Phished by TIVO - Strange email

Discussion in 'TiVo Coffee House - TiVo Discussion' started by weetoots, Oct 9, 2007.

  1. Oct 9, 2007 #1 of 25
    weetoots

    weetoots New Member

    29
    0
    Aug 8, 2003
    Oahu, Hawaii
    I just received a very strange email supposedly from TIVO. I did not do anything to warrant this email. I already had a "season pass" for this program.
    Here is the email:

    Your online request for a Season Pass to "NCIS" has been received.

    All upcoming episodes of this Season Pass have been scheduled and
    now appear in the To Do List.

    Best regards,

    TiVo
    http://www.tivo.com/support/

    **********
    If you need to re-request this program, be sure to change at least one
    recording option so it will be recognized as a new request by your
    TiVo DVR.

    **********
    Note: This is an automatically generated e-mail notification.
    Please do not reply to this message if you need help; instead,
    please visit http://www.tivo.com/support/

    If you are not a TiVo customer and this e-mail has reached you in
    error, we apologize for the mistake. To let us know we should
    update our records, please visit
    http://customersupport.tivo.com/caseSubmitPresales.asp

    requestID: tivo:1190223927777
    logID: 2373779

    I would appreciate it if someone from TIVO would investigate this.

    Al
     
  2. Oct 9, 2007 #2 of 25
    petew

    petew Active Member

    1,448
    0
    Jul 31, 2003
    Pittsburg, CA
    The email looks genuine, I'd guess it's either another Tivo user that mistyped his email address or the Tivo server hicupped.
     
  3. Oct 9, 2007 #3 of 25
    client

    client New Member

    39
    0
    Nov 10, 2006
    Main Entry: phish·ing
    Pronunciation: 'fi-shi[ng]
    Function: noun
    Etymology: alteration (influenced by phreaking) of fishing
    : a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly
     
  4. Oct 9, 2007 #4 of 25
    petew

    petew Active Member

    1,448
    0
    Jul 31, 2003
    Pittsburg, CA
    And your point is?
     
  5. Oct 9, 2007 #5 of 25
    greg_burns

    greg_burns Now in HD

    6,392
    2
    May 21, 2004
    Slower...
    That that was not in any shape or form a phishing email. :p
     
  6. Oct 9, 2007 #6 of 25
    weetoots

    weetoots New Member

    29
    0
    Aug 8, 2003
    Oahu, Hawaii
    My point, oh great one, is I don't like getting email that is highly dubious. If this isn't Phishing or fishing, my mistake. I know just delete the email, but what about someone who is not as cautious. Considering all the junk we have to wach out for, I was concerned.

    BTW, "oh great one" is a compliment. No flame.
     
  7. dumbunny

    dumbunny New Member

    75
    0
    May 14, 2002
    Fremont, CA
    A typical phishing practice is to provide what looks like a legitimate URL, but have the actual target be some other site.

    I never paid attention to the numbering sequence before, but 1190223927777 is Sept 19 2007 in epoch milliseconds. This may be a numeric coincidence, however. Did someone in your household make an online season pass request to NCIS on or around the morning of Sept 19 2007?
     
  8. kmill14

    kmill14 New Member

    196
    0
    Dec 11, 2006
    So how is this phishing? Are you the only person in your household with access to the online scheduler?
     
  9. jlb

    jlb Go Pats!

    8,992
    288
    Dec 13, 2001
    Burlington, VT
    I think the server hiccuped (sp?). I had put requests in over a week ago for episodes of The War on PBS. I got home later that day and saw that they had not been received yet. Partially that may have been due to my network being out for a day. But the eps never came in after getting my network up again. But then they trickled in over the course of the next few days. So, something weird did seem to happen.
     
  10. Curtis

    Curtis New Member

    534
    0
    Dec 2, 2003
    There is no way to tell whether it is genuine without looking at the raw E-mail that shows the HTML. That's the only way to check the URLs that the links go to.
     
  11. ZeoTiVo

    ZeoTiVo I can't explain

    25,527
    2
    Jan 2, 2004
    true but what is to gain from such an email? Hopefully the OP reported the email on one of the URLs - at least in his post they all worked out to legit TiVo sites
     
  12. Gibbie

    Gibbie New Member

    10
    0
    Dec 1, 2005
    What's to gain? The unsuspecting phishee clicks the link that says
    And gives the phisher whatever information is asked for to "update the records." Most people won't fall for it, some will. Some will hand over the credit card information. Some will just get spyware installed from the forged site. I stopped a woman in my office just as she was about to type her CVV into an eBay/PayPal phish. When I asked her if she ever sold on eBay or had a PayPal account she told me no, but yet she was going to hand over credit card to protect the account she didn't have.

    It's most likely a phish, the best way to check is to try to find out what the URL is behind the link in the e-mail. My e-mail client shows it to me when I hover my mouse over it. Both in smart text and at the bottom of the e-mail. I wouldn't however click any of the links.
     
  13. petew

    petew Active Member

    1,448
    0
    Jul 31, 2003
    Pittsburg, CA
    The email the OP posted is word for word identical to the real Tivo email. As other's have pointed out without the actual email and headers it's impossible to make a determination with absolute certainty, but I did notice a message on my Tivo dated 10/6 that related to an online request I submitted in early September. So I'd say it's 99% certain that the Tivo online scheduling server(s) were rebooted and some backed up messages got sent 2-3 weeks late.
     
  14. Ruth

    Ruth Well-Known Member

    12,968
    535
    Jul 31, 2001
    Anchorage,...
    Did you originally schedule your NCIS season pass online? As others have posted, some old notifications seem to have gone out again recently. (Just the other day, I got one on my TiVo for a SP that already had been scheduled for a while.) That seems more likely to be the issue than your e-mail getting mixed up with someone else's.
     
  15. robm15

    robm15 New Member

    147
    0
    Feb 22, 2004
    Seattle, WA
    I agree with the majority that the email was probably a hiccup, but also agree that there is no way to know with out the raw original email. If I were a hacker, and wanted to implant a rogue program on your PC, this would be perfect opportunity. It looks legitimate, but you weren't expecting it, and so you click that link at the bottom like Gibbie pointed out. The OP may or may not be correct about it being a phishing attempt, but better safe than sorry since this was an unexpected Email.
     
  16. gonzotek

    gonzotek tivo_xml developer

    2,538
    59
    Sep 24, 2004
    Outside...
    All of the messages I have ever received from TiVo's Online scheduling service have been sent as Content-Type:text/plain, which in plain English, means that the original messages only had text urls and not hyperlinks. The OP's mail client must have parsed the message and automagically turned them into hyperlinks (gmail certainly does do this). Many banks and other organizations will similarly not distribute html-encoded mail and will require the receiver of a legitimate message to type (or cut and paste) a link to their site by hand. The message showing up days or weeks late(and/or more than once and/or not at all) is certainly not a great user experience and TiVo should work to prevent that from happening, but from a security standpoint, there's little more TiVo can do to guarantee the safety of their subscribers while also providing online scheduling email notifcations.
     
  17. ZeoTiVo

    ZeoTiVo I can't explain

    25,527
    2
    Jan 2, 2004
    good point on checking any URL before you click on it.
    I was making the more specific point that the URLs in the post were all the expected URLs for such an email from TiVo. So with the assumption that they look the same(by this I mean the actual link itself is the same) in the post as the email (which is fully an assumption) then thge email is most likely not a phish.

    My brain keeps thinking of larger monetary profit, so I forgot the gain of getting spyware loaded and selling some ads to send to the poor PC so hijacked
     
  18. greg_burns

    greg_burns Now in HD

    6,392
    2
    May 21, 2004
    Slower...
    I suppose this depends on your mail client, but normally hovering the mouse over a link in your email will reveal its true address in the status bar at the bottom. No need to click on them to see where they really go, nor look at the underlying html.
     
  19. smak

    smak TV MA SLV

    25,239
    1,819
    Feb 11, 2000
    NoHo, CA USA
    Disable your network card, and click on the link to see where it tries to take you.

    -smak-
     
  20. weetoots

    weetoots New Member

    29
    0
    Aug 8, 2003
    Oahu, Hawaii
    I do use online scheduling for Formula one races, but I have never used online to process a season pass.
    Guess maybe the computer hiccuped.

    thanks
     

Share This Page