Menu
Reply
Highlighted
  • 9
  • 0
  • 1
Tuning in
944 Views
Message 1 of 7
Flag for a moderator

A suspicious email about suspicious activity

I've just received an email from Virgin with the reference

Our Reference: VMIS60-NETWORKATTACKS-F007042574

It starts with "A device using your internet connection may be infected with malware".

"may"? OK. Not "is". Just may. What else does it tell me? 

"We’ve been notified by a third party that malicious traffic has been detected coming from a device using your internet connection."

No information about the third party or the type of traffic. How does this third party quantify malicious traffic? Here's a screenshot of my own tools for detecting suspicious traffic on my network.Screenshot 2019-04-11 at 22.43.35.png

So what else does this email say? Ah - it suggests I should purchase stuff from Virgin. How convenient. As every device on my home network is either Linux or a Mac, this Windows software is no use to me.

This email is just speculative phishing by my ISP. Has anyone else got these emails? The premise of this is I should go looking for something that isn't there and then purchase things I don't need in order to prevent them from "suspend or cancel your broadband service in line with our Acceptable Use Policy."

So no evidence of an actual problem, vaguely worded email describing a problem that "may" exist and a threat if I don't buy something I don't need. 

If anyone from Virgin is reading this, provide the evidence or stop the emails. 

Steve

0 Kudos
Reply
Highlighted
  • 12.1K
  • 817
  • 3.6K
Very Insightful Person
Very Insightful Person
893 Views
Message 2 of 7
Flag for a moderator

Re: A suspicious email about suspicious activity

Lots of people get them. There is however usually detail on it as to what the threat may be or what traffic seems suspicious.

The threat assessments are provided by a legitimate security partner, and most of the ones Ive dealt with on here have been genuine. They are based on analysis of your EXTERNAL traffic- obviously VM cannot scan LAN side and see what device is the issue.

The reference to Gadget rescue is "maybe" welcome to people who have little to no technical knowledge, if your tech savvy at all you can work out what the alleged issue is and rectify it yourself.

TBF its one of the few useful things VM do for free for their customers so I'm loathe to criticise it too harshly- but your going to need more detail as to what the alleged threat is for it o be of any use to you.

 

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

0 Kudos
Reply
Highlighted
  • 9
  • 0
  • 1
Tuning in
889 Views
Message 3 of 7
Flag for a moderator

Re: A suspicious email about suspicious activity

I'm very tech savvy. I've worked in IT for over 30 years. 

If it's a "legitimate" security partner, why are they anonymous? Why won't Virgin tell me what this suspicious traffic is?

Obviously a bit concerned if Virgin has a third party intercepting my internet traffic what with that being illegal under the Computer Misuse Act. However, it's more likely that a third party has received data due to some misconfigured device on my network and has reported it to Virgin. If I knew the IP range or the nature of the traffic I could narrow it down but for some reason Virgin have decided that this is a secret. So this is either some underhand business practice to make me buy something I don't need or it's some misinterpretation of their internal processes. 

I take my car in for its regular service. The garage says "There's something wrong with your car. We're not going to tell you what it is but if you buy these products from us that might fix it. If you don't buy the products you can't have your car back." That's the situation I'm in now. 

All I'm asking is that someone from Virgin responds to my email (or on here) with actual information that lets me diagnose the problem. 

Highlighted
  • 12.1K
  • 817
  • 3.6K
Very Insightful Person
Very Insightful Person
875 Views
Message 4 of 7
Flag for a moderator

Re: A suspicious email about suspicious activity

Is there no number to ring on the letter?

 

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

0 Kudos
Reply
Highlighted
  • 4.15K
  • 449
  • 1.52K
Very Insightful Person
Very Insightful Person
863 Views
Message 5 of 7
Flag for a moderator

Re: A suspicious email about suspicious activity

It is more than likely that the automated process that initiates the notification is unable to extract the relevant data from the third party notification, hence the generic letter and advice; hopefully knowing this may allays some of the issues mentioned.

The forum team (@ModTeam) are best placed to provide the third party notification data required however be aware that it may take them a few days to work through to your post.

0 Kudos
Reply
Highlighted
  • 9
  • 0
  • 1
Tuning in
849 Views
Message 6 of 7
Flag for a moderator

Re: A suspicious email about suspicious activity

I hope that's not correct. An automated process that sends out an email but won't tell you why it did it? What chance do I have of getting to the bottom of this? There should be some level of human intervention to make sure the notification itself isn't malicious. 

0 Kudos
Reply
Highlighted
  • 979
  • 46
  • 87
Forum Team (Retired)
Forum Team (Retired)
827 Views
Message 7 of 7
Flag for a moderator

Re: A suspicious email about suspicious activity

Hi stetho,

 

Thank you for contacting us Via our forums.

You can find out more information regarding the alert emails we send here: Security Hub

I'm going to send you a PM so we can confirm details and I can provide you more info on the email you've received.

 

Thanks,

Tom_S