| Discussion Forum: Thread 354938 |
|
 |
| | | Author: | adam.r  | | Posted: | Mar 12, 2024 22:43 | | Subject: | Is this a legit email? | | Viewed: | 205 times | | Topic: | Help | |
|
| I have received an email asking me to sign up to be a BrickLink Research Member.
Whilst I have no problem with being BrickLink's guinea pig however given
the recent warnings about phishing emails targeting BrickLink users, I figured
that it would be best to check if this is a legitimate email before signing up.
The Sign up! link goes to an Office 365 form that asks questions including Name,
Email address and BrickLink username.
Could someone from BrickLink please advise if BrickLink has indeed been sending
out such emails, or is someone else up to no good?
|
|
|
| | | | | |
| | | | | Author: | sbpyrat | | Posted: | Mar 12, 2024 23:05 | | Subject: | Re: Is this a legit email? | | Viewed: | 74 times | | Topic: | Help | |
|
| | I received it too and was also wondering if it was legit. |
|
| | | | | |
| | | | | Author: | wildchicken13 | | Posted: | Mar 12, 2024 23:18 | | Subject: | Re: Is this a legit email? | | Viewed: | 88 times | | Topic: | Help | |
|
| In Help, adam.r writes:
| | I have received an email asking me to sign up to be a BrickLink Research Member.
Whilst I have no problem with being BrickLink's guinea pig however given
the recent warnings about phishing emails targeting BrickLink users, I figured
that it would be best to check if this is a legitimate email before signing up.
The Sign up! link goes to an Office 365 form that asks questions including Name,
Email address and BrickLink username.
Could someone from BrickLink please advise if BrickLink has indeed been sending
out such emails, or is someone else up to no good?
|
I received the same email earlier today.
Mine's from blservice@bricklink.com, so I'm pretty sure it can
be trusted unless BrickLink's email servers have been hacked.
Pretty much all of my BrickLink email comes from this address; anything else
is immediately suspicious.
But it's always good to check and ask, and I recommend you check yours to
make sure it came from blservice@bricklink.com as well.
You can also hover your cursor (don't click) over the link/button to see
the exact URL where it leads.
|
|
|
| | | | | | | | | |
| | | | | | | Author: | SylvainLS | | Posted: | Mar 13, 2024 07:28 | | Subject: | Re: Is this a legit email? | | Viewed: | 84 times | | Topic: | Help | |
|
| I think this e-mail is legit but…
In Help, wildchicken13 writes:
| | […]
Mine's from blservice@bricklink.com, so I'm pretty sure it can
be trusted unless BrickLink's email servers have been hacked.
|
Sorry to say but that can be forged. Scammers generally don’t bother to (especially
as they don’t want you to answer the e-mail and make the official site aware
of their shenanigans).
The DKIM-Signature is more secure but it needs to be verified: you can’t do it
‘manually.’ That depends on your mail provider.
Mails that don’t pass the verification don’t make it to your mailbox.
| | […]
You can also hover your cursor (don't click) over the link/button to see
the exact URL where it leads.
|
Well, that doesn’t tell much more as BL is using mailchimp and trackers and whatnot.
If you hover over the link/button, you see something like
(https://)bricklink.us11.list-manage.com/track/click?u=(digits and letters)&id=(ditto)&e=(ditto)
Rather cryptic.
Now, if you look at the text-only version of the e-mail, the link is (https://)forms.office.com/e/(ID)
So you at least know you’re being redirected to an MSOffice form… but that doesn’t
tell you anything more on who created it and that doesn’t prevent you from entering
the name of your luggage or the code for your first pet.
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | qwertyboy | | Posted: | Mar 13, 2024 10:08 | | Subject: | Re: Is this a legit email? | | Viewed: | 56 times | | Topic: | Help | |
|
| In Help, SylvainLS writes:
| | The DKIM-Signature is more secure but it needs to be verified: you can’t do it
‘manually.’ That depends on your mail provider.
Mails that don’t pass the verification don’t make it to your mailbox.
|
To be precise, they won't make it to your inbox if there also is a DMARC
record that says emails that fail DKIM and/or SPF are to be quarantined or flat-out
rejected.
