[weetoots]

I just received a very strange email supposedly from TIVO. I did not do anything to warrant this email. I already had a "season pass" for this program.
Here is the email:

Your online request for a Season Pass to "NCIS" has been received.

All upcoming episodes of this Season Pass have been scheduled and
now appear in the To Do List.

Best regards,

TiVo
http://www.tivo.com/support/

**********
If you need to re-request this program, be sure to change at least one
recording option so it will be recognized as a new request by your
TiVo DVR.

**********
Note: This is an automatically generated e-mail notification.
Please do not reply to this message if you need help; instead,
please visit http://www.tivo.com/support/

If you are not a TiVo customer and this e-mail has reached you in
error, we apologize for the mistake. To let us know we should
update our records, please visit
http://customersupport.tivo.com/caseSubmitPresales.asp

requestID: tivo:1190223927777
logID: 2373779

I would appreciate it if someone from TIVO would investigate this.

Al

 

[petew]

The email looks genuine, I'd guess it's either another Tivo user that mistyped his email address or the Tivo server hicupped.

 

[client]

Main Entry: phish·ing
Pronunciation: 'fi-shi[ng]
Function: noun
Etymology: alteration (influenced by phreaking) of fishing
: a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly

 

[petew]

Main Entry: phish·ing
Pronunciation: 'fi-shi[ng]
Function: noun
Etymology: alteration (influenced by phreaking) of fishing
: a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly

And your point is?

 

[greg_burns]

And your point is?

That that was not in any shape or form a phishing email.

 

[weetoots]

My point, oh great one, is I don't like getting email that is highly dubious. If this isn't Phishing or fishing, my mistake. I know just delete the email, but what about someone who is not as cautious. Considering all the junk we have to wach out for, I was concerned.

BTW, "oh great one" is a compliment. No flame.

 

[dumbunny]

A typical phishing practice is to provide what looks like a legitimate URL, but have the actual target be some other site.

I never paid attention to the numbering sequence before, but 1190223927777 is Sept 19 2007 in epoch milliseconds. This may be a numeric coincidence, however. Did someone in your household make an online season pass request to NCIS on or around the morning of Sept 19 2007?

 

[kmill14]

So how is this phishing? Are you the only person in your household with access to the online scheduler?

 

[jlb]

I think the server hiccuped (sp?). I had put requests in over a week ago for episodes of The War on PBS. I got home later that day and saw that they had not been received yet. Partially that may have been due to my network being out for a day. But the eps never came in after getting my network up again. But then they trickled in over the course of the next few days. So, something weird did seem to happen.

 

[Curtis]

The email looks genuine, I'd guess it's either another Tivo user that mistyped his email address or the Tivo server hicupped.

There is no way to tell whether it is genuine without looking at the raw E-mail that shows the HTML. That's the only way to check the URLs that the links go to.

 

[ZeoTiVo]

There is no way to tell whether it is genuine without looking at the raw E-mail that shows the HTML. That's the only way to check the URLs that the links go to.

true but what is to gain from such an email? Hopefully the OP reported the email on one of the URLs - at least in his post they all worked out to legit TiVo sites

 

[Gibbie]

true but what is to gain from such an email? Hopefully the OP reported the email on one of the URLs - at least in his post they all worked out to legit TiVo sites

What's to gain? The unsuspecting phishee clicks the link that says

If you are not a TiVo customer and this e-mail has reached you in
error, we apologize for the mistake. To let us know we should
update our records, please visit

And gives the phisher whatever information is asked for to "update the records." Most people won't fall for it, some will. Some will hand over the credit card information. Some will just get spyware installed from the forged site. I stopped a woman in my office just as she was about to type her CVV into an eBay/PayPal phish. When I asked her if she ever sold on eBay or had a PayPal account she told me no, but yet she was going to hand over credit card to protect the account she didn't have.

It's most likely a phish, the best way to check is to try to find out what the URL is behind the link in the e-mail. My e-mail client shows it to me when I hover my mouse over it. Both in smart text and at the bottom of the e-mail. I wouldn't however click any of the links.

 

[petew]

The email the OP posted is word for word identical to the real Tivo email. As other's have pointed out without the actual email and headers it's impossible to make a determination with absolute certainty, but I did notice a message on my Tivo dated 10/6 that related to an online request I submitted in early September. So I'd say it's 99% certain that the Tivo online scheduling server(s) were rebooted and some backed up messages got sent 2-3 weeks late.

 

[Ruth]

Did you originally schedule your NCIS season pass online? As others have posted, some old notifications seem to have gone out again recently. (Just the other day, I got one on my TiVo for a SP that already had been scheduled for a while.) That seems more likely to be the issue than your e-mail getting mixed up with someone else's.

 

[robm15]

I agree with the majority that the email was probably a hiccup, but also agree that there is no way to know with out the raw original email. If I were a hacker, and wanted to implant a rogue program on your PC, this would be perfect opportunity. It looks legitimate, but you weren't expecting it, and so you click that link at the bottom like Gibbie pointed out. The OP may or may not be correct about it being a phishing attempt, but better safe than sorry since this was an unexpected Email.

 

[gonzotek]

All of the messages I have ever received from TiVo's Online scheduling service have been sent as Content-Type:text/plain, which in plain English, means that the original messages only had text urls and not hyperlinks. The OP's mail client must have parsed the message and automagically turned them into hyperlinks (gmail certainly does do this). Many banks and other organizations will similarly not distribute html-encoded mail and will require the receiver of a legitimate message to type (or cut and paste) a link to their site by hand. The message showing up days or weeks late(and/or more than once and/or not at all) is certainly not a great user experience and TiVo should work to prevent that from happening, but from a security standpoint, there's little more TiVo can do to guarantee the safety of their subscribers while also providing online scheduling email notifcations.

 

[ZeoTiVo]

It's most likely a phish, the best way to check is to try to find out what the URL is behind the link in the e-mail. My e-mail client shows it to me when I hover my mouse over it. Both in smart text and at the bottom of the e-mail. I wouldn't however click any of the links.

good point on checking any URL before you click on it.
I was making the more specific point that the URLs in the post were all the expected URLs for such an email from TiVo. So with the assumption that they look the same(by this I mean the actual link itself is the same) in the post as the email (which is fully an assumption) then thge email is most likely not a phish.

My brain keeps thinking of larger monetary profit, so I forgot the gain of getting spyware loaded and selling some ads to send to the poor PC so hijacked

 

[greg_burns]

I suppose this depends on your mail client, but normally hovering the mouse over a link in your email will reveal its true address in the status bar at the bottom. No need to click on them to see where they really go, nor look at the underlying html.

 

[smak]

Disable your network card, and click on the link to see where it tries to take you.

-smak-

 

[weetoots]

I do use online scheduling for Formula one races, but I have never used online to process a season pass.
Guess maybe the computer hiccuped.

thanks