Hello all-

It has come to our attention that many members received an email earlier today containing their screen name and a "new" password.

Please ignore and delete these emails. Your passwords remain secure and have not changed. We are investigating the cause of this mailing and when we know more we'll certainly relay that information on to you.

We apologize for the inconvenience.

Best,
Katie

Thanks for the quick reply!

Thank you Katie.

ttt

Thanks for the heads up on the phishing expedition, K.

ira, could you please provide a bit more info? I'm familiar with the term "phishing", but honestly don't know what it means. Thanks.

I got one of those emails late last night and immediately sent an email to Fodors asking if it was legit. Haven't heard back from them but saw this first thing this a.m. Glad you're on top of it. Thanks Fodors.
Susan

I received one, too. Grew suspicious because I had already successfully logged in using my "old" PW, and did so again at this session. Forwarded it to Katie (Katie - feel free to ignore that now) but this gives me the info I need.

ttt

An update: it turns out that this mailing was not the work of phishers as suspected by many of you.

An internal mail error automatically sent out those emails to those members who had EVER requested a new password in all of their time on the site. The "new" passwords are not connected to those accounts; please ignore and delete the email. You do not need to change your password.

So rest assured, all is fine and well. We apologize for the error and for the needless email.

Thanks for your patience in this matter.

Best,
Katie
Community Editor

Iregeo, even though this turns out not to have been a phishing attempt, your question deserves an answer.

It's nothing more than hacker-speak for "fishing", as in fishing for information. It's a form of what they call "social engineering", whereby a bad guy attempts to pry information out of you not by technical wizardry but by old-fashioned conversation.

Social engineering is by far the most effective hacking technique of all. Most of the famous systems crackers like Kevin Mitnick never actually broke any security systems themselves; they just sweet-talked secretaries and phone support people into giving up passwords, usually by pretending to be someone with a legitimate reason for it (like a telephone lineman up on a pole, for instance).

Modern phishing involves mass-emailing a ton of people with an official-sounding request for your password or other information. It's like fishing, because there are a million fish (users like you and me), and they're just going to throw their hook out there and hope someone bites. They phish for Ebay passwords, Paypal passwords, bank passwords, email passwords, whatever they can get.

Because their attempts are so automated these days, they can send out literally millions of these fake requests in a day -- so if even just 0.001% of people "take the hook", they're successful.

Even a Fodors password might be useful, since a lot of people use the same password for lots of different things (a bad idea).

Thanks for the eduaction!

I sent an email to Fodor's, too, before I read this. Thanks for clearing it up.

topping

ttt

maybe top again

ttt

I also received the e-mail and immediately replaced my old password with the new one (where I keep them to remember them) - so now I don't lnow my old password.

Thanks. Luckily I was too busy to change it, and got in successfully yesterday and promptly forgot I'd gotten the e-mail.