BrickLink has DKIM set up, and the DMARC record says mail servers should reject
emails that fail DKIM/SPF. Therefore, emails received from bricklink.com and
received by properly configured mail servers pretty much are guaranteed to be
sent by an official BL server. (Note the caveat there - if the receiving mail
server - your provider - does not do its due diligence to check SPF, DKIM and
DMARC, forged emails could seep through.)
Just to be sure, this authentication trail verifies that the mail server that
sent the email to you has all the "sending" security credentials for
a BL mail server - it does not guarantee anything about any issues that might
have happened before said email was handed to the BL mail server to be sent to
the outside world.
Niek.
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | Author: | Ziegelmeister | | Posted: | Mar 13, 2024 10:15 | | Subject: | Re: Is this a legit email? | | Viewed: | 62 times | | Topic: | Help | |
|
| downloading my store inventory before someone clicks a link they're not supposed
to again.
|
|
| | | | | | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | Author: | qwertyboy | | Posted: | Mar 13, 2024 10:40 | | Subject: | Re: Is this a legit email? | | Viewed: | 59 times | | Topic: | Help | |
|
| In Help, Ziegelmeister writes:
| | downloading my store inventory before someone clicks a link they're not supposed
to again.
|
A sensible precaution at any time. But just to be clear and summarize all the
technical mumbo-jumbo -
If you receive emails through a reputable mail service, and you receive
an email sent by [something]@bricklink.com, you can rest assured that this email
is actually sent by an official BL mail server.
Obviously, clicking links in any email sent by bricklinks.com etc is asking
for trouble. BrickLink however should also step up a bit, and in light of these
scams should refrain from sending out emails where people need to click a link.
Instead, they should send out emails describing what people should do - something
like this:
We noticed a login from a new device at IP in COUNTRY. If you are unsure about
whether this is legit, please log into your account and change your password,
or contact our support team.
Niek.
|
|
|
| | | | | | | | | | | | | |
| | | | | | | | | Author: | brickerking | | Posted: | Mar 13, 2024 12:30 | | Subject: | Re: Is this a legit email? | | Viewed: | 54 times | | Topic: | Help | |
|
| In Help, SylvainLS writes:
| | I think this e-mail is legit but…
In Help, wildchicken13 writes:
| | […]
Mine's from blservice@bricklink.com, so I'm pretty sure it can
be trusted unless BrickLink's email servers have been hacked.
|
Sorry to say but that can be forged. Scammers generally don’t bother to (especially
as they don’t want you to answer the e-mail and make the official site aware
of their shenanigans).
The DKIM-Signature is more secure but it needs to be verified: you can’t do it
‘manually.’ That depends on your mail provider.
Mails that don’t pass the verification don’t make it to your mailbox.
| | […]
You can also hover your cursor (don't click) over the link/button to see
the exact URL where it leads.
|
Well, that doesn’t tell much more as BL is using mailchimp and trackers and whatnot.
If you hover over the link/button, you see something like
(https://)bricklink.us11.list-manage.com/track/click?u=(digits and letters)&id=(ditto)&e=(ditto)
Rather cryptic.
Now, if you look at the text-only version of the e-mail, the link is (https://)forms.office.com/e/(ID)
So you at least know you’re being redirected to an MSOffice form… but that doesn’t
tell you anything more on who created it and that doesn’t prevent you from entering
the name of your luggage or the code for your first pet.
|
Can anyone actually confirm for the OP if this email is legit?
|
|
|
| | | | | | | | | | |
| | | | | | | Author: | brickerking | | Posted: | Mar 14, 2024 02:27 | | Subject: | Re: Is this a legit email? | | Viewed: | 39 times | | Topic: | Help | |
|
| In Help, Admin_Russell writes:
| | In Help, adam.r writes:
| | I have received an email asking me to sign up to be a BrickLink Research Member.
Whilst I have no problem with being BrickLink's guinea pig however given
the recent warnings about phishing emails targeting BrickLink users, I figured
that it would be best to check if this is a legitimate email before signing up.
The Sign up! link goes to an Office 365 form that asks questions including Name,
Email address and BrickLink username.
Could someone from BrickLink please advise if BrickLink has indeed been sending
out such emails, or is someone else up to no good?
|
This is a legitimate email from our BrickLink team. Please sign up if you are
interested.
|
Thanks!
|
|
|
|
|
|
Australia, Victoria
USA, Kentucky
France, Nouvelle-Aquitaine
Canada, Alberta
