TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

myteslalogs.com [possible scam]

Discussion in 'Model S: User Interface' started by napabill, May 1, 2013.

  1. napabill

    napabill Active Member

    Joined:
    Apr 30, 2009
    Messages:
    1,324
    Location:
    Napa, California, United States
    I just received an email from someone named Ashman stating the following:

    +++++++
    Hope you must be really enjoying driving your Model S. However, how often have you calculated the electricity that you used for charging you Model S? Do you really remember how much you travelled yesterday or on a particular day or in a month or in a year?

    Introducing a free online offering that will allow you to securely maintain your driving logs for your Model S.

    The site Login starting today will offer registered Model S owners a way to maintain their driving logs. Model S owners will be able to register their vehicle details on the website at no cost and from that day onwards they will be able to access their driving logs - 24 hours a day - 365 days a year.

    Cheers!

    Ashman
    +++++++++

    Attached to the email is a purported pdf file "manual.pdf". I navigated to the website mentioned and it is just a place to login or create a login name. This all seems very fishy (pun intended). Anyone know anything about it? And, no, I haven't clicked on the pdf file.

    Thanks.
     
  2. SCW-Greg

    SCW-Greg Active Member

    Joined:
    Jun 13, 2012
    Messages:
    1,703
    Location:
    Beaverton, OR
    #2 SCW-Greg, May 1, 2013
    Last edited: May 1, 2013
    Yeah if that's all you're seeing... that doesn't make a (legit) company. I'd wanna see a fully fleshed out website... Something that instills credibility.

    Avoid it.
     
  3. FlasherZ

    FlasherZ Sig Model S + Sig Model X + Model 3 Resv

    Joined:
    Jun 21, 2012
    Messages:
    7,019
    I browsed through the terms & conditions, clearly states not related or in partnership with Tesla and it wants your Tesla Motors web login.

    Ain't gonna happen here.
     
  4. markwj

    markwj Moderator, Asia Pacific

    Joined:
    Apr 10, 2011
    Messages:
    3,655
    Location:
    Hong Kong
    Scary. They want your 'my tesla' username and password, as well as last few digits of vin.

    With that, they can locate, and unlock the vehicle.

    Could be legit. But, I'd be very wary of giving out those details to a third party website.
     
  5. napabill

    napabill Active Member

    Joined:
    Apr 30, 2009
    Messages:
    1,324
    Location:
    Napa, California, United States
    But did anyone else actually receive this email, or just me. Trying to decide what level of paranoia I need to employ.:smile:
     
  6. Chris

    Chris Member

    Joined:
    Mar 22, 2011
    Messages:
    201
    Location:
    Maryland
    I have not received any such email. Beware!
     
  7. zeron

    zeron Member

    Joined:
    Dec 30, 2012
    Messages:
    72
    Location:
    Milky Way
    It's a shame Tesla doesn't yet offer 3rd party access to the API. I certainly wouldn't give any website the "my tesla" credentials, but I would be happy to allow them access to trip meters/power usage for analysis.
     
  8. efusco

    efusco Moderator - Model S & X forums

    Joined:
    Mar 29, 2009
    Messages:
    4,585
    Location:
    Nixa, Missouri, United States
    Yea, that's BS, no way I'm providing that!
     
  9. AnOutsider

    AnOutsider S532 # XS27

    Joined:
    Apr 3, 2009
    Messages:
    11,923
    Mod Note: Title updated to indicate it's a possible scam so folks don't go to the site without reading the thread. Thanks Evan!
     
  10. Bardlebee

    Bardlebee Member

    Joined:
    Apr 4, 2012
    Messages:
    599
    Location:
    San Antonio, TX

    I would note that if they WERE affiliated with Tesla you would NOT have to register with your current "my Tesla" username and password. Much like facebook hook ins, you should/would be able to log in without needing to register. If it was legit in that sense they would pull your information from Tesla itself, no registration required. This is an obvious scam.
     
