cancel
Showing results for 
Show  only  | would you rather see results for 
Did you mean: 
Need help?

"You may have downloaded a virus on one or more of your devices"

ANSWERED
Reply
47 REPLIES 47
Highlighted
Wizz Kid

I received two copies of the same email today from TalkTalk stating that;

 

"Unfortunately, we’ve detected a potential threat on one or more of your smartphones, tablets or computers. This may have come from an unsafe attachment, a phishing website or many other places, so we recommend you protect your devices to make sure any viruses you have are removed now."

 

No specific details were provided and all very vague. I do not have Super Safe or Home Safe enabled. So this is either a fearmongering marketing email to upsell F-Secure, or TalkTalk have been monitoring my browsing and determined that I may have visited a potentially malicious site. Neither is particularly good.

 

Did anyone else receive the same today?

Highlighted
Community Star

Hi @ITTroll

 

This is the second report I've seen today. Can you look at the email header and copy that here please?  It may be the start of a 'phishing' exploit or it could be genuine. But whatever, it needs checking out.

 

PS Remove the personally identifiable part of your email address before posting.

 

In TalkTalk webmail, a genuine email from TalkTalk will have a yellow padlock symbol.

 Gondola - Volunteer 2017-2020

To appreciate my help . . . If I offered a solution Best Answer

Highlighted
Wizz Kid

It’s not phishing. It has a view in browser link which allows you to view the message from a secure link on a TalkTalk server. https://view.consumer.talktalkplc.com/

Highlighted
Community Star

...interesting. That link doesn't work. If it did or does work on your TalkTalk connection then that's reassuring.

 

So have you taken heed of the message?

 

What have you found after running anti-virus and anti-malware scans on all your devices? And checked your router for unauthorised devices connecting.  Changing the router wi-fi password would be a good choice just in case.

 Gondola - Volunteer 2017-2020

To appreciate my help . . . If I offered a solution Best Answer

Highlighted
Wizz Kid

I removed the unique Message ID from the URL, I just posted the host name to demonstrate that it was a genuine TalkTalk server.

 

At the moment I’m treating the message with large dose of scepticism. I already run AV on my computers, I seriously doubt my Apple iOS devices will have anything and I run a non TalkTalk router with a custom firmware.

 

The email conflates downloading a virus from an email attachment with visiting a phishing website - two completely different forms of attack. I’d like some more detail on exactly what they claim to have detected and what they are monitoring without my consent, before I go chasing phantoms dreamt up in a marketing campaign. The email recommends that I activate my free one device protection whilst also stating that more devices have potential threat...

Highlighted
Community Star

Hi @ITTroll

 

Phishing emails often embed genuine links to convince people that emails are genuine. I've asked TalkTalk for clarification.

 

The evidence you've produced so far leads me to conclude the email is genuine but if I'd received it I would still be wary. I'd be wary of clicking on links in the email before checking them out but I still would check my devices for viruses and malware.

 

You've not said if there are any marketing links or any inducements to buy any particular products. So, if marketing is absent from the email do you still think it's a marketing ploy. So far, still only two people are reporting. I'd expect more if lots of people were being told they could have downloaded a virus or malware. 

 

PS I see you've now added to your post:


@ITTroll wrote: The email recommends that I activate my free one device protection whilst also stating that more devices have potential threat...

If it is a marketing campaign it is in my opinion poorly executed because of the worry it causes. But if it's a genuine individual warning message then I'd be rightly worried. Hopefully TalkTalk will clarify tomorrow.

 Gondola - Volunteer 2017-2020

To appreciate my help . . . If I offered a solution Best Answer

Highlighted
Wizz Kid

It will be interesting to hear what they have to say. I’m a certified IT security professional and so I am reasonably confident about the security of my systems. The email goes on to promote the SuperSafe boost and provides steps on how to enable it for free on one device.

 

There are many anti-virus products out there to clean up your device and remove the threats, but SuperSafe security is already included at no extra cost in your TalkTalk package. You can protect one of your devices if you switch it on now.

 

It’s easy to set up, automatically removes viruses you have now, and will protect you in the future.

 

 

Highlighted
Community Team - TT Staff

Hi ITTroll, I've checked your account and can't see anything that this came from us. I'm still waiting for confirmation from colleagues on the comms team whether or not it's us. 


