User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User Enceladus
(member) Fri 29-Aug-14 00:23:28
Print Post

What does this email mean?


[link to this post]
 
Dear Ms XXXXXXX,

Account username: abcdefghijk

Our Support Team have opened Ticket 9nnnnnn to track an issue on your account. Please see the comments shown below for more information.

==============
Dear Ms XXXXXXX,

During Monitoring of our platform we noticed a number of unsolicited emails are being sent from a remote IP address using your account login credentials.

These were identified as unsolicited by our spam filtering software and flagged to our attention, we then sanity checked the source IP address, Subject Line, From and To addresses and based on the content, we believe its quite possible your login credentials have been compromised.

The most probable reason is a insecure or weak password, possibly plain text which could have been obtained by a local virus / keylogger or brute forced using normal dictionary words.

Due to the resources required to handle such high quantities of email, there is the potential for this situation to negatively affect other users of our email platform and the reputation of our mail servers.

We have therefore taken the temporary measure of blocking your access to the email servers. This means that you will be unable to send or receive emails.

Before considering reinstating access to our servers you will need to take preventative measures to stop this from re-occurring, we suggest an audit of all passwords and sensitive information that may have been accessible from keyloggers etc and perform a full security audit & Virus/malware scan of any Pc's connected to your network.

Once you have taken action, please contact us to arrange for a new strong (cryptic) password to be applied to your account or mailbox , please use upper / lower case characters and numbers or special characters mixed.

Alternatively if you are confident you have secured all your local network / computers, you can re-enable the service by updating your password with a more secure cryptic password via your customer portal. Please note once you make these changes you will need to update any mail software which uses the password your changing to reflect the new password. If the password you are changing is your default password for your account and you use our broadband service, you may need to also update your router password to reflect the changes made.


--Internal--
Webmail component disabled where applicable.

Cryptic passwords only please,
If its a sub mailbox then the password(s) have already been updated, please advise full security audit. If the customer is using broadband and its the account default password that's been compromised, please update the router password and mail client after confirming full security audit has been completed.

If the customer had a cryptic password previously, this would suggest local keylogger/ viral activity

Regards,

Stephen Dean
Standard User professor973
(experienced) Fri 29-Aug-14 01:03:38
Print Post

Re: What does this email mean?


[re: Enceladus] [link to this post]
 
It is plain enough what it is saying. That said, it could be a fishing email itself. Simple enough job to find out. Just try logging into your email, if you can get in, ignore it.

Zen Business Talk - Freeola Family Broadband.
http://speedtest.net/result/2690543838.png
Standard User pcoventry76
(knowledge is power) Fri 29-Aug-14 01:09:40
Print Post

Re: What does this email mean?


[re: professor973] [link to this post]
 
it's not a fishing e-mail


Register (or login) on our website and you will not see this ad.

Standard User pcoventry76
(knowledge is power) Fri 29-Aug-14 01:10:18
Print Post

Re: What does this email mean?


[re: Enceladus] [link to this post]
 
Security measure usually due to high amounts of spam e-mails being sent. Or e-mails that they think are spam.
Standard User professor973
(experienced) Fri 29-Aug-14 01:28:55
Print Post

Re: What does this email mean?


[re: pcoventry76] [link to this post]
 
As it's not yours, you don't know.

Zen Business Talk - Freeola Family Broadband.
http://speedtest.net/result/2690543838.png
Standard User awontroba
(newbie) Fri 29-Aug-14 01:32:00
Print Post

Re: What does this email mean?


[re: Enceladus] [link to this post]
 
Assuming it is genuine (check the ticket system or ask them), PlusNet:
  • Think that somebody, somewhere, has got hold of your PlusNet mail account details and are using these to access PlusNet's mail system and spam the world.
  • Have blocked your, and the spammer's, access to mail.
  • Think that your password was weak and easily cracked by trying many times, e.g. Mary1 or, far worse, that malware on your system is logging interesting stuff you type (passwords, credit card numbers) or scanning your system for such and sending it to the spammer / credit card abuse merchants.
  • Scan your systems for malware and clean any problems found.
  • Suggest that you review and prepare to change all your passwords on your systems and remote systems you access via them. The new passwords should be a mixture of upper and lower case letters, numbers and special characters. Additionally I suggest that you should not use any words found in a dictionary. You may choose to use a password generator (e.g. apg, see examples below, or a Windows equivalent)
  • Change your mail password or ask PlusNet to do it for you so that your mail flows again.
  • Get on with the chore of changing all your passwords on remote systems.

apg examples
Do not use any of these as passwords, as they are now public.

pronounceable (sort of) passwords
[aw1@swelter ~]$ apg -M SNCL
6twiv{Si
goj6Odd}
MyWil4Od:
,OnEggAv4
Joaw6oj\
Eb9Ownaj(

random passwords
[aw1@swelter ~]$ apg -a 1 -M SNCL
T1VET(vT
R.{2ib(Y:8
^I'?^t2gGx
=>2OiqKTol
z#WJ^8V!A
pVMk8?)[4:

--
Adrian
Standard User pcoventry76
(knowledge is power) Fri 29-Aug-14 01:44:40
Print Post

Re: What does this email mean?


[re: professor973] [link to this post]
 
In reply to a post by professor973:
As it's not yours, you don't know.


I worked at Plusnet for 3 years and dealt with these everyday.

I know alright. I also know the person who did the internal comment!
Standard User Enceladus
(member) Fri 29-Aug-14 03:57:52
Print Post

Re: What does this email mean?


[re: pcoventry76] [link to this post]
 
It's genuine.
It seems that PlusNet decided to suspend her email (former MadAsAFish) account with no warning except the email above sent to a non PlusNet email servce.
The unintended consequence was that her internet access was cut off. Or is that really just coincidence?
No internet - no way to read the email.
When service did not resume within a couple of days, she rang support.
Router blamed - £40 demanded for a new one.
Rang customer services and persuaded to take out new 12 month contract.

I'll get access to her router in the morning. And the PC. But my guess is that there is nothing wrong with the router, its the account that's suspended.

Likewise I'll check her PC. Interesting that the email mentions a remote IP, so the spam emails are originating from elsewhere. We'll see.
Standard User RobertoS
(elder) Fri 29-Aug-14 09:26:51
Print Post

Re: What does this email mean?


[re: awontroba] [link to this post]
 
People often take a list like that of things to do as not necessarily to be followed in the sequence given, so long as they do them.

Importantly there, there is no point in changing any passwords until sure there isn't a key logger running.

My broadband basic info/help site - www.robertos.me.uk | Domains,site and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 56.6/14.1Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User pcoventry76
(knowledge is power) Fri 29-Aug-14 14:52:53
Print Post

Re: What does this email mean?


[re: Enceladus] [link to this post]
 
That's odd.

usually access to the e-mail servers is stopped, I am not aware of why it it should stop her internet access totally.

Unless someone removed the auth component from her profile, which would explain why the internet would not connect.
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to