  11. NigelM

    NigelM Recovering Member

    Joined:
    Apr 3, 2011
    Messages:
    13,257
    Location:
    Sarasota, FL
    Well I wouldn't imagine they'd put up a whole website just to entrap one person. The IP registration is just outside Wichita and the website does have a contact e-mail address: [email protected]

    That said, IMO there's something either very fishy or very naive about asking for your car Login and VIN. Once someone has that they also have access to your Tesla profile with full name, personal address, email and phone number.

    Not good.
     
  12. PureAmps

    PureAmps Model S P85 (#2817)

    Joined:
    Oct 22, 2012
    Messages:
    354
    Location:
    SF Bay Area
    It may or may not be a "scam". But it is certainly not what I would call a professional offering, and I would not personally use it. Their terms of service and privacy policy were certainly not reviewed by a lawyer and do not mention any aspect of your vehicle's data. Also, this is a strange way to go about launching a product. Certainly sketchy.

    As I wrote in the Model S REST API thread a couple months back, any developer who wants to offer a website that uses the current Telsa programming APIs needs to proceed with caution. Those APIs were not designed for 3rd-party access, so very careful consideration needs to be given to security design/architecture around any web application that uses them.

    Disclaimer: I'm also working on my own vehicle telemetry website. I have specifically not opened it up to the others yet because I'm taking the time to design a security architecture that I (and hopefully Tesla Motors) would be comfortable with.
     
  13. Sousaphil

    Sousaphil P2,595

    Joined:
    Mar 2, 2012
    Messages:
    160
    Location:
    Denver, CO
    I received the email as well.
     
  14. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    12,748
    Location:
    Texas
    TrustedSource.com (aka McAfee) indicates they use secureserver.net as their mail ISP.

    The domain was registered on March 3, 2013

    Their certificate is from starfieldtech.com (part of godaddy).

    When you go directly to their site, there is only a login screen. Most legitimate sites have some information to describe what they do any why you should join, and you have a username and password specific to that site. It sure looks dicey to me.
     
  15. jomo25

    jomo25 P4398

    Joined:
    Mar 16, 2012
    Messages:
    1,938
    Location:
    Tempe, AZ
    I've not gotten the email. Of course I've only had my MS for 2 weeks. But it is interesting that the 2 people who got it are AZ folks.

    Smells very very fishy to me. Like someone who knows that with that exact info they can do whatever with the car: monitor it, start/stop charging, etc. I'd stay far away.
     
  16. napabill

    napabill Active Member

    Joined:
    Apr 30, 2009
    Messages:
    1,324
    Location:
    Napa, California, United States
    That settles it, I'm heading back to the friendly confines of California...tomorrow!:smile:
     
  17. Discoducky

    Discoducky Active Member

    Joined:
    Dec 25, 2011
    Messages:
    2,883
    Location:
    Seattle
    For someone to take the time in setting this up, then not announcing on this or TM forum and sending out emails asking for PII (Personally Identifiable Information) is astoundingly fishy. Hopefully the responsible party makes their legal intentions known.
     
  18. gocken2

    gocken2 Model S: P6931

    Joined:
    Jan 24, 2012
    Messages:
    101
    Location:
    Phoenix, AZ
    I got the e-mail as well. I think it's from someone from the AZ Tesla meetup that Mark put together.
     
  19. richkae

    richkae VIN587

    Joined:
    Jan 15, 2008
    Messages:
    1,917
    Even if this is not a scam with the purpose of stealing your information - and it very likely is - any informationyou provide is at great risk because it is probably a site with weak security and someone else can steal your data from them.

    There was another thread discussing the security implications of Tesla's in-car technology, and I pointed out then that the systems outside of the car have far greater risk. A phishing site like this is a great example.

    It is a terrible idea to trust your Tesla Motors login info to this or any other non Tesla Motors site. Your car could end up stolen, or far worse.
     
  20. jomo25

    jomo25 P4398

    Joined:
    Mar 16, 2012
    Messages:
    1,938
    Location:
    Tempe, AZ
    Yep, appears to be a mole in the PHX meet ups. I hadn't been to any of the recent ones due to not having a car yet. But they obviously know enough to ask for the pertinent information.
     

Share This Page