What is"suntimesmail.com"??

The email we got about the hack displayed a link pointing to the change password page within this site, but behind that link was the true link pointing to suntimesmail.com

This type of thing usually rings alarm bells about Phishing. What’s the deal with that?

My thoughts too.


Yes. I read that. It doesn’t explain why one URL is hidden behind another. Even if it is a legitimate URL owned by chicagoreader, it’s still a very suspicious thing to see under the circumstances.

Agreed completely.

To be safe I changed the password after manually navigating to the board.

Straight Dope is owned by the Chicago Reader, and the Wikipedia article on the Chigago Reader explains:

At the bottom of the announcement page.

Copyright © 2013 Sun-Times Media, LLC.

ETA Missed it by that much!

I totally agree, and that’s why I refused to use that link. But in fairness, my guess is that in their rush to inform us, they didn’t realize which domain they were using to send the email.

I get this, and I understand. My point is, when people get an email that alarms them, it doesn’t help when a ‘click here to enter your password details’ link in an email shows one URL and hides another, regardless of what the other one is. Those who’ve learnt how phishing works are immediately further alarmed by this!

Why not just provide the legitimate link?

Excellent point, Lobsang. The truth is, a lot of this conversation whooshed me, because I never looked to the link, or what was behind it, until just now. I was focused on the fact that the email itself came from reply@suntimesmail.com.

I didn’t notice that :slight_smile:
What’s more, my reader (Thunderbird) shows a warning that the email might be a scam.

It’s almost certainly just a simple tracking code used by the site’s owners when sending out mass emails. The email is being sent by the suntimes server on behalf of the SDMB (not surprisingly since the former owns the latter). The mail server converts links in the email to this tracking URL so that it can, well, track how many people click on the link. It’s obviously more useful in marketing or promotional messages where you want to see how many clickthroughs you get. In this case they used the same mass email system and kept the link-tracking option “on,” either by design or just carelessness. It’s nothing nefarious, just a way for those doing the mailing to note which links get clicked on, and where the traffic comes from.

It’s certainly good to be cautious about where links are actually going, because it is a common phishing device, so I think it’s great that you noticed such things.

Fortunately, since we know the S-T owns the SDMB, in this case there’s nothing scary, just regular housekeeping stuff.

But the change-password link in Ed Zotti’s announcement looks perfectly cromulent, so I used that one. (Besides which, I haven’t seen the e-mail yet. This thread is the first thing I’ve seen about it.)

No-way, no-how should anyone EVER click on a link if the visible link actually looks like a URL and the real link is different. That’s an absolute flaming red-phishing-phlag. Even if you know The Dope is owned by Sun Times and the real link looks kinda-sorts like it really comes from Sun Times.

ETA: Okay, just checked my e-mail. No such message there! Do messages like that only go to paid members?

I received the email and I’m not a paid member.

Nope. I’m not a paid member. Maybe you’re not looking at the email account that they have on file for you. Go check your profile.

Yes, standard practice in the industry. I’ve even seen financial institutions pull stunts like this.

Terrible practice as well, given phishing concerns. It’s a flag for me that the organization doesn’t care about its customers. Of course we sort of knew this: while the adminstrators and mods here are excellent, we are but a microdot within the larger corp.

lol. Now I know why I never received the email reminding me to renew my paid account. Haven’t used that address since 2004!

I used a link to change my password is that OK?

Whenever I’ve received messages like this, I’ve always used my own bookmark to navigate to the site in question. It surprises me that companies still put links into emails like this!

Personally, I wonder how legitimate this ‘hacking event’ is; my cynical mind wonders whether it’s in fact just a scam to get more long-absent eyeballs (such as mine) back to a perhaps-languishing forum.

I can’t find an option to delete my ‘account’ here, which is the most sensible course of action in terms of protecting one’s identity if one doesn’t intend to revisit a place anytime soon…

AKA “How do I get out of this chicken-shit outfit?”