TalkTalk kept my email account active for 8 years after I left – now it’s spamming my mates • The Register
TalkTalk has refused to delete a former buyer’s email deal with which was once taken over via spammers – for the reason that unlucky individual cancelled their contract 8 years in the past.
The buyer, Joanne, was once contacted via her buddies after they began receiving junk mail from an outdated email deal with of hers. After digging out the account main points, she discovered that she was once ready to log in – suggesting that her password were brute-forced via the spammers.
While she was once ready to log in, the webmail interface supplied via TalkTalk didn’t permit her to switch her password. To do this the person has to log into the separate TalkTalk account portal, which you can’t do if now not a present buyer.
A Reg-reading good friend of Joanne’s, Daniel Gibbs, then had a take a look at her account. He instructed us that after the spammers had cracked the account password and harvested the contents of the deal with ebook, they started “sending out emails to the harvested email addresses – in this case the emails look more genuine than usual as the emails contain the subject line from a previous conversation. The emails contain a URL disguised as a hyperlink to a .pdf or .img file”.
In emails observed via The Register, TalkTalk refused to take any motion except Joanne posted two separate proofs of her id to TalkTalk’s Salford HQ.
“Unfortunately we can not act on your query as you no longer have an account with TalkTalk,” a customer support guide stated in an email to her. “Please contact your services provider so that they will help to investigate on your issue or request for a IT to look into this issue to come up with a resolution.” [sic]
Gibbs commented: “Personally I would now not be ready to ship two kinds of ID to an organization which has no present formal dating or contract with me, and moreover has a monitor report of being catastrophically inept in protective the information of its consumers.”
The Register has handed complete main points of Joanne’s case to TalkTalk. The ISP stated receipt however has now not but despatched us a remark about why it refused to delete her account when she requested them to. Nor had it defined why a buyer account that were inactive for 8 years wasn’t deleted after the buyer walked away.
Gaining get entry to to a sound email account is a valued factor for spammers, and sending attachments to fresh email conversations is one convincing approach of having previous anti-phishing consciousness coaching (“Do you know this sender? Have you interacted with them before?”). In this situation it was once natural success that Joanne’s account were inactive for 8 years and that recipients of the booby-trapped attachments knew in an instant one thing was once amiss.
The usual recommendation isn’t to open unsolicited attachments except the sender and expect their email. Verifying that anyone in point of fact has simply despatched you a document titled
compromising-pics-of-the-boss.pdf takes mere seconds nowadays. ®