20 Replies Latest reply: Aug 6, 2013 2:18 PM by eb5147 RSS

Phishing?

profchiara Alumni Steward Silver 3 Reviews
Currently Being Moderated

I just received an email purportedly from Marriott telling me a number of accounts had been breached although mine was not one of them (if it was from Marriott, that's sure to make a serious person suspicious). It told me to change my password.  I did not click on the link, but closed that browser and opened up a different browser and indicated I'd forgotten my password so that I could change it.  Once on Firefox (having not clicked through on Safari), it seemed to know nothing of what I assume was a phishing attempt because it led me through several steps asking me if I wanted my hint, etc., not indicating any level of fraud.

 

Can Marriott confirm this was a phishing attempt?  Here is the message I got.  If this was not phishing, why when I opened separately in a different browser did security not immediately let me pick a new password rather than 'helping' me remember my old one:

   

Marriott Rewards <Marriott@marriott-email.com>

August 5, 2013

 

Dear Marriott Rewards Member,

 

The security of your Marriott Rewards® account is of the utmost importance to us. There have been recent attempts to gain unauthorized access to a small number of members' online accounts. Although your account was not included in these attempts, as a precaution, we are requesting you to visit Marriott.com and change your password as soon as possible to assist us in ensuring the security of your account.

 

As of August 8th, 2013 you will not be able to access your online account from your mobile device until you have changed your password. Please change your password on Marriott.com from your desktop; updates cannot be made on Marriott mobile applications.

 

 

1.     To change your password log into My Account on Marriott.com, visit your Profile page and select "Change Password".

 

2.     Select a unique password, at least eight characters long, that is not used with any other online account you may have.

 

3.     Security experts urge that a more secure password contains at least one number.

 

Our Data Privacy and Protection team has been working diligently to implement safeguards to block these attempts and maintain the ongoing security of all member accounts.

 

These types of online attacks become possible when individuals use the same email address and password combination for multiple online accounts. The email address and password combination becomes more susceptible to being collected via external sources and then used in an attempt to gain unauthorized access to other online accounts, such as your Marriott Rewards account.

 

If you have any questions, please call Marriott Rewards Guest Services at 855-501-6802 for assistance.

 

We take this matter very seriously as we have a long-standing commitment to protect the privacy of the personal information that our guests entrust to us. Thank you for your prompt attention to this important notice.

 

Sincerely,

 

Marriott Rewards Guest Services

 

 

 

 

     Terms Of Use :: Privacy Policy

 

This email was sent to you by Marriott International, Inc. based on a past or present relationship with Marriott.

 

You may receive customer service notifications even if you have unsubscribed from Marriott promotional email.

 

Marriott- Internet Customer Care

1818 North 90 Street

Omaha, NE 68114-1315 USA

 

©2013 Marriott International, Inc.   

(For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    jmat6687 Gold
    Currently Being Moderated


    Just got it too. Kinda got my red flag up...Didn't respond to it....

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    seat3aplease Platinum
    Currently Being Moderated

    Same here, was just popping in to post it, or see if anyone else received it. Nothing on my Platinum page about it either. Thanks for posting!

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    iahflyr Platinum 26 Reviews
    Currently Being Moderated

    I got the same email and decided to call the number and speak with an agent who said it was not fraud......so just to be sure I called the Plat CS line and guess what, got a 14 minute wait just to verify the email.  In the meantime I changed my password, waited about 30 minutes and changed it a second time.  When I finally got to speak with the Plat CS associated they verified it was sent by Marriott so legit.

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

    • Re: Phishing?
      eb5147 Alumni Steward Platinum 7 Reviews
      Currently Being Moderated

      Profc,

       

      I just got it, too.

       

      I've read on here that others had previously gotten this and it was legit.  They aren't phishing, but for them to have all of our addresses, we would have to change it directly through the Marriott site, not through an e-mail.

      (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    tryt53 Alumni Steward Platinum 5 Reviews
    Currently Being Moderated

    profC,

    If the email doesn't try to get you to click a link in the email, or ask you to send this on to other people, that is usually an indicator that is it probably genuine.  If you are directed to go to your site on your browser and change information on your home site, then they wouldn't be gaining anything out of it, or compromising any information from you.  If they ask you to send it on to others, I always delete these as spam type of emails meant to clutter up people's lives and slow down email servers.

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    iamman Member
    Currently Being Moderated

    I am uncertain of the e-mail's origin. The links on the entire page go to a single address (suspect). http://Marriott-email.com/ goes to a blank page.

     

    http://marriott-email.com/16b6f6299layfousiamsoxeqaaaaabjjtqleqrwylgqyaaaaa

     

    The link redirects you to the main Marriott page. If it had some other identifying information such as the last 4 digits of my rewards number or even my name, then I may of believed it was legit sooner.

     

    Poor message content and not enough bonafides to trust.

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

    • Re: Phishing?
      iahflyr Platinum 26 Reviews
      Currently Being Moderated

      Not sure if some read other posts, but the email was legit and from Marriott!   If you're not believing what was posted then simply call your elite line CS and find out.

      (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    jerrycoin Alumni Steward Platinum 60 Reviews
    Currently Being Moderated

    Thanks all!

     

    Got the same message, and did not respond.

     

    Have had my identity stolen two times already, and this was "Fishy"

     

    I really am concerned?

     

    None of us need more headaches.  We are in a "Battle" enough every day!

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    profchiara Alumni Steward Silver 3 Reviews
    Currently Being Moderated

    Apparently it was real, but Marriott sure made it look like a phishing attempt.  Why send me an email if they 'knew' MY account in particular was not compromised (that more than anything seemed suspicious)?  Then when I changed browsers it made it very difficult (in fact impossible unless I had spent more time) to actually change my password.

     

    If Marriott's IT dept. is sending these out, then they need to do a much better job of making it look like it's really from Marriott.

    ProfChiara

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

    • Re: Phishing?
      eb5147 Alumni Steward Platinum 7 Reviews
      Currently Being Moderated

      You're so right about that, and then to tell travelers that they have 3 days to change their passwords when they say that their account hasn't been hacked seems a bit much, also.  What do they know that they AREN'T saying if they go to those lengths?  It just seems really unprofessional of Marriott all the way around.

       

      The one thing I commend them on is having this site so we can have more input.

       

      I wonder if this has anything to do what that foul mouthed hater's post?

      (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

      • Re: Phishing?
        kroywen Gold 11 Reviews
        Currently Being Moderated

        I got the email, went to the site (directly, of course, not via a link) and changed my password.   What's the big deal?    Certainly a lot easier than the phone call I received from Citibank 3 days ago saying my CitiAmex card was fraudulently used!   They cancelled it immediately, I had to destroy it -- while out of town -- go over each & every charge with them, and then wait to receive a replacement!!    Good thing I carry more than one card

        Anyway, we should be changing our passwords on a regular basis for ALL sites that have any data that can be compromised.   An easy way to do it is to keep the same basic PW for that site (each site SHOULD have a different PW) and just add/change the number to coincide with your or a child's age,  i.e. marriott29 will become marriott30 the next year.  However, if you forget how old you are, you're in trouble

        (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    captbigguy Platinum 4 Reviews
    Currently Being Moderated

    Well, I went back to see if I still had that email,and sure enough I saved it...  I got mine on July 17th.

     

    As an IT guy, I am suspicious if the email does not address me personally and asks me for any information.  This email did address me by name and I checked out the source and it was from Marriott.  But a couple of you did the absolutely correct thing... