Phishing attempt from entity purporting to be TiVo

Discussion in 'TiVo Coffee House - TiVo Discussion' started by jlb, Mar 18, 2020.

  1. jlb

    jlb Go Pats!

    9,115
    335
    Dec 13, 2001
    Burlington, VT

    Advertisements

    Just received an email from an entity purporting to be TiVo. At least it appears to be phishing. Is there an email at TiVo to communicate this info ?


    Sent from my iPhone using Tapatalk
     
  2. Noelmel

    Noelmel Active Member

    284
    121
    Nov 6, 2014
    Cincinnati, OH
    What was the email? I got one earlier for a survey and to join the TiVo testers panel. Hope it wasn’t that cuz I filled it out lol


    Sent from my iPhone using Tapatalk
     
  3. jlb

    jlb Go Pats!

    9,115
    335
    Dec 13, 2001
    Burlington, VT
    Here’s the email and the header. The language is off a bit too,

    [​IMG]
    [​IMG]
    [​IMG]


    Sent from my iPhone using Tapatalk
     
    Noelmel likes this.
  4. nrc

    nrc Cracker Soul

    2,490
    34
    Nov 17, 1999
    Living in a...
    I got three of these. The links appear to go to store.tivo.com which looks like it may have been hijacked.

    The concerning thing about this is that it contains my email address and customer name, so other information may have leaked.
     
    Last edited: Mar 18, 2020
    Noelmel likes this.
  5. jlb

    jlb Go Pats!

    9,115
    335
    Dec 13, 2001
    Burlington, VT

    Advertisements

    So when I browsed to TiVo.com to change my PW was that maybe a false site? Can someone else browse and see?


    Sent from my iPhone using Tapatalk
     
  6. jlb

    jlb Go Pats!

    9,115
    335
    Dec 13, 2001
    Burlington, VT
    Maybe I should remove my payment method at this point (if I even have one) as I’m Lifetime


    ETA: looks like you can’t just delete a card but the one in there is not valid for me anymore anyways so it’s as good as having nothing there I guess.

    Sent from my iPhone using Tapatalk
     
  7. nrc

    nrc Cracker Soul

    2,490
    34
    Nov 17, 1999
    Living in a...
    If you browsed directly to TiVo | Best OTA DVRs, Cable DVRs and Streaming rather than following any links in that email you're probably ok for now. But I would change it again after they resolve whatever is going on because if they were compromised we don't know if they still have access to the database.

    I wondered if maybe this was a something in development misfiring but the fact that the emails are so amateurish and contain boilerplate like "example.com" suggests it's a hack.
     
  8. jlb

    jlb Go Pats!

    9,115
    335
    Dec 13, 2001
    Burlington, VT
  9. nrc

    nrc Cracker Soul

    2,490
    34
    Nov 17, 1999
    Living in a...
    It looks like store.tivo.com was a former ecommerce site that TiVo moved away from. Wondering if this was part of the business transition and the old site just got left behind. Site search on Google shows that it had links for VOX so it wasn't all that long ago.

    In any case, it appears that it was left out there, probably unmanaged, and was breached. Hopefully the encrypted passwords were kept separate and if there's in credit card information in there it has aged out by now.

    If this is the case they probably have no access to the current infrastructure and changes on the www.tivo.com site are safe.
     
  10. jlb

    jlb Go Pats!

    9,115
    335
    Dec 13, 2001
    Burlington, VT
    This is all prob well and good and yes, my CC that was on there was no longer valid. But I don’t understand the dropping of PW length max to 16.

    Also, if a breach, they do have to report it, right?


    Sent from my iPhone using Tapatalk
     
  11. dlfl

    dlfl Cranky old novice

    8,955
    749
    Jul 6, 2006
    Dayton OH
    Don’t assume your credit card can’t be charged just because they have an old expiration date. If the account number is different then yes but I’ve been told charges will go through even if the vendor has an invalid expiration date.

    I got that email too but ignored it because I don’t anticipate ever using the TiVo store. And I never click on links given in emails, even if I’m 99% sure they are valid.
     
  12. lstone19

    lstone19 Member

    45
    3
    Mar 28, 2003
    This is odd. First, the mail From header says owner@example.com. example.com is a reserved name for use as an example in documentation and similar. It is not supposed to be real. The only link in the email goes to store.tivo.com which as stated above, seems to be abandoned. I did not click on the link in the email since it seems to be coded to identify who clicked on it but I did try just http://store.tivo.com/ which redirected to https://store.tivo.com/ and then returned "403 Forbidden". But as store.tivo.com is a subdomain of tivo.com, unless TiVo's domain name service has been hacked, the name and where it goes is under TiVo's control so someone can't just "steal" the name (most phishing schemes work by directing you to a totally different domain; you can easily create a totally different domain name (the part just before the .com, etc.) and a fake site under it fairly easily but to create a fake site as a subdomain (third level name such as the store part of store.tivo.com) requires compromising the domain name service).

    I'm guessing this was a test script whose results escaped in to the wild but I am surprised there has been no "Oops" follow-up from TiVo.
     
    Last edited: Mar 19, 2020
  13. wizwor

    wizwor Active Member

    955
    243
    Dec 17, 2013
  14. lstone19

    lstone19 Member

    45
    3
    Mar 28, 2003
    wizwor likes this.
  15. jlb

    jlb Go Pats!

    9,115
    335
    Dec 13, 2001
    Burlington, VT
    It was a totally old CC number so we are good. And I’m with you. I didn’t click on anything in the email.


    Sent from my iPhone using Tapatalk
     
  16. Pork_Chops

    Pork_Chops New Member

    2
    0
    Mar 19, 2020
    I received the same email today, which included my personal contact information and originating from owner@example.com. I think Tivo needs to send something to customers about the breach ASAP.
     
  17. synch22

    synch22 Member

    364
    12
    Dec 30, 2003
    I think it’s legit. Go to TiVo.com and the same offering ... and official site.
     
  18. dianebrat

    dianebrat wait.. I did what? TCF Club

    12,986
    2,126
    Jul 6, 2002
    boston'ish
    There is nothing to suggest it's phishing since all the links are legitimate Tivo owned addresses.
    I'm with the others suggesting it was a test script that got let out, there is zero signs that there was any breach, and many signs that it's someone being dumb.
     
  19. JoeKustra

    JoeKustra in the other Alabama TCF Club

    19,813
    3,615
    Dec 7, 2012
    Ashland, PA...
    At TiVo, that doesn't narrow it down too much. :rolleyes:
     
    mrsean and shenders like this.
  20. ManeJon

    ManeJon Active Member

    180
    44
    Apr 14, 2018
    I received email also-looked very strange so I didn't click on it.

    Go Whalers
     
    sehale likes this.

Share This Page

spam firewall

Advertisements