Email Verification email looks like a phishing email

My husband and I were looking at Quicken on the Web at his computer. When I went back to mine, I noticed a message from Quicken Support that did not contain any visible links or identifiable information I could use to determine it was a legitimate message, especially when I didn't connect it with the Quicken on the Web usage until I logged in here and the screen told me one was coming. This is classic for a phishing email. Not only can it mean users will dismiss a legitimate email but it makes your legitimate emails that much easier to phish. Please modernize the template to reflect current anti-phishing efforts to avoid future confusion.

For a reference, and because I can share this here because it has no personal data, here's what I received twice. None of the links are readable because they go through a mailserver redirect and even the email is only confirmable in the header info, something most people don't know how to reach:

Email Address Verification
Support | My Account
Please verify your email address
Please confirm that this is the email you would like to use with your Quicken account. It's a good idea to confirm your email address is correct before using it in your communications.

Email Verification Link
If you did not set up this email address with Quicken, please contact support.

Thank you,
The Quicken Team


Please note: This email was sent from an auto-notification system that cannot accept incoming e-mail. Please do not reply to this message.

You have received this business communication as part of our efforts to fulfill your request or service your account. You may receive this and other business communications from us even if you have opted out of marketing messages.

Quicken respects your privacy. You can download and print a copy of our license agreement, and privacy policy.

© 2021 Quicken Inc.
Corporate Headquarters: 3760 Haven Ave, Menlo Park, CA 94025
Support: +1 (650) 250-1900

Answers

  • The Keeper
    The Keeper Member ✭✭✭✭
    I wouldn't lose any sleep over this because we all get phishing emails. Just don't click on any links in the email to update any information. You can always log in to your Quicken account and make any changes there.  If all the information is correct in your Quicken account then just leave it as it is. You don't need to verify anything via an email you receive by clicking on a link in the email.
  • NotACPA
    NotACPA SuperUser, Windows Beta Beta
    What edress was this message sent from?
    Q user since DOS version 5
    Now running Quicken Windows Subscription,  Home & Business
    Retired "Certified Information Systems Auditor" & Bank Audit VP
  • Margaret F.
    Margaret F. Member
    I'm afraid you both misunderstood the post, which I would have sent directly to Quicken Support had I been able to send them an email. It is not a phishing email. That is the contents of their legitimate account email, confirmed by the website login telling me they were sending an email and it showing up seconds later (the second time).

    The way it is written with no clear identifiers of the relationship makes it look like a phishing email and having all the URLs hidden in redirects prevents the diligent customer from confirming it is legitimate. They need to update the email template so it is clearly from Quicken by including elements that confirm we have an existing relationship while also providing the links rather than masking them if they want it not to look like phishing.
  • Margaret F.
    Margaret F. Member
    Oh, NotACPA, it was sent from a quicken.com email once I went into the header, but what displays on the from line is easily spoofed. This is how phishing emails confuse people.
  • UKR
    UKR SuperUser ✭✭✭✭✭
    Just for the record:
    Did you happen to see this Announcement?
    https://community.quicken.com/discussion/7894655/fyi-quicken-text-alert#latest

  • Margaret F.
    Margaret F. Member
    No, I didn't, but I agree it's the same issue. What used to be a standard way for businesses to communicate has become perfect for phishers. The standards have therefore changed so legitimate communications should include some indication of the existing relationship so they're not dismissed as phishing on the one hand or make their customers vulnerable to phishing on the other by training the customers to see this kind of message as legitimate.
  • Kerry Imming
    Kerry Imming Member
    Thank you for pointing this out. I just received this e-mail and there is no way I'm clicking on a link that I have no information about (https://u2678493.ct.sendgrid.net). I just got off the phone with Quicken to explain how this looks exactly like a phishing email. They need to provide a way to confirm without clicking an unknown link. Encouraging people to click unknown links is a terribly dangerous business practice.

    - Kerry Imming

    P.S. due to not clicking that link, this community web page is now so full of "You need to confirm your email..." notifications in the bottom right the page is unusable.
  • Margaret F.
    Margaret F. Member
    Yr welcome. And thanks for telling them on the phone. I'm not big on phones. I'd email if there was a choice.
Sign In or Register to comment.