Renewal email looks like Phishing

I just called Quicken support to report that the automated email I received this morning looks too much like a Phishing attempt. It says "We attempted to process your request to renew your Quicken membership..." and then provides a "click here" link to update payment information. Hovering the cursor over the link displayed a URL that DID NOT even contain "quicken.com". After being trained to question any email like this, I think it's a terrible idea for Quicken to be sending out this type of email. Instead, the message should explain that most likely, the payment didn't process because the credit card associated with the account needed to be updated, and then explaining how to do this within the software itself, NOT by clicking on a link that could easily be spoofed by bad actors.

Comments

  • UKR
    UKR SuperUser ✭✭✭✭✭

    Can you please capture one or more images of the suspicious email showing the issue, sensitive information blacked out as necessary to protect your privacy but annotated to describe the situation, and attach the image(s) here? Also please try to capture the URL you saw.
    https://community.quicken.com/discussion/7867159/faq-how-do-i-post-a-screenshot-in-the-community-from-windows

    https://community.quicken.com/discussion/7663259/faq-how-do-i-post-a-screenshot-in-the-community-from-a-mac

    Please save images to files of file type PNG, JPG, or GIF only. They're easier to work with than PDF files.


  • Margaret F.
    Margaret F. Member
    My husband and I were looking at Quicken on the Web at his computer. When I went back to mine, I noticed a message from Quicken Support that did not contain any visible links or identifiable information I could use to determine it was a legitimate message, especially when I didn't connect it with the Quicken on the Web usage until I logged in here and the screen told me one was coming. This is classic for a phishing email. Not only can it mean users will dismiss a legitimate email but it makes your legitimate emails that much easier to phish. Please modernize the template to reflect current anti-phishing efforts to avoid future confusion.

    For a reference, and because I can share this here because it has no personal data, here's what I received twice. None of the links are readable because they go through a mailserver redirect and even the email is only confirmable in the header info, something most people don't know how to reach:

    Email Address Verification
    Support | My Account
    Please verify your email address
    Please confirm that this is the email you would like to use with your Quicken account. It's a good idea to confirm your email address is correct before using it in your communications.

    Email Verification Link
    If you did not set up this email address with Quicken, please contact support.

    Thank you,
    The Quicken Team


    Please note: This email was sent from an auto-notification system that cannot accept incoming e-mail. Please do not reply to this message.

    You have received this business communication as part of our efforts to fulfill your request or service your account. You may receive this and other business communications from us even if you have opted out of marketing messages.

    Quicken respects your privacy. You can download and print a copy of our license agreement, and privacy policy.

    © 2021 Quicken Inc.
    Corporate Headquarters: 3760 Haven Ave, Menlo Park, CA 94025
    Support: +1 (650) 250-1900
  • The Keeper
    The Keeper Member ✭✭✭✭
    I wouldn't lose any sleep over this because we all get phishing emails. Just don't click on any links in the email to update any information. You can always log in to your Quicken account and make any changes there.  If all the information is correct in your Quicken account then just leave it as it is. You don't need to verify anything via an email you receive by clicking on a link in the email.
  • NotACPA
    NotACPA SuperUser ✭✭✭✭✭
    What edress was this message sent from?

    Q user since February, 1990. DOS Version 4
    Now running Quicken Windows Subscription, Business & Personal
    Retired "Certified Information Systems Auditor" & Bank Audit VP

  • Margaret F.
    Margaret F. Member
    I'm afraid you both misunderstood the post, which I would have sent directly to Quicken Support had I been able to send them an email. It is not a phishing email. That is the contents of their legitimate account email, confirmed by the website login telling me they were sending an email and it showing up seconds later (the second time).

    The way it is written with no clear identifiers of the relationship makes it look like a phishing email and having all the URLs hidden in redirects prevents the diligent customer from confirming it is legitimate. They need to update the email template so it is clearly from Quicken by including elements that confirm we have an existing relationship while also providing the links rather than masking them if they want it not to look like phishing.
  • Margaret F.
    Margaret F. Member
    Oh, NotACPA, it was sent from a quicken.com email once I went into the header, but what displays on the from line is easily spoofed. This is how phishing emails confuse people.
  • UKR
    UKR SuperUser ✭✭✭✭✭
    Just for the record:
    Did you happen to see this Announcement?
    https://community.quicken.com/discussion/7894655/fyi-quicken-text-alert#latest

  • Margaret F.
    Margaret F. Member
    No, I didn't, but I agree it's the same issue. What used to be a standard way for businesses to communicate has become perfect for phishers. The standards have therefore changed so legitimate communications should include some indication of the existing relationship so they're not dismissed as phishing on the one hand or make their customers vulnerable to phishing on the other by training the customers to see this kind of message as legitimate.
  • Kerry Imming
    Kerry Imming Member
    Thank you for pointing this out. I just received this e-mail and there is no way I'm clicking on a link that I have no information about (https://u2678493.ct.sendgrid.net). I just got off the phone with Quicken to explain how this looks exactly like a phishing email. They need to provide a way to confirm without clicking an unknown link. Encouraging people to click unknown links is a terribly dangerous business practice.

    - Kerry Imming

    P.S. due to not clicking that link, this community web page is now so full of "You need to confirm your email..." notifications in the bottom right the page is unusable.
  • Margaret F.
    Margaret F. Member
    Yr welcome. And thanks for telling them on the phone. I'm not big on phones. I'd email if there was a choice.
  • Doug Fisher
    Doug Fisher Member ✭✭
    Got same unsolicited (and not connected to any action on Quicken) email several times over past few weeks.

    I have a sandboxed system I can use to check such things. The email header appears valid.

    The link, however, leads to a page that says the request has expired.
This discussion has been closed.