The email we got about the hack displayed a link pointing to the change password page within this site, but behind that link was the true link pointing to suntimesmail.com
This type of thing usually rings alarm bells about Phishing. What’s the deal with that?
Yes. I read that. It doesn’t explain why one URL is hidden behind another. Even if it is a legitimate URL owned by chicagoreader, it’s still a very suspicious thing to see under the circumstances.
I totally agree, and that’s why I refused to use that link. But in fairness, my guess is that in their rush to inform us, they didn’t realize which domain they were using to send the email.
I get this, and I understand. My point is, when people get an email that alarms them, it doesn’t help when a ‘click here to enter your password details’ link in an email shows one URL and hides another, regardless of what the other one is. Those who’ve learnt how phishing works are immediately further alarmed by this!
Excellent point, Lobsang. The truth is, a lot of this conversation whooshed me, because I never looked to the link, or what was behind it, until just now. I was focused on the fact that the email itself came from reply@suntimesmail.com.
It’s almost certainly just a simple tracking code used by the site’s owners when sending out mass emails. The email is being sent by the suntimes server on behalf of the SDMB (not surprisingly since the former owns the latter). The mail server converts links in the email to this tracking URL so that it can, well, track how many people click on the link. It’s obviously more useful in marketing or promotional messages where you want to see how many clickthroughs you get. In this case they used the same mass email system and kept the link-tracking option “on,” either by design or just carelessness. It’s nothing nefarious, just a way for those doing the mailing to note which links get clicked on, and where the traffic comes from.
It’s certainly good to be cautious about where links are actually going, because it is a common phishing device, so I think it’s great that you noticed such things.
Fortunately, since we know the S-T owns the SDMB, in this case there’s nothing scary, just regular housekeeping stuff.
But the change-password link in Ed Zotti’s announcement looks perfectly cromulent, so I used that one. (Besides which, I haven’t seen the e-mail yet. This thread is the first thing I’ve seen about it.)
No-way, no-how should anyone EVER click on a link if the visible link actually looks like a URL and the real link is different. That’s an absolute flaming red-phishing-phlag. Even if you know The Dope is owned by Sun Times and the real link looks kinda-sorts like it really comes from Sun Times.
ETA: Okay, just checked my e-mail. No such message there! Do messages like that only go to paid members?
Yes, standard practice in the industry. I’ve even seen financial institutions pull stunts like this.
Terrible practice as well, given phishing concerns. It’s a flag for me that the organization doesn’t care about its customers. Of course we sort of knew this: while the adminstrators and mods here are excellent, we are but a microdot within the larger corp.
Whenever I’ve received messages like this, I’ve always used my own bookmark to navigate to the site in question. It surprises me that companies still put links into emails like this!
Personally, I wonder how legitimate this ‘hacking event’ is; my cynical mind wonders whether it’s in fact just a scam to get more long-absent eyeballs (such as mine) back to a perhaps-languishing forum.
I can’t find an option to delete my ‘account’ here, which is the most sensible course of action in terms of protecting one’s identity if one doesn’t intend to revisit a place anytime soon…
AKA “How do I get out of this chicken-shit outfit?”