TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Uh oh. Received unsolicited lost password reset email

Discussion in 'Model S: User Interface' started by Cosmacelf, Sep 1, 2013.

  1. Cosmacelf

    Cosmacelf Active Member

    Joined:
    Mar 6, 2013
    Messages:
    3,399
    Location:
    San Diego
    So I just got the email below, which was in fact sent by Tesla and looks like the email you would receive if you had said your password was lost.

    But I've never clicked the lost password button. Maybe someone is trying to hack into my account? Has anyone else receive a similar email recently?

    ----

    RESET YOUR PASSWORD

    To reset your password, click the link below or copy and paste it into your browser. You'll be asked to enter a new password. Please use the new password the next time you sign in.

    <link here>

    This link will be available for one week. After that, you can request a new password using the Password Reset link from the My Tesla sign in page. If you did not request a new password, please contact us at (888) 51-TESLA.

    Thank you,
     
  2. aviators99

    aviators99 Model S - R140

    Joined:
    Jan 1, 2010
    Messages:
    1,453
    Location:
    Weston, Florida, United States
    Could be someone who just mistyped their e-mail address. One of my e-mail addresses is just my last name, and people type it by mistake every time when they mean to type their firstname.lastname or firstinitial.lastname, or whatever. I wouldn't worry about it.
     
  3. Cosmacelf

    Cosmacelf Active Member

    Joined:
    Mar 6, 2013
    Messages:
    3,399
    Location:
    San Diego
    That's unlikely, my email address is very unusual and unique, especially the domain name.
     
  4. brianman

    brianman Burrito Founder

    Joined:
    Nov 10, 2011
    Messages:
    15,487
    If TEG gets bored enough, I'd love to see him crack this nut. Specifically: make some educated guesses at all or part of Cosmacelf's email address.
     
  5. AudubonB

    AudubonB Mild-mannered Moderator Lord Vetinari*

    Joined:
    Mar 24, 2013
    Messages:
    4,253
    Location:
    Denali Highway, Alaska
    I would get the willies, too, if I received that email.....but why didn't you first call that 888 number and only then, if needed, start this thread??????
     
  6. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    12,764
    Location:
    Texas
    Those kind of emails are typical phishing emails. I get them for every kind of service that has a login and is relatively well known. Usually it's banks, but FedEx and UPS are also very common. Some of the one's I've seen look very real. Usually the clue is that in the email there is one link to one of the following:

    http://x.co/<some garbage>
    Http://t.co/<some garbage>
    http://tinyurl.com/<twoorthreerandomwordsstrungtogether>
    http://bit.ly/<some garbage>
    http://www.tumblr.com/<some garbage>

    Also in the full headers, they don't come from the respective companies. Find the ip-address just before your ISP's ip-address and use Senderbase to look up the reputation for that ip-addresss.

    First I've heard of a Tesla phishing email though.

    The point is: Don't ever click on any email link that appears to ask for private information. No legitimate company ever sends those out.
     
  7. Zythryn

    Zythryn MS 70D, MX 90D

    Joined:
    Mar 18, 2009
    Messages:
    1,661
    Location:
    Minnesota
    If I ever see one of these types of emails and I didn't request it, I would NEVER click on any links nor dial any phone number in the email without first checking that number is indeed one of the company's real phone numbers.
    If you are really worried, independently go to the company's web site (not using the email links) and double check all your personal information and change the password.
     
  8. Cosmacelf

    Cosmacelf Active Member

    Joined:
    Mar 6, 2013
    Messages:
    3,399
    Location:
    San Diego
    Yes, please do try to guess my email address :)

    I did check the email headers and content very carefully and it was indeed sent by Tesla's mail server. It had a legit link to their password reset page.

    I did in fact call the phone number too - it went to a sales and marketing voice mailbox. I'm not sure what some poor sales intern is going to do with my voice mail, it might be amusing, but probably not useful.

    This thread was more to see if anyone else got such an email to see if this was an organised hacker attempt. If no one else got such an email, then I'm feeling a little bit exposed :scared:

    It is also possible that I clicked the "forgot password" link while bored driving in my car stopped at a set of lights. You should never use the web browser while driving, so this is totally a hypothetical situation. But thinking about it, it may have happened...
     
  9. AudubonB

    AudubonB Mild-mannered Moderator Lord Vetinari*

    Joined:
    Mar 24, 2013
    Messages:
    4,253
    Location:
    Denali Highway, Alaska
    Zythryn, why would you hesitate to call the number? Do people in the Real World nowadays (I'm barely out of the telegraph-lines-strung-atop-caribou-antlers phase here...) use computers instead of phones for calling, and presumably that could allow a hacker to gain entry?
     
  10. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    12,764
    Location:
    Texas
    Unless you use a land line with fibre optic cables, it's possible to listen in on conversations with the right equipment. A cellphone isn't any more secure in this regard than a computer, and a the signals going through a regular land line copper cable aren't all that hard to capture.

    Most security breaches are of the social engineering variety. The equipment used doesn't matter for this kind of attack.
     
  11. stopcrazypp

    stopcrazypp Well-Known Member

    Joined:
    Dec 8, 2007
    Messages:
    7,054
    Yep. The biggest recent high-profile hack (affecting NYT and Twitter) used email phishing:
    http://www.pcworld.com/article/2047757/high-profile-hack-attack-offers-a-lesson-for-other-at-risk-sites.html

    All it takes is that one person who failed to catch the phishing attempt and they can bring the whole thing down. We are only going to see more and more of this happening.
     
  12. brianman

    brianman Burrito Founder

    Joined:
    Nov 10, 2011
    Messages:
    15,487
    Ok that's it, I'm unplugging. See you guys.

    - - - Updated - - -

    Okay I'm back. Hehe.
     
  13. aviators99

    aviators99 Model S - R140

    Joined:
    Jan 1, 2010
    Messages:
    1,453
    Location:
    Weston, Florida, United States
    Holy crap. I just realized what your username is. I had one of those!
     
  14. Cosmacelf

    Cosmacelf Active Member

    Joined:
    Mar 6, 2013
    Messages:
    3,399
    Location:
    San Diego
    Yes, that was the start of my computer career when I was 13 years old. My dad bought me the Nextor, I think it was, PCB kit which I soldered together, solder bridges and all (I was just 13 after all). I befriended an IBM mainframe programmer at one of the computer meets and we wrote a Forth interpreter together using the mainframe as a cross assembler. We then made our own punch card readers for the Cosmacelf Elf to transfer the program down. A piece of wood with guide rails to slide the punched cards through with nine photo transistors embedded in the wood, and a 100 watt light bulb. Sorry for the trip down memory lane, but those really were the good old days.

    You know, I've been fortunate to be closely involved in a lot of different technology revolutions in my life. Microprocessors and the PC revolution was the first, Ethernet networking was another (although more minor), and the rise of the Internet was the last one I was closely involved with. I'm not closely involved with EVs, other than enjoying driving one, but it sure feels like history is repeating itself and this is yet another technology revolution. And based on my tour of SpaceX last week, it looks like Elon is similarly revolutionizing space transport.

    The interesting thing about the coming EV revolution for me is that it isn't obvious what subsidiary businesses you could start to capitalize on this coming revolution...
     
  15. DRM

    DRM Roadster #619

    Joined:
    Mar 10, 2008
    Messages:
    130
    Location:
    San Diego, California, United States
    A quick web search shows you own two domain names hosted by dreamhost. The email could've been sent to the <domainname>.[email protected] which would've then rerouted the email to your primary account. Also, you posted a pdf document online with your username in the properties. Best guess is that username at one of your domains is your primary email .... could've looked some more, but this is the 2-minute version.

    //dan.
     
  16. K5ING

    K5ING MegaMiler

    Joined:
    Feb 6, 2013
    Messages:
    291
    Location:
    Denton, Texas
    I never, ever click on any link in any e-mail I get. If I get an email from my bank, I just go directly to the bank's website itself. If I need to do something such as a password reset, it will tell me then. Same goes for forum messages, store emails, utility companies, and so on.

    I'm not even that worried about hackers. Many times, that phishing attempt is just to find valid email addresses. If you respond by clicking on the link, or call the number, they know that is a valid email address and you get bombarded with spam. If you call, then they have your number and you'll get sales calls.
     

Share This Page