advertisement


Possibble RS scam email

Barrymagrec

Barrymagrec

pfm Member
I have just had an email purporting to be from RS Website Security saying that I need to update my browser in order to continue to access my account. It didn`t look entirely right to me so I rang RS and they didn`t seem to know anything about it but she said she would contact their security people and check.

I haven`t heard back yet but if you get one of these emails be careful.
 
I have yet to see an email of that nature that isn't a scam. A simple yet effective precaution is to never, ever click on a link in such emails. Instead, open the website of the bank or whatever as you normally would. If any action is required, it will say so there.
 
Well, there's a first time for everything. I just received that email, and it actually seems to be legit. The headers indicate that it was in fact sent by RS, and there are no dodgy-looking links.

The premise of the message, that TLS 1.2 will be required from August, makes sense though they are _very_ late to the game. I always use a recent Firefox or Chrome version, so it's unclear why they think my browser is too old. Checking now, it connects to RS using TLS 1.3. Maybe they send that notice to anyone who as ever logged in using an older TLS version (or signed up before they supported v1.2). Until recently, they actively switched connections to plaintext for all but the payment page, so it's nice to see them finally taking these matters seriously.
 
Hover your cursor (if you have one!) over the email address, and the true address should show up. Although sometimes the scammers manage to make it look legit. I even had one recently that looked like it came from me!
 
awkwardbydesign said:
Hover your cursor (if you have one!) over the email address, and the true address should show up. Although sometimes the scammers manage to make it look legit. I even had one recently that looked like it came from me!
Click to expand...
I looked at the raw headers that show where it actually came from regardless of what it tries to claim. Unless someone has taken over the rs-online.com domain, it was sent by them. It certainly looks like a scam at first glance, but it seems not to be the case this time.
 
I have heard nothing back from RS after my call on Thursday and I also use an up to date version of Firefox so I find it rather odd.
 
I agree it's odd, but there really is nothing dangerous in that email. All the links go to RS or the real websites for popular browsers. The most plausible explanation I can think of is that they recently upgraded their servers to support TLS 1.2 and are sending that notice to anyone who hasn't logged in since. The current server certificate was issued on 31 March with a validity of 2 years and a bit, so they've definitely been making changes.

Don't get me wrong, you were definitely right to be suspicious.

For what it's worth, I wouldn't expect anyone you can get on the phone to know anything about the goings on in the IT department.
 
You must log in or register to reply here.


advertisement


Back
Top