myteslalogs.com [possible scam]

[napabill]

I just received an email from someone named Ashman stating the following:

+++++++
Hope you must be really enjoying driving your Model S. However, how often have you calculated the electricity that you used for charging you Model S? Do you really remember how much you travelled yesterday or on a particular day or in a month or in a year?

Introducing a free online offering that will allow you to securely maintain your driving logs for your Model S.

The site Login starting today will offer registered Model S owners a way to maintain their driving logs. Model S owners will be able to register their vehicle details on the website at no cost and from that day onwards they will be able to access their driving logs - 24 hours a day - 365 days a year.

Cheers!

Ashman
+++++++++

Attached to the email is a purported pdf file "manual.pdf". I navigated to the website mentioned and it is just a place to login or create a login name. This all seems very fishy (pun intended). Anyone know anything about it? And, no, I haven't clicked on the pdf file.

Thanks.

 

[SCW-Greg]

Yeah if that's all you're seeing... that doesn't make a (legit) company. I'd wanna see a fully fleshed out website... Something that instills credibility.

Avoid it.

 

[FlasherZ]

I browsed through the terms & conditions, clearly states not related or in partnership with Tesla and it wants your Tesla Motors web login.

Ain't gonna happen here.

 

[markwj]

Scary. They want your 'my tesla' username and password, as well as last few digits of vin.

With that, they can locate, and unlock the vehicle.

Could be legit. But, I'd be very wary of giving out those details to a third party website.

 

[napabill]

But did anyone else actually receive this email, or just me. Trying to decide what level of paranoia I need to employ.:smile:

 

[Chris]

I have not received any such email. Beware!

 

[zeron]

It's a shame Tesla doesn't yet offer 3rd party access to the API. I certainly wouldn't give any website the "my tesla" credentials, but I would be happy to allow them access to trip meters/power usage for analysis.

 

[efusco]

I browsed through the terms & conditions, clearly states not related or in partnership with Tesla and it wants your Tesla Motors web login.

Ain't gonna happen here.

Yea, that's BS, no way I'm providing that!

 

[AnOutsider]

Mod Note: Title updated to indicate it's a possible scam so folks don't go to the site without reading the thread. Thanks Evan!

 

[Bardlebee]

Scary. They want your 'my tesla' username and password, as well as last few digits of vin.

With that, they can locate, and unlock the vehicle.

Could be legit. But, I'd be very wary of giving out those details to a third party website.

I would note that if they WERE affiliated with Tesla you would NOT have to register with your current "my Tesla" username and password. Much like facebook hook ins, you should/would be able to log in without needing to register. If it was legit in that sense they would pull your information from Tesla itself, no registration required. This is an obvious scam.

 

[NigelM]

But did anyone else actually receive this email, or just me. Trying to decide what level of paranoia I need to employ.:smile:

Well I wouldn't imagine they'd put up a whole website just to entrap one person. The IP registration is just outside Wichita and the website does have a contact e-mail address: [email protected]

That said, IMO there's something either very fishy or very naive about asking for your car Login and VIN. Once someone has that they also have access to your Tesla profile with full name, personal address, email and phone number.

Not good.

 

[PureAmps]

It may or may not be a "scam". But it is certainly not what I would call a professional offering, and I would not personally use it. Their terms of service and privacy policy were certainly not reviewed by a lawyer and do not mention any aspect of your vehicle's data. Also, this is a strange way to go about launching a product. Certainly sketchy.

As I wrote in the Model S REST API thread a couple months back, any developer who wants to offer a website that uses the current Telsa programming APIs needs to proceed with caution. Those APIs were not designed for 3rd-party access, so very careful consideration needs to be given to security design/architecture around any web application that uses them.

Disclaimer: I'm also working on my own vehicle telemetry website. I have specifically not opened it up to the others yet because I'm taking the time to design a security architecture that I (and hopefully Tesla Motors) would be comfortable with.

 

[Sousaphil]

But did anyone else actually receive this email, or just me. Trying to decide what level of paranoia I need to employ.:smile:

I received the email as well.

 

[jerry33]

TrustedSource.com (aka McAfee) indicates they use secureserver.net as their mail ISP.

The domain was registered on March 3, 2013

Their certificate is from starfieldtech.com (part of godaddy).

When you go directly to their site, there is only a login screen. Most legitimate sites have some information to describe what they do any why you should join, and you have a username and password specific to that site. It sure looks dicey to me.

 

[jomo25]

TrustedSource.com (aka McAfee) indicates they use secureserver.net as their mail ISP.

The domain was registered on March 3, 2013

Their certificate is from starfieldtech.com (part of godaddy).

When you go directly to their site, there is only a login screen. Most legitimate sites have some information to describe what they do any why you should join, and you have a username and password specific to that site. It sure looks dicey to me.

I've not gotten the email. Of course I've only had my MS for 2 weeks. But it is interesting that the 2 people who got it are AZ folks.

Smells very very fishy to me. Like someone who knows that with that exact info they can do whatever with the car: monitor it, start/stop charging, etc. I'd stay far away.

 

[napabill]

I've not gotten the email. Of course I've only had my MS for 2 weeks. But it is interesting that the 2 people who got it are AZ folks.

Smells very very fishy to me. Like someone who knows that with that exact info they can do whatever with the car: monitor it, start/stop charging, etc. I'd stay far away.

That settles it, I'm heading back to the friendly confines of California...tomorrow!:smile:

 

[Discoducky]

For someone to take the time in setting this up, then not announcing on this or TM forum and sending out emails asking for PII (Personally Identifiable Information) is astoundingly fishy. Hopefully the responsible party makes their legal intentions known.

 

[gocken2]

I got the e-mail as well. I think it's from someone from the AZ Tesla meetup that Mark put together.

 

[richkae]

Even if this is not a scam with the purpose of stealing your information - and it very likely is - any informationyou provide is at great risk because it is probably a site with weak security and someone else can steal your data from them.

There was another thread discussing the security implications of Tesla's in-car technology, and I pointed out then that the systems outside of the car have far greater risk. A phishing site like this is a great example.

It is a terrible idea to trust your Tesla Motors login info to this or any other non Tesla Motors site. Your car could end up stolen, or far worse.

 

[jomo25]

Yep, appears to be a mole in the PHX meet ups. I hadn't been to any of the recent ones due to not having a car yet. But they obviously know enough to ask for the pertinent information.