[HLUG] Odd security email

Julian Robbins joolsr1 at gmail.com
Sun Oct 13 12:56:43 UTC 2019


Hi Tom

The text is as received they weren't any links. Not a bad thing as you
shouldn't trust them anyway.

The email source can easily be faked.

I will change my password anyway but first time I've seen an email such
as this.

Julian


On Sun, 13 Oct 2019, 13:02 Tom English via Herefordshire, <
herefordshire at mailman.lug.org.uk> wrote:

>
>
> If they've "locked" it how you meant to login to change your password?
>
> Are there any links in email which would go to a "reset password" page
> perhaps not on booking.com?
>
> You could change it as a precaution - but make sure you login from their
> website not any links.
>
> Have you checked the email source to see if it appears genuine?
>
> On 2019-10-13 12:27, Julian Robbins via Herefordshire wrote:
>
> > Hi Everyone
> >
> > I just received the email purporting to be from booking.com
> >
> > First time I've seen an email quite like this.
> >
> > Read the message below then come back.
> >
> > Firstly, if they say they think my password has been compromised but via
> > another unconnected site . If it's unconnected how do they know my
> password
> > has been hacked? Perhaps they routinely run passwords against the 'have I
> > been owned list' ?
> >
> > It is very good security advice they give especially regarding changing
> > passwords and enabling TFA, but how do they know my password on a site
> > unconnected to them?
> >
> > Answers in a postcard please?
> >
> > Julian
> >
> > As a precaution, you need to reset your Booking.com password
> >
> > Hi Julian,
> >
> > We're getting in touch to let you know we have temporarily locked your
> > Booking.com account.
> >
> > During routine security monitoring, we discovered that your login
> > credentials may have been compromised via another site unconnected to
> > Booking.com. Because many people use the same email and password
> > combinations across multiple sites, we have temporarily locked your
> account
> > as a precaution. Your Booking.com account is safe and has not been
> > compromised.
> >
> > To access your account again, you simply need to reset your password. We
> > strongly advise you to do the same for any other sites and services where
> > you use the same password, creating a strong, unique password for each
> one.
> >
> > Resetting your password can be done in four easy steps:
> >
> > - Go to the Booking.com homepage
> > - Select 'Sign in' at the top of the homepage
> > - Click the 'Forgot your password?' link
> > - Enter your email address and we'll send you a link to reset your
> > password
> >
> > Enabling two factor authentication (where an additional log-in code is
> sent
> > to you, usually via a mobile device) is also one of the best ways you can
> > ensure the safety of your online accounts. You can enable this for your
> > Booking.com account in the Security tab on your Booking.com account
> > settings.
> >
> > We take your security and privacy very seriously, and will contact you
> > quickly if we notice anything unusual in the future.
> >
> > Many thanks,
> >
> > The Booking.com Security Team
>
>
> --
> Herefordshire LUG mailing list
> Web:  http://www.herefordshire.lug.org.uk
> List: https://mailman.lug.org.uk/mailman/listinfo/herefordshire


More information about the Herefordshire mailing list