The Great "Changes Made to Account" Mystery
September 7, 2021 4:54 AM   Subscribe

I received an email notifying me that changes were made to my Marvel account . . . except, I don't have a Marvel account. What's going on?

This past week, I received separate emails from two different organizations (Marvel and a financial company) notifying me that changes had recently been made to my accounts. The thing is - I've never set up accounts with either of these organizations.

Things I've tried:
- Going to the legitimate websites for each and logging in. However, when I do this, I'm promptly informed that no account for that email address exists.
- Checking the security of my email account. It doesn't look like anyone has tried to get in.
- Hovering my mouse over the links provided in these emails to see if they're bogus. They look legitimate enough. I'm not going to click, but still.
- Contacting customer service. Alas, not much help :(

To the clever people of Mefi - what's going on? When should I start panicking?
posted by NewShoo to Computers & Internet (5 answers total) 1 user marked this as a favorite
 
What's going on is you're getting email spam designed to look like a legit message from a company you may do business with. They're sent out at at such a volume that they're bound to end up in the inbox of someone who does have a Marvel account or an account with whichever financial institution it was that the email you received looked like it was from.
posted by emelenjr at 5:27 AM on September 7, 2021 [11 favorites]


Best answer: These are "phishing attacks". They were not sent by Marvel but by scammers. If you hover over the links in the emails, you will notice that they do not link to websites controlled by Marvel. They will link to websites controlled by the scammers that look like a Marvel login page. The scammers hope that you will enter your real passwords into their websites, and they will then try to use those passwords to steal money.

You should delete them and not click on any links in them. If you have entered any passwords into websites that the emails linked to, change those passwords at once.

Your email account or your Marvel account does not need to have been compromised for this to happen to you; they are just fishing (hence the name).

Further reading
posted by richb at 5:57 AM on September 7, 2021 [9 favorites]


Best answer: What's going on is you're getting email spam designed to look like a legit message from a company you may do business with.

Seconding this. A link may "look legitimate" when you hover over it, but there are probably some subtle clues that it isn't quite cricket.

Here's a blog post about how to check out a link without actually clicking on it. There are some links in there to "URL scanners" that go look at a link for you and tell you what it really is.
posted by EmpressCallipygos at 8:26 AM on September 7, 2021 [2 favorites]


Check the from domain and make sure it's not actually from Marvel. That means expanding the list to see the full text, hovering over, right clicking and then copy link and paste it into a notepad file to see where it ACTUALLY might go.
posted by PetiePal at 12:25 PM on September 7, 2021


Best answer: The other less-nefarious option is that some idiot has used your email address instead of their own to sign up to Marvel, and is now trying to get back into their account and triggering the emails.

But yes, either way I wouldn’t be clicking on anything.
posted by tinkletown at 4:57 PM on September 7, 2021 [1 favorite]


« Older Tips for helping dog with itchy skin?   |   Sure I'll help...but it'll cost you. Newer »
This thread is closed to new comments.