1. Home
  2. UK Do-It-Yourself Forum
  3. OT Phishing emails. Am I being too sensitive?

OT Phishing emails. Am I being too sensitive?

I got the below email last week and although it did refer to a domain that I own, I didn't like the way that the links to 123reg didn't appear to lead to 123reg.

formatting link

This led me to very nearly ignoring the email as a "phishing" one but I logged into the site directly (rather than through the links provided) and indeed there was a problem that I was able to sort out.

I contacted 123reg and expressed my dismay at their using obfuscated links but they responded with "I apologise that the emails look suspicious however we could not find any errors on our end regarding these emails."

Are they barkingly stupid or am I just being a bit paranoid?

Tim

Reply to
Tim+
Loading thread data ...

Never ascribe to malice that which can be explained by stupidity.

Reply to
Scott M

Well it's the usual rubbish html that one expects to see in emails, but all the links go to webfusion and they talk about being part of webfusion at the end, so it's prolly OK.

Reply to
Tim Streater

That one wouldn't have triggered my phishing sensors, because I know webfusion are associated with 123-reg.

Reply to
Andy Burns

The links point to webfusion.com which is a 123-reg company... so they are legit, although it might have been better if they had pointed at links on a 123-reg domain rather than webfusion.

So in answer to your question; yes, a bit, both of you ;-)

Reply to
John Rumm

10 years after Vista and Microsoft are still in business. And still able to live through this sort of thing:

On a recent thread some nitwit was complaining about Windows slowing up his laptop. Rather than believe all the Nigerians in the world with access to the internet were also using his box of tricks, he was content to stick wit h things he knew and whinge about it.

I don't believe anyone with a computer has enough paranoia.

Reply to
Weatherlawyer

They are weird I think. They actually trade or use web sites under other names I noticed when looking up contact details for a friend though, so maybe they ar ejust confused.

Brian

Reply to
Brian Gaff

Reply to
Adrian

However, since webfusion are a hosting company, that could easily be a reasonably clever ploy to merely "reassure" some.

Reply to
Adrian

Tim+ :

In case of doubt it's better to view the plain text version of the message rather than the HTML. If you do that you'll find nothing more suspicious than a missing apostrophe.

Reply to
Mike Barnes

why would this be a comfort to anyone

WTF is webfusion?

So a spammer (pretending to be someone you have heard of) tells you he is part of some other concern that you haven't heard of and you think this is a good indication that it is not spam

Would you like to buy this bridge off me

tim

Reply to
tim......

so the links to unknown third party sites go away in the plain text version, do they?

tim

Reply to
tim......

Can't see any links to unknown third party sites... 8 or 9 go to webfusion.com, and one to 123-reg.co.uk

Reply to
John Rumm

The point is/was, webfusion was an unknown link to me. Given that the standard way to check a link is to see if it links to where it says it links to before you follow it, surely this is bad practice?

Tim

Reply to
Tim+

tim...... :

Yes.

Quoted below is the plain text version, which as you can see, is totally innocuous. There are no links, though an enthusiastic mail client might display "

formatting link
" as a link. The worst that could happen, if it was phishing, is that you'd "log into the 123-reg control panel and update the details in the domain management section" unnecessarily.

The plain text version is 100% safe and tells you all you need to know. There's no point in the HTML, except to display the company's logo (yawn), and to provide links that a sensible user would avoid clicking on and a responsible company would not have sent out.

8
Reply to
Mike Barnes

Hence my original comment - yes they were being a bit daft. However they do make the webfusion brand fairly public - most 123-reg pages have "Copyright © 2013 Webfusion Ltd." at the bottom of them for example.

Its always wise to check where the links point - after all, if it looks like a kebab shop in poland, then you would be right to smell a rat! Doing as you did (going to the suggested page without using the supplied link is also a sensible way forward.

Reply to
John Rumm

yeah I had this and checked at 123 to see if my registrations had in fact run out. One nearly had, but strangely I think the renewal fee was less at 123 than via the email...

My guess is they farm off details to webfusion who may make extra cash if you are stupid enough to use them.

Reply to
The Natural Philosopher

It is bad practice. The sender should not assume that the receipient knows that webfusion is related to 123, nor should they expect you to waste your time looking it up.

Reply to
Mark

how is that helpful if the recipient had never heard of webfusion and is likely to have no confidence that they are legitimate. Just because they have a "professional" looking web page adds absolutely nothing to the equation here, because the staring point for a scammer is to have a professional looking web page

tim

Reply to
tim......

There is no need really - I agree with you ;-)

Well I was kind of assuming the OP was a 123-reg user and had already visited their pages at least enough times in the past to register and administer their domain. (If they were not they would not have received the email in the first place).

Reply to
John Rumm

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.