tiddy roosevelt

I really wish legitimate companies wouldn't use third parties (and associated third party domains) to send out things like feedback surveys.

"Hi, we're from this company you trust and other company you don't know! Submit feedback to enter our prize draw to win money!"

It's indistinguishable from a phishing scam. And if a customer questions it and gets told they're legitimate emails, they're not going to question it if one arrives in their inbox that *isn't*

May 27, 2025 at 8:55amWeb
Show threadDanny PalmerMay 27, 2025
@babe The amount of times PayPal sends statements that genuinely look like phishing emails. Not ideal.
Show threadWendroid 🇺🇦May 27, 2025
@babe 100%. “You did a thing and didn’t complain so tell our unscrupulous advertisers if it was 1 for not great, 2 for good, 3 for better than expected or…” FFS No!!!
Show threadDaniel Fisher(lennybacon)May 27, 2025

@babe @neil Exactly what happend with my Tax Advisor last week. Beside GDPR issues. I complained it. Next week they have set up a meeting as the seem to take my criticism serious.

Tell the companies. Most management will never know/do otherwise.

Show threadRichard BeaumontMay 27, 2025
@babe I have complained to financial services firms to make this same point.
Show threadMostlyTatoMay 27, 2025
@babe
I now assume that all unsolicited calls, texts or emails are a scam, even if they seem to be from a legit source. I never answer anything and everything gets binned or blocked. Me being paranoid or legit companies outsourcing to 3rd parties with scammy behaviour?
Show threadExtreme ElectronicsMay 27, 2025

@babe I usually advise them that I didn't give permission for my address to be given to a 3rd party and it was a breach of GDPR.

Used to work well, no so much now.

Show threadDaveMay 27, 2025

@babe we constantly do this to our own employees.

Email 1: [enrolment on mandatory cybersecurity course that spends half its time warning about phishing]

Email 2: [Employer] has signed up to friendlyhorse.com to manage your travel expenses or something idk. Click here to set your password!

Show threadDarren Di LietoMay 27, 2025
@babe I hate this, I see it so often.
Show threadsbszineMay 27, 2025
@babe Companies do this because the alternatives are a) send the spam yourself and get blocklisted, or b) give a spammer an MX record on your domain, neither of which are great. (We don't talk about option c where we stop constantly spamming everyone.)
Show threadcatatonicprimeMay 27, 2025
@sbszine @babe how I yearn for option C...
Show threadBig Pawed BearMay 27, 2025
@babe i had to check a feedback gathering site was legit, turned out it was, but wtf? would have been nice if the company concerned had told customers they were changing feedback gathering.
Show threadqwazixMay 27, 2025

@babe one-upping this, our banks use different domains for some of their digital services. Alpha bank uses alphabankcards.gr instead of their official alpha.gr, piraeus bank used until recently winbank.gr instead of their piraeusbank.gr domain, and eurobank used eurocommerce.com for their payment processor. When I called them to verify if they controlled the domain the rep's response was "if it has our logo it's ours". After pressure he decided to not take responsibility and disavowed the domain (it's theirs). Btw it was using a bog standard let's encrypt cerificate.

How are clients supposed to avoid phishing?

Show threadPavel MachekMay 27, 2025
@babe mbank.cz signs _some_ of their emails. I could not believe that was not a scam...
Digitální banka pro moderní život | osobní finance | mBank.cz

mKonto zdarma, mPůjčka bez papírů, mHypotéky online, spoření i investice – vše na jednom místě. ✅ mBank je banka, která drží krok s vámi.

Show threadKarenMay 27, 2025
@babe I refuse to interact with those.