[HLUG] Odd security email

Julian Robbins joolsr1 at gmail.com
Sun Oct 13 21:49:24 UTC 2019 

Hi David

Thanks for the email - the fact Booking were concerned about it implies
that it is a strange spam email. I didn't see any links on there too, which
is all the more weird. The actual advice was sensible therein too . Yes it
was an odd email with all sorts of strange overtones . I forget to say I
often do use different passwords for different services and use
bitwarden.org to store them with complex and differing passwords.

Thanks
Julian

On Sun, 13 Oct 2019 at 20:01, david winterton via Herefordshire <
herefordshire at mailman.lug.org.uk> wrote:

> Hi Julian,
> I had exactly the same problem,  most worryingly just after I returned home
> from my holiday I had booked using booking.com.
> I am 90% certain its spam,  but I phoned booking.com and they sounded
> quite
> concerned about it,  but I never heard anything from them.
> However that was three months ago and nothing much has happened so I think
> just delete it
> Yours David
>
> On Sun, 13 Oct 2019, 13:56 Julian Robbins via Herefordshire, <
> herefordshire at mailman.lug.org.uk> wrote:
>
> > Hi Tom
> >
> > The text is as received they weren't any links. Not a bad thing as you
> > shouldn't trust them anyway.
> >
> > The email source can easily be faked.
> >
> > I will change my password anyway but first time I've seen an email such
> > as this.
> >
> > Julian
> >
> >
> > On Sun, 13 Oct 2019, 13:02 Tom English via Herefordshire, <
> > herefordshire at mailman.lug.org.uk> wrote:
> >
> > >
> > >
> > > If they've "locked" it how you meant to login to change your password?
> > >
> > > Are there any links in email which would go to a "reset password" page
> > > perhaps not on booking.com?
> > >
> > > You could change it as a precaution - but make sure you login from
> their
> > > website not any links.
> > >
> > > Have you checked the email source to see if it appears genuine?
> > >
> > > On 2019-10-13 12:27, Julian Robbins via Herefordshire wrote:
> > >
> > > > Hi Everyone
> > > >
> > > > I just received the email purporting to be from booking.com
> > > >
> > > > First time I've seen an email quite like this.
> > > >
> > > > Read the message below then come back.
> > > >
> > > > Firstly, if they say they think my password has been compromised but
> > via
> > > > another unconnected site . If it's unconnected how do they know my
> > > password
> > > > has been hacked? Perhaps they routinely run passwords against the
> > 'have I
> > > > been owned list' ?
> > > >
> > > > It is very good security advice they give especially regarding
> changing
> > > > passwords and enabling TFA, but how do they know my password on a
> site
> > > > unconnected to them?
> > > >
> > > > Answers in a postcard please?
> > > >
> > > > Julian
> > > >
> > > > As a precaution, you need to reset your Booking.com password
> > > >
> > > > Hi Julian,
> > > >
> > > > We're getting in touch to let you know we have temporarily locked
> your
> > > > Booking.com account.
> > > >
> > > > During routine security monitoring, we discovered that your login
> > > > credentials may have been compromised via another site unconnected to
> > > > Booking.com. Because many people use the same email and password
> > > > combinations across multiple sites, we have temporarily locked your
> > > account
> > > > as a precaution. Your Booking.com account is safe and has not been
> > > > compromised.
> > > >
> > > > To access your account again, you simply need to reset your password.
> > We
> > > > strongly advise you to do the same for any other sites and services
> > where
> > > > you use the same password, creating a strong, unique password for
> each
> > > one.
> > > >
> > > > Resetting your password can be done in four easy steps:
> > > >
> > > > - Go to the Booking.com homepage
> > > > - Select 'Sign in' at the top of the homepage
> > > > - Click the 'Forgot your password?' link
> > > > - Enter your email address and we'll send you a link to reset your
> > > > password
> > > >
> > > > Enabling two factor authentication (where an additional log-in code
> is
> > > sent
> > > > to you, usually via a mobile device) is also one of the best ways you
> > can
> > > > ensure the safety of your online accounts. You can enable this for
> your
> > > > Booking.com account in the Security tab on your Booking.com account
> > > > settings.
> > > >
> > > > We take your security and privacy very seriously, and will contact
> you
> > > > quickly if we notice anything unusual in the future.
> > > >
> > > > Many thanks,
> > > >
> > > > The Booking.com Security Team
> > >
> > >
> > > --
> > > Herefordshire LUG mailing list
> > > Web:  http://www.herefordshire.lug.org.uk
> > > List: https://mailman.lug.org.uk/mailman/listinfo/herefordshire
> > --
> > Herefordshire LUG mailing list
> > Web:  http://www.herefordshire.lug.org.uk
> > List: https://mailman.lug.org.uk/mailman/listinfo/herefordshire
> --
> Herefordshire LUG mailing list
> Web:  http://www.herefordshire.lug.org.uk
> List: https://mailman.lug.org.uk/mailman/listinfo/herefordshire

More information about the Herefordshire mailing list