Possible scam.

Received a text: “Quicken alert: you set up an account with this phone number. Please use this link to verify.” I did not click it, but not sure who to notify with this issue? I believe it is a scam since I have not made any changes to my account.
Tagged:

Answers

  • Quicken Paloma
    Quicken Paloma Alumni ✭✭✭✭
    Hello [email protected]

    Thank you for reaching out to the Quicken Community. We apologize for the confusion. However, this is not a scam. Please see the thread posted above by volvogirl. 

    Hope this provides clarification. Please let us know if any other questions or concerns. 

    -Quicken Paloma
  • jacobs
    jacobs SuperUser, Mac Beta Beta
    @Quicken Paloma It has been noted a number of times that users are thinking this email is a scam, but Quicken keeps sending it. Many users are doubtless deleting it, so Quicken is not getting the desired results. Please pass on to the marketing team at Quicken that they really need to re-write the text of this message to convince recipients it's not a scam.
    Quicken Mac Subscription • Quicken user since 1993
  • I agree. As you saw I was not going to click on the link the way it was presented in the text. All you hear is watch for scams and do not click on questionable links. I was trying by to notify Quicken of a potential issue. They really need to fix this message.
    Thank you to everyone for the answers.
  • Hi @jacobs,

    Thank you for your contribution to the community. If you would like to create an idea post to get votes so this can be passed onto the marketing team, that would be great. 

    Here is a link on how to create an idea post and add your vote. This way other users who have the same or a similar request can vote on your idea.

    Thank you, 
    Quicken Jasmine
    -Quicken Jasmine
  • jacobs
    jacobs SuperUser, Mac Beta Beta
    @Quicken Jasmine With respect, creating an Idea post to gather votes to be eventually passed on, if it gets enough votes, is not the right approach here. This is not a feature request. 

    Quicken users are trying to send a message back to Quicken that Quicken is sending out messages which look like spam. We have received confirmation from a moderator that they are not spam, but most people will simply not click on them because they appear to be spam. If Quicken doesn't care if people don't respond, so be it. If Quicken doesn't care that it's spooking its own users, so be it. If the moderator team can't pass this along internally within Quicken, so be it. I/we were only trying to help Quicken here.

    Sorry, I will not jump through the additional hoops of an Idea post which doesn't even get passed on until it has a lot of votes. 
    Quicken Mac Subscription • Quicken user since 1993
  • @jacobs,

    I did pass this information up some time ago when this issue had first arisen.

    I saw the number of users/super users concerned about it being a scam and I did report those concerns all the way up.

    They addressed these concerns by posting an announcement in the Community so users knew what the message looks like and that it was not a scam. 



    Quicken Alyssa

  • jacobs
    jacobs SuperUser, Mac Beta Beta
    Thanks, @Quicken Alyssa.

    Unfortunately, I believe that simply posting an announcement in the Community is not an adequate response to this issue. First, a user would need to know where to look, and would then have to scroll back to June 1 to see the post about it. I spend a great deal of time on this forum, but I had forgotten the announcement message (if I ever saw it) when I received the text message many months later. And I promptly deleted the text message because it looked like spam. Then someone posted a question about it here on the forum, it was confirmed, and the next time I got the text message, I responded. I don't think most Quicken users will be as diligent, and few will hunt down the 6 month-old announcement. 

    Better solutions would include:

    a) Re-word the text so it doesn't seem like many scam messages we all experience on our phones and have been trained not to respond to.

    b) Send the message via an email, where more words can be used, and a link to a page on Quicken's website could be included to attest to the authenticity of the message.

    c) Better still, combine both. For instance: send an email message to a user to say "In 2-3 days, you will receive a text message at the phone number you have registered with Quicken, asking you to click a link to verify the number is valid. Since we're all careful to avoid emails or text messages which look like they might be a scam of some sort, we're sending you this email in advance so you know the upcoming text message is truly from Quicken and is legitimate. Please click the link to verify your registered phone number. Quicken uses this phone number only for blah, blah, blah…"

    Thanks for passing this on to the appropriate parties at Quicken. 
    Quicken Mac Subscription • Quicken user since 1993
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    I would like to post something that @“Quicken Katheryn” said in the thread about the log4j vulnerability.
    https://community.quicken.com/discussion/comment/20226657/#Comment_20226657

    As for dealing with this in the future, while there are no vulnerabilities in Quicken, the primary way of exploiting this issue appears to be via phishing attempts, so as always, keep an eye out for odd emails and be wary of clicking links or attachments from senders you aren't sure of.
    I can’t think of a more “odd” thing than receiving a request to verify your identity out of the blue.

    And as such I would add what I believe is the correct procedure for such an operation.

    1. The request shouldn’t come out of the blue.  If I log into my financial institution and they want to verify my identity they state that they are going to send it to me whether it is a text message or an email.
    2. If #1 can’t be achieved because whatever triggers it doesn’t have a way to interact with the user, then there should always be a way for the user to log into their account and do the verifying there, and part of the message should state that.  Note that if the verifying is for directly logging into the account then #1 applies.

    I would stress something else that you might point out to the upper management.
    Like Katheryn said (and I think everyone knows) avoiding phishing attempts is one of the most basic security measures.  If Quicken Inc is violating this basic security rule, how can we have any confidence in them providing the proper security for our finances?
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
This discussion has been closed.