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


Highlighted
Team Player

I got the same message twice yesterday from info@consumer.talktalkplc.com. I had never noticed that particular TalkTalk email address before (they normally end with TalkTalk.co.uk) so I had a 'live chat' with technical services. The respondent (Donato I think) confirmed that @consumer.talktalkplc.com was a genuine TalkTalk address but didn't, or couldn't, explain why I had received the virus warning.
We have three Windows 10 PCs all with the latest updates and up to date antivirus and firewalls installed. I did a quick scan on each and nothing was found. Overnight I left each one on and let the antivirus do a thorough scan of all the drives in those machines and, again, nothing was found.
If TalkTalk are going to send these types of messages they need to be a bit more specific about what they think they've found. The thing that made me suspicious was the "may have downloaded a virus". "MAY have" means nothing. I either have or I haven't.

Highlighted
Community Team - TT Staff

I've been informed that the message is a genuine TalkTalk message. I'm now digging into why it's been sent. I'll post back to let you know as I know more. 


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


Highlighted
Team Player

09.00 Hours. I've just received the same email again.

Highlighted
Community Star

Hi John

 

Well, info@consumer.talktalkplc.com is a genuine TalkTalk marketing / informational email. So based on the evidence so far it's looking more and more like a badly conceived marketing effort that's wasting all our time with a direct implication that a virus or malware has been downloaded.

 

Of course this means that the next time we receive a real warning there's a real threat...people will ignore it. I'm not impressed TalkTalk.

 Gondola - Volunteer 2017-2020

To appreciate my help . . . If I offered a solution Best Answer

Highlighted
Wizz Kid

@JohnLW wrote:

09.00 Hours. I've just received the same email again.


Yep, just got it again too (three times now).

 

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=200608; d=consumer.talktalkplc.com; b=nCydtz5wj6zP+sjkBtLreYX4jUY7N95GIHOBNBngHiNaMzMDFsdWl54p7mM+fOsa7gNAf8EAlmrz
   39NuaTrobqz5AShOCWJBn5mHf/eP2dQE9cDfLWWhTl4/PJy1fcgIltlJV1EL/KBmHsCkDfOj9lgV
   ejwtniu0m+ZJbAtAwsM=;

TT_virus_on_device.png 

Highlighted
Community Star

...and as more information is revealed, the picture changes yet again. Having revealed that the email is triggered by the network security systems it becomes even more important to find out what's causing those triggers.

 Gondola - Volunteer 2017-2020

To appreciate my help . . . If I offered a solution Best Answer

Highlighted
Wizz Kid

I wonder if my non TalkTalk router has anything to do with it? If they are probing for a specific response or monitoring for certain traffic signatures.

Highlighted
Team Player

I'm using a TalkTalk supplied D-Link router and I'm getting the mails.

Highlighted
Community Team - TT Staff

Hi all, it's not quite so complicated. I'm just waiting for the statement and I'll let you have the information. 


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


Highlighted
Community Team - TT Staff

As promised here's the official response to your concerns:

 

 “One of our top priorities is keeping you and your family safe online, our Homesafe and Supersafe products helps keep you and your devices protected. Whilst we don’t monitor our customers internet traffic, our next generation DNS platform is able to identify traffic patterns from malware and potential threats on the network enabling us to notify our customers.”

 

 

 


Please log in to My Account if you need to view or pay your bill, manage boosts and track your usage. From My Account you can also check your connection and test your line for any issues in the Service Centre.


Highlighted
Wizz Kid

@OCE_Ady wrote:

As promised here's the official response to your concerns:

 

 “One of our top priorities is keeping you and your family safe online, our Homesafe and Supersafe products helps keep you and your devices protected. Whilst we don’t monitor our customers internet traffic, our next generation DNS platform is able to identify traffic patterns from malware and potential threats on the network enabling us to notify our customers.” 


Thanks. So it is based purely on DNS lookups. I don't have any Homesafe or Supersafe products enabled though so I'm not sure why I'm getting the email alerts. The emails I received were sent at exactly 15:00, 17:00 and 9:00, which seems like a defined schedule rather than in response to a trigger event and so don't really help narrow anything down. Can I get a log of the specific details so I can analyse this further? This could just be a malicious ad server which is being flagged by TalkTalk and is being blocked locally by my own security software.

Team Player

15.00, 17.00 and 09.00 is exactly the same for me. I'd be interested to know how many TalkTalk customers got these emails. No possibilty that it's the TalkTalk site than has been hacked again rather than the users is there?