Reply
Newbie
Worriedaboutphishing
Posts: 1
Registered: ‎23-04-2013
0

Btcomms@btcomms

I have also received this. It follows on from multiple more amateur attempts to phish login and password. The nature and presentation of this email is much more dangerous and could easily trick the unwary
Guru
Andy_N
Posts: 3,472
Registered: ‎31-01-2010
0

Re: Btcomms@btcomms


Worriedaboutphishing wrote:
I have also received this. It follows on from multiple more amateur attempts to phish login and password. The nature and presentation of this email is much more dangerous and could easily trick the unwary

Hi. Welcome to the forums.

 

The email is a standard one, but still contains the email.planning-inc.co.uk website, probably use for stastical purposes. It should NOT be used, the link should go to a bt.com website.

 

Although genuine, the links it shows "on screen" are not the same as the underlying link in html. This is extremely bad practice and should be stopped. I've said it lots of times.

 

For example there is visible a link :-

 

bt.com/help/newmail

 

which goes tounderlying link :-

 

email.planning-inc.co.uk/r.emt?h=bt.custhelp.com/app/answers/detail/a_id/34259/c/346/?s_cid=con_FURL_help/newmail

 

+ some tagged info.

 

 

 

 

Guru
sjtp
Posts: 2,603
Registered: ‎21-06-2012
0

Re: Btcomms@btcomms

[ Edited ]

This is extremely bad practice and should be stopped.

 

Absolutely.  I'm amazed that email clients don't always

 

1 - highlight any case where the text the email asks to be shown does not match the actual target:

and display that actual target in plain text.  That will clarify cases such as 'click this link'.

 

2 - extreme highlight any case there the text and target don't match and the text looks like a valid address.

Maybe with an extra step if the user does try to visit the target: 'do you reall want to visit this?'

 

2 should apply generally to web browsers too.

 

 

Guru
Andy_N
Posts: 3,472
Registered: ‎31-01-2010
0

Re: Btcomms@btcomms


sjtp wrote:

This is extremely bad practice and should be stopped.

 

Absolutely.  I'm amazed that email clients don't always

 

1 - highlight any case where the text the email asks to be shown does not match the actual target:

and display that actual target in plain text.  That will clarify cases such as 'click this link'.

 

2 - extreme highlight any case there the text and target don't match and the text looks like a valid address.

Maybe with an extra step if the user does try to visit the target: 'do you reall want to visit this?'

 

2 should apply generally to web browsers too.

 

 


Another very poor thing about that email is that it only assumes users use webmail.

 

The subject title is "Urgent: upgrade your BT Yahoo! Mail", which is frankly very misleading, as is the body text :-

 

Your Classic version of BT Yahoo! Mail is closing.
You need to upgrade now
 
 Hello,  

The Classic version of BT Yahoo! Mail will be replaced by our new version on 3 June 2013. So it's time to upgrade, before you lose your email access.  

Nowhere in the email does it mention an email client. Later in the email it says :-

 

We're sending a separate email about the upgrade to each person who's using the Classic version of BT Yahoo! Mail (whether it's for their primary email address or a sub-account).

Although probably true in general, it's just not correct for some of my accounts where I have never used the webmail interface.

 

The whole thing needs proper clarification.