirmation emails. Instagram user-id changed twice and sucessfully!!!, warning emails from Instagram pretty useless, as closing stable door after horse has bolted.

On a typical day since the hack, e.g. yesterday, 150 phishing emails arrive in Talktalk inbox. All from random and obviously machine generated Gmail addresses, but having a discernable pattern.

Now we have changed to using a business standard email client with proper spam filtering rules that can block emails matching the above patterns automatically flag them to Talktalk servers as spam, and move them to Spam folder.

Moral of the story. If you use the Netflix Extra Members feature, don't use the Extra Member's primary email address as the user-id. Create a new email address specifically for that purpose only and don't use it as the login for any other service. Watch out for unauthorised changes.
If an OCE reads this, they can find the affected partner's email address in my profile. You may have a way to block the phishing attempts before they reach the user, and/or a way to flag the abuse to Gmail. I tried to do that myself, but Talktalk servers block the reports due to excessive emails being sent from the TT address, as if I were a spammer.

Windows, Android, Synology NAS

davecm · ‎12-12-2023

I needed to automate the removal of phishing emails arriving in partner's Talktalk Inbox, as the quantity received in the last week is around 800 and was freaking them out 🤕 causing distress. Manually marking them as spam is too onerous.

I have succeeded in that by installing a business oriented email client with facilities for rules based filtering and processing and blacklisting senders. They were previously using Windows Live Mail.

It's disappointing that Talktalk's servers don't detect what is obviously spam/phishing, doubly disappointing that Google doesn't stop them at source, and there appears to be no mechanism to report the senders to Google, or to get their accounts suspended.,

I myself use Gmail as the email provider and Outlook as the PC client. 99% of spam and phishing emails are correctly diverted by Gmail to the Spam folder, there are few of them, and there are very rarely any false positives. These are usually legitimate survey requests that others have marked as spam.

Windows, Android, Synology NAS

Gondola · ‎12-12-2023

The Gmail advice is very similar to that published by TalkTalk. i.e. Mark as spam to automatically report spam.

Mark as spam in your Gmail mailbox

I see no mention of using the 'abuse' Gmail address that comes up in checks as an Undeliverable address.

Gondola Community Star 2017-2024

Like below to appreciate my post . . . Mark as solved Accept as Solution

davecm · ‎12-12-2023

Thanks for that advice.

Seems that Google don't adhere to their own published guidelines for managing spam.

Windows, Android, Synology NAS

Gondola · ‎12-12-2023

The gmail address does not exist. Do not continue or your IP address will be flagged as a potential spammer.

Gondola Community Star 2017-2024

Like below to appreciate my post . . . Mark as solved Accept as Solution

davecm · ‎12-12-2023

Not sure where the screenshot attachment went. Trying again.

Windows, Android, Synology NAS

davecm · ‎12-12-2023

I set up a series of rules in the email client that automatically:-

Move the phishing emails on receipt to the Junk/Spam folder, based on discernable patterns in the senders email addresses
Forward the emails to abuse@gmail.com as they all come from Gmail addresses
Delete the emails forwarded to abuse@gmail.com from the Sent folder

Talktalk's smtp server seems to dislike step 2 and produces an error as shown in the attached screenshot.

Using Talktalk webmail does allow batches of phishing emails to be forwarded without producing an error.

Windows, Android, Synology NAS

Gondola · ‎11-12-2023

TalkTalk employ network filtering of suspicious content via CloudMark / Proofpoint. This has a sender intelligence engine that in part relies on mark as spam reports from TalkTalk customers. Mark as spam is a feature in TalkTalk Mail webmail and acts on the online mailbox by putting marked mail into the online Spam folder.

An IMAP email client synchronises the online folders so as well as seeing the online Inbox you should also see the online Drafts, Sent, Trash and Spam folders assuming that you've set the IMAP client to sync all those folders.

The email addresses are perfectly valid and not realistically possible to detect as a spammer's address because any genuine mail service can use the user+detail@domain format to send legitimate mail.

It would be great for Google to block spammer's mailboxes. Gmail is widely acknowledged as the world's biggest source of spam in parallel with it being the world's biggest email service. And therein lies the problem of detecting what's genuine and what's not.

Gondola Community Star 2017-2024

Like below to appreciate my post . . . Mark as solved Accept as Solution

davecm · ‎11-12-2023

Done all the above thanks.

It seems surprising that Talktalk's IMAP servers appear to have no effective spam filtering. Am I correct?

Nothing has ever appeared in the Spam or Junk folders of an IMAP client on a Talktalk account.

I have set up my own filters that do the trick, as do those employed routinely by the likes of GMail.

Seems like Talktalk users using Outlook, or other email clients have to rely on their own expertise, and the functionality of 3rd party software to achieve any spam or phishing filtering.

You'd think that 150 phishing emails a day from addresses like a.b.c.ef.gh.i.jk.lm+123.xyz@gmail.com, and each email from a different but similar GMail address would be detected a) by Talktalk's IMAP servers and directed to spam folders and b) detected by GMail as an abuse of their terms of service, and the senders acounts suspended.

Windows, Android, Synology NAS

Gondola · ‎11-12-2023

Has your partner:

Scanned their email devices for password capturing virus, trojan or other malware?
Upgraded the mailbox password?
Signed out all devices connecting to the mailbox?
Deleted any unexpected Filter rules including any auto forward that may be diverting some incoming mail messages?
Checked that Reset details for the mailbox are up to date and correct?

Gondola Community Star 2017-2024

Like below to appreciate my post . . . Mark as solved Accept as Solution

email support

Warning - Netflix Extra Members feature open to abuse - Don't login with your primary email address.