V-Flyer

Just got the latest email update from FC through.

Well, it's certainly a new look - but somewhat disjointed in my view. That whole top section with account details and "The Inside Story" just looks messy to me.

I do hope this is a "transitional" phase, as they move towards the full implementation of the redesigned look and feel. [:I]

A bit OT but I received an email from FC this morning promoting Miles plus Money fares - nothing unusual about that you might say but it had a little red box on the right with my FC number, Tier and Mileage in it, never had that before?

Hmm. I usually get that with the "regular" communications Barry. That includes this morning's one, too.

(Unfortunately, it's also always a few days out of date)

Originally posted by Bazz
A bit OT but I received an email from FC this morning promoting Miles plus Money fares - nothing unusual about that you might say but it had a little red box on the right with my FC number, Tier and Mileage in it, never had that before?

Yep, and in unencrypted email. I despair of people's naivety of how they trust companies with their personal information.

You all heard about that guy who had his BA EC details compromised, all from a discarded boarding stub with his EC number on it?

This sort of thing really makes me uncomfortable.

Plus there's the whole thing that this message doesn't come from anything @virgin-atlantic.com, but from some other domain (e-rm.co.uk) which seems to belong an eCRM outsourcing outfit ("E-RELATIONSHIP MARKETING LIMITED"), and contains click-throughs to websites (e-srv.net) operated by the same company - but with a different domain registrant address.

Ever heard of phishing?

I know that it's easy to forge the domain in a "From:" line, but how about digitally signing the mail in some way, and only providing verifiable links to content on http://www.virgin-atlantic.com?

VS online marketing desperately need to get some security clue on their team, especially now we're putting APIS-based information into the website.

I personally won't click any of the links in those newsletters.

Interestingly, LX don't put the whole FF number on the boarding stub, all but the last 3 digits are XXXX-ed out, like a Credit Card number is.

Cheers,
Mike

It claims to come from:

From: Virgin Atlantic

Originally posted by Bazz
It claims to come from:

From: Virgin Atlantic

Oooh. Another nth party joins the fray, this time, a company called "Innovyx" in Seattle.



One wonders how the average joe net user is supposed to tell a genuine email from a carefully crafted phish when companies that they deal with on a regular basis, and trust with their personal data, exhibit this level of carelessness.

Had this with my bank last week, making outbound "customer care" calls about my accounts, withholding caller-id, not being able to verify their identity. Of course, I chose not to discuss anything with them.

Mike

Mike

BT now offer a service to reject callers who withold their number ... friends who do so can be given a little numerical code to key in.

I've had it switched on, and it's great, no more unsolicited calls!

Only one downer, FC also withhold their numbers so last time I spoke to them the staff member had to ring me back on her mobile!

S

That facility also blocks call from hospitals... which is VERY annoying when I am trying to contact a patient.

Originally posted by slinky09
BT now offer a service to reject callers who withold their number ... friends who do so can be given a little numerical code to key in.

I know about this service - don't you think that I sound like a geek - and there are reasons that I don't want it.

The problem is, that for no apparent reason, companies withhold their number, rather than send a reasonable CLID, and that's the whole point.

I didn't view the call from the bank as a nuisance. The nuisance was that I couldn't verify the caller's identity.

It's also fun hearing outsourced non-UK call centres try and pronounce my surname. They usually get told "Sorry, no-one with that name here!"

Cheers,
Mike

I don't understand why Virgin can't make the web site FC logon secure by default. Ok it adds a bit of load to the server, but why not encrypt sensitive data like that.

The same could also be said for the V-Flyer logon too I guess. [:(]

The information disclosed in the email was 100% correct, which if it was 'phishing' is extremely worrying! I did not follow any of the links BTW but with the data quoted being so accurate, there was no obvious reason not to.