Watch out for proton phishing emails
from dan00@lemm.ee to privacy@lemmy.ml on 17 Feb 09:09
https://lemm.ee/post/55803824
from dan00@lemm.ee to privacy@lemmy.ml on 17 Feb 09:09
https://lemm.ee/post/55803824
Hi yall, I have been receiving these email for a while now. The email address is no-reply@notify.proton.me but I’m pretty sure this is a phishing attack because not the first email (the one in blue) or the second account name (the one in red) are my proton account.
Someone knows these 2 gmail accounts and knows I have a proton one but doesn’t know the correct proton account name. Ofc my proton account is not linked these emails, not even for recovery situations.
Just heads up, this was not easy to spot.
threaded - newest
What is the real url?
All the urls seems going to proton.me… thats why I’m confused. Should i check something specific?
if it’s actually proton.me that’s an official url.
It could also be some IDN tricks. Most browsers translate mixed scripts into punycode nowadays, but it can be easy to get tricked. Just go to their official site if you’re unsure.
For example: https://xn–prtn-1ndb.me/ looks like a normal link… but the O’s have been replaced with the Greek letter omicron.
Interesting. I am blind and therefore use the TalkBack screen reader and it does not say the O’s because they are not in English. It reads that as PRTN.
this is really insightful, thanks!
Isnt proton.me their real url, or does it lead you somewhere else when you click it?
Proton.me is their real url, but is that link taking you to proton.me?
It seems to lead to proton.me but maybe I’m not expert enough.
They may have the ‘official’ url in the link, but there’s a good chance they might be piped/redirected through a malicious server under the spammer’s control to log your keystrokes.
https://proton.me
<img alt="" src="https://lemmy.ml/pictrs/image/4debe914-13c2-472b-a0fc-943e6c73206b.png">
You sneaky boi
In this case, without clicking any links in the email, why don’t you just simply go to the proton website manually and log in for good measure?
I did, I have the app on the phone and the account is fine, no notifications or emails. Nothing… it happened already some weeks ago and i ignored it.
Don’t Proton emails come starred or marked as oficial? At least on the Android app, for me, it shows ‘Oficial’
Can confirm in the iOS app that messages from proton official have a special badge
Oh, really? This one didn’t have any badge at all. I’m confused.
To clarify, they have a badge in the proton client you’re in the ios mail app. Everything I can tell from this email makes it seem legit, this may be a false positive on you’re end ‘mfraid.
Ah okay, yes the official one does. Yes, I think its a false positive… ¯\_(ツ)_/¯
I’m not sure if this is how proton notifies you, but it could also be that someone else (the other address you’re seeing) put you in as their recovery mail. they haven’t logged in in a while, and now get notified that their account might get deleted due to lack of activity. They might have just mistyped the intended recovery email or randomly put in yours. Either way, nothing you need to do.
That is their official email address. Did you make an Alias or something and you forgot?
I’m starting to think I’m wrong somehow… Maybe i made an account long ago and forgot? I really don’t think so tho.
Its possible some wires got crossed behind scenes, some database/software mixup.
Maybe email proton support if you’re concerned? I’ve had some similar mixup happen with banking and they got it all sorted after I complained (I was getting emails intended for someone else).
Edit: either way, I think you should let them know in case its phishing or something broken on their end.
the address there can be faked, maybe your email client did not warn about it. if you can check the mail’s headers (maybe easier on desktop), look at all the addtesses you see in there and if thry seem suspicious.
also check the link they sent. Don’t open it, but copy it only.
does it have the “official” tag? it should look like this:
<img alt="" src="https://lemmy.ml/pictrs/image/d90e048e-5ebd-4305-ad1a-de8626ade97f.jpeg">
This looks like they’re using the iOS mail client
Yes this is the mail app in ios
OP stated this was sent to their Gmail, so wouldn’t have the tag.
i linked up my Gmail anf proton. so my gmail stuff gets forwarded to proton with a specific tag
I’ve seen at least a couple times a similar trick but with payment req websites like cash app or venmo. Everything looks legit, but if you were to look closely at the url they want you to click, it is almost always routed through a server under the phisher’s control.
Are you using the iOS mail client with a proton email account?
Wondering if someone somehow linked your Gmail (email you received this on) to their proton account. I was looking for an email you could forward this to to report it to proton but could not find one.
As always, if an email looks suspect, don’t click anything. Just wish there was a way to report it.
Probably the account.proton.me link is just plain text pointing to something else like https://www.youtube.com/watch?v=dQw4w9WgXcQ&t=1
This should be forbidden somehow tho
is no-reply@news.proton.me legit? i got an email like that
proton.me/support/inactive-accounts