Verification request/Talktalk | P2P Independent Forum

GSV3MIaC
Moderator

Posts: 5,699
Likes: 3,337

Verification request/Talktalk Oct 29, 2015 20:15:19 GMT

Quote

Post by GSV3MIaC on Oct 29, 2015 20:15:19 GMT

Oct 29, 2015 17:02:58 GMT mikes1531 said:

Oct 29, 2015 15:49:01 GMT ramblin rose said:

There is - it's just not obvious. You can get to the home page very easily by clicking on the SS logo; then it looks like you are logged out, but you aren't - you can use your browser back button to get back. Hopefully the mythical new site revamp will include a link directly from the normal account pages.

ablender: Further to what ramblin rose said, once you get to the SS home page you need to go to the bottom of that page and click on the 'Contact Us' link.

'looking like you are logged out when you aren't' isn't a great security feature! 8>.

General Systems Vehicle Three Minds in a Can .. bringing The Culture to a Supercluster near you. (Iain M. Banks, R.I.P.)

NB 'Moderator' superpowers extend to forum mechanics and rules interpretation. Anything else mentioned is (at best) a personal opinion.

ilmoro
Member of DD Central

'Wondering which of the bu***rs to blame, and watching for pigs on the wing.' - Pink Floyd

Posts: 11,329

Likes: 11,545

Verification request/Talktalk Oct 29, 2015 20:20:59 GMT

Quote

Post by ilmoro on Oct 29, 2015 20:20:59 GMT

Not sure the on site support form works anyway. Have used it several times recently & never had a response or an acknowledgement email. No problems with direct email, acknowledged and then a response received. Did mention this when I contacted them about a week ago

Minor shareholder in AC, BO, FO, CP, WA, Pfi, Ccube, Sdrs, AE, ABL. AC beta test. LAG, MTAG, FSAG

PLEASE NOTE : All opinions and observations made on this forum are my own view and made in a personal capacity. I have no links to any platform nor am I a financial professional so posts should not be considered financial advice or promotion. I accept no responsibility or liability for the accuracy, content, completeness, legality, or reliability of the information contained in my posts.

james

Posts: 2,205
Likes: 955

Verification request/Talktalk Oct 29, 2015 22:45:52 GMT

Quote

Post by james on Oct 29, 2015 22:45:52 GMT

Oct 29, 2015 11:56:33 GMT savingstream said:

Hi, yes these emails are from us. Perhaps the timing wasn't great...

Readers should also remember that it is impossible for SavingStream to know that an unseen email is from them because anyone and their dog can send an email with a SavingStream From address, claiming to be from SavingStream and asking for verification details. All that response can indicate is that some emails have been sent from SavingStream with that purpose. They can't indicate with a forum post* that the particular email you have received is from them.

Because a generic response like this adds nothing to your email anti-fraud security you should still contact SavingStream to confirm that you specifically have been asked by them to provide the details.

It does tell us that overall many of the emails are likely to be genuine. The problem for the email recipients is that they have no way to know if theirs is genuine until they contact SavingStream to confirm.

*That's not quite true. they could indicate tomorrow that all such email sent today with a security code in the email of abojo/dugusgsd7g78ghsghsgjhzxdg;yhd were from them and could update this each day after the day has passed. A mail fraudster would not know this code in time to use it because by the time of the post all emails that were valid with that code would already have been sent. but not necessarily delivered so there is still some room for fraud, a longer delay before disclosing the day's can reduce that potential.

Last Edit: Oct 29, 2015 22:46:43 GMT by james

mikes1531
Member of DD Central

Posts: 6,453
Likes: 2,320

Verification request/Talktalk Oct 30, 2015 4:06:07 GMT james likes this

Quote

Post by mikes1531 on Oct 30, 2015 4:06:07 GMT

Oct 29, 2015 22:45:52 GMT james said:

Oct 29, 2015 11:56:33 GMT savingstream said:

Hi, yes these emails are from us. Perhaps the timing wasn't great...

Readers should also remember that it is impossible for SavingStream to know that an unseen email is from them because anyone and their dog can send an email with a SavingStream From address, claiming to be from SavingStream and asking for verification details. All that response can indicate is that some emails have been sent from SavingStream with that purpose. They can't indicate with a forum post* that the particular email you have received is from them.

Because a generic response like this adds nothing to your email anti-fraud security you should still contact SavingStream to confirm that you specifically have been asked by them to provide the details.

It does tell us that overall many of the emails are likely to be genuine. The problem for the email recipients is that they have no way to know if theirs is genuine until they contact SavingStream to confirm.

*That's not quite true. they could indicate tomorrow that all such email sent today with a security code in the email of abojo/dugusgsd7g78ghsghsgjhzxdg;yhd were from them and could update this each day after the day has passed. A mail fraudster would not know this code in time to use it because by the time of the post all emails that were valid with that code would already have been sent. but not necessarily delivered so there is still some room for fraud, a longer delay before disclosing the day's can reduce that potential.

While what james wrote probably is correct, another thing to note is that the email did not ask that emails be sent by Replying to it. It said to send the documents to an address savingstream.co.uk so unless that domain has been hacked, any documents sent should go to SS no matter who sent the mail and whether or not it is a genuine request. Still, it doesn't hurt to ask SS whether they really do want further documentation from you. I have done that and am awaiting their reply.

james

Posts: 2,205
Likes: 955

Verification request/Talktalk Oct 30, 2015 7:03:17 GMT

Quote

Post by james on Oct 30, 2015 7:03:17 GMT

Oct 30, 2015 4:06:07 GMT mikes1531 said:

another thing to note is that the email did not ask that emails be sent by Replying to it. It said to send the documents to an address savingstream.co.uk so unless that domain has been hacked, any documents sent should go to SS no matter who sent the mail and whether or not it is a genuine request.

An issue there is that email addresses given in emails can't be trusted because HTML can be used to change the address from what is shown, depending on how the eamail is being read. Provided an already saved or hand typed address is used it should be safe to send the information as long as SavingStream's own email server is not compromised by either complete control, access to the server or access to the network traffic to it. Those are relatively low risks compared to the bigger issues but there undoubtedly have been hacks that have used the compromised mail server technique. In general, though, most victims just hand their details to whatever the email says and this stuff doesn't matter to someone who just dues that based on a claim in an email.

The legitimate emails are OK in that respect, the problem is that a reader here cant know if they got one of the genuine ones or one from some person trying to cheat them, so the usual precautions are needed, most critically not using the contact details given in an email but those that are already known to you and which are therefore much safer.

What SendingStream wrote wasn't bad in itself, it was just looking at too narrow a view: they know they sent some requests but they don't know that an individual actually received one of theirs. Of course on probability grounds its most likely that every recipient really did receive a request from SavingStream. It's just wise for recipients to always use the usual protective measures.