Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

BP Chargemaster systems compromised?

VanillaAir_UK

Supporting Member
Jun 17, 2019
7,138
4,659
Surrey, UK
I got an email this morning supposedly from BP Pulse about spoof emails from their BP Chargemaster email address.

1616142515958.png


Anyone got similar and try the links at the bottom? Not 100% its genuine as I cannot see where the links take me so just being cautious. TBH I cannot actually remember signing up for BP Chargemaster unless its from Polar Instant. It is sent to an email alias that I do not widely use so one less likely (and recently confirmed) to be on any suckers lists. However recent widespread Microsoft Exchange Server compromises may have changed that.

Unfortunately I cannot check the links on phone without risk of opening active content and on PC I don't get the email body unless I again risk opening any active content.

If it is true, they have not helped themselves by sending the email with a browser view to what looks like a mailchimp

1616142039931.png
 
Last edited:

Bantam

Member
Jul 29, 2020
54
47
UK
I received this email too, never used BP Chargemaster/Polar. Although thinking about it, I may have signed up to the service as I went on a EV charging infrastructure signing up frenzy, to cover all eventuality of running out of charge when waiting for delivery of the my first EV, (totally unnecessary range anxiety issue I was dealing with at the time :) )
 

Cardo

Member
Sep 22, 2020
301
189
Surrey, UK
It appears genuine. The email was sent to the email I used to register to ChargeYourCar.

The reports I’ve seen about the malware emails appeared to be sent to people who had reported faulty chargers and contained mention of chargers being reported, so it wasn’t some random scatter gun approach that just pretended to come from BP Pulse. It appears there has been a data leak, and it’s always disappointing to see the very guarded and rowing for shore response in the follow up email. Though not unusual. I’ve reported to companies when specific email addresses I’ve used with them have immediately started receiving concerning emails just after signing up with them, and they almost always immediately state it’s nothing to do with them, if they bother responding at all.
 
  • Like
Reactions: Durzel

Avendit

Member
Apr 18, 2019
759
488
EDI
Yea, you don't inform the ICO on a phishing problem - this looks like something has been popped and some level of data comprised.

Suggest that if you re-use your charge your car or BP passwords you do a round of changing (and get a password safe).
 
  • Like
Reactions: Durzel

Jez_GB

Supporting Member
Dec 28, 2019
426
310
Nottinghamshire, UK
I received this email too, never used BP Chargemaster/Polar. Although thinking about it, I may have signed up to the service as I went on a EV charging infrastructure signing up frenzy, to cover all eventuality of running out of charge when waiting for delivery of the my first EV, (totally unnecessary range anxiety issue I was dealing with at the time :) )
This right here.... Just what I did 😆
 

Durzel

Active Member
Jul 17, 2019
2,798
1,820
Bath, UK
Yea, you don't inform the ICO on a phishing problem - this looks like something has been popped and some level of data comprised.

Suggest that if you re-use your charge your car or BP passwords you do a round of changing (and get a password safe).
This.

Their email is a bit cagey, I would argue intentionally. As @Avendit said you don't inform the ICO if someone is sending phishing emails as you, as that happens all the time anyway.

Surely they are obliged to say what information has been compromised? There is a chance presumably of credit card information having been leaked?
 

Avendit

Member
Apr 18, 2019
759
488
EDI
This.

Their email is a bit cagey, I would argue intentionally. As @Avendit said you don't inform the ICO if someone is sending phishing emails as you, as that happens all the time anyway.

Surely they are obliged to say what information has been compromised? There is a chance presumably of credit card information having been leaked?
I think the GDPR timeline saying that -something- has been compromised trump having a full understanding of the situaion before sending that email (as people used to use this as a result to essentially never send the email). Hopefully more details to come.

If there was even a hint of CC info I would hope they would have said more, but its on the system so it has to be a possibility. Just down to how they were storing and accessing them and how well the backend was designed.
 
  • Like
Reactions: Durzel

Avendit

Member
Apr 18, 2019
759
488
EDI
Out of curiosity, because I don't know what one is, what is the problem with a "mail chimp"???
It's just a popular bit of software for managing marketing mailing lists and so on. But it hides the true destination of a link (so the marketing people can count how many people clicked something then bounce you on to the content you wanted). But it makes it impossible for you to evaluate if the link is safe to click or not.

Sooo, bet to junk the email 😁
 
  • Like
Reactions: VanillaAir_UK

About Us

Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.

Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


SUPPORT TMC
Top