Email with your Fodor's login information
Oct 17th, 2007, 06:07 AM
#1
Original Poster
Join Date: Sep 2008
Posts: 2,804
Likes: 0
Received 0 Likes
on
0 Posts
Email with your Fodor's login information
Hello all-
It has come to our attention that many members received an email earlier today containing their screen name and a "new" password.
Please ignore and delete these emails. Your passwords remain secure and have not changed. We are investigating the cause of this mailing and when we know more we'll certainly relay that information on to you.
We apologize for the inconvenience.
Best,
Katie
It has come to our attention that many members received an email earlier today containing their screen name and a "new" password.
Please ignore and delete these emails. Your passwords remain secure and have not changed. We are investigating the cause of this mailing and when we know more we'll certainly relay that information on to you.
We apologize for the inconvenience.
Best,
Katie
Oct 17th, 2007, 07:25 AM
#7
Join Date: Feb 2003
Posts: 638
Likes: 0
Received 0 Likes
on
0 Posts
I got one of those emails late last night and immediately sent an email to Fodors asking if it was legit. Haven't heard back from them but saw this first thing this a.m. Glad you're on top of it. Thanks Fodors.
Susan
Susan
Oct 17th, 2007, 07:29 AM
#8
Join Date: Jan 2003
Posts: 10,514
Likes: 0
Received 0 Likes
on
0 Posts
I received one, too. Grew suspicious because I had already successfully logged in using my "old" PW, and did so again at this session. Forwarded it to Katie (Katie - feel free to ignore that now) but this gives me the info I need.
Oct 17th, 2007, 07:32 AM
#10
Original Poster
Join Date: Sep 2008
Posts: 2,804
Likes: 0
Received 0 Likes
on
0 Posts
An update: it turns out that this mailing was not the work of phishers as suspected by many of you.
An internal mail error automatically sent out those emails to those members who had EVER requested a new password in all of their time on the site. The "new" passwords are not connected to those accounts; please ignore and delete the email. You do not need to change your password.
So rest assured, all is fine and well. We apologize for the error and for the needless email.
Thanks for your patience in this matter.
Best,
Katie
Community Editor
An internal mail error automatically sent out those emails to those members who had EVER requested a new password in all of their time on the site. The "new" passwords are not connected to those accounts; please ignore and delete the email. You do not need to change your password.
So rest assured, all is fine and well. We apologize for the error and for the needless email.
Thanks for your patience in this matter.
Best,
Katie
Community Editor
Oct 17th, 2007, 07:43 AM
#11
Join Date: Jan 2006
Posts: 1,458
Likes: 0
Received 0 Likes
on
0 Posts
Iregeo, even though this turns out not to have been a phishing attempt, your question deserves an answer.
It's nothing more than hacker-speak for "fishing", as in fishing for information. It's a form of what they call "social engineering", whereby a bad guy attempts to pry information out of you not by technical wizardry but by old-fashioned conversation.
Social engineering is by far the most effective hacking technique of all. Most of the famous systems crackers like Kevin Mitnick never actually broke any security systems themselves; they just sweet-talked secretaries and phone support people into giving up passwords, usually by pretending to be someone with a legitimate reason for it (like a telephone lineman up on a pole, for instance).
Modern phishing involves mass-emailing a ton of people with an official-sounding request for your password or other information. It's like fishing, because there are a million fish (users like you and me), and they're just going to throw their hook out there and hope someone bites. They phish for Ebay passwords, Paypal passwords, bank passwords, email passwords, whatever they can get.
Because their attempts are so automated these days, they can send out literally millions of these fake requests in a day -- so if even just 0.001% of people "take the hook", they're successful.
Even a Fodors password might be useful, since a lot of people use the same password for lots of different things (a bad idea).
It's nothing more than hacker-speak for "fishing", as in fishing for information. It's a form of what they call "social engineering", whereby a bad guy attempts to pry information out of you not by technical wizardry but by old-fashioned conversation.
Social engineering is by far the most effective hacking technique of all. Most of the famous systems crackers like Kevin Mitnick never actually broke any security systems themselves; they just sweet-talked secretaries and phone support people into giving up passwords, usually by pretending to be someone with a legitimate reason for it (like a telephone lineman up on a pole, for instance).
Modern phishing involves mass-emailing a ton of people with an official-sounding request for your password or other information. It's like fishing, because there are a million fish (users like you and me), and they're just going to throw their hook out there and hope someone bites. They phish for Ebay passwords, Paypal passwords, bank passwords, email passwords, whatever they can get.
Because their attempts are so automated these days, they can send out literally millions of these fake requests in a day -- so if even just 0.001% of people "take the hook", they're successful.
Even a Fodors password might be useful, since a lot of people use the same password for lots of different things (a bad idea).
Thread
Original Poster
Forum
Replies
Last Post
Katie_H
Australia & the Pacific
5
Oct 23rd, 2007 02:25 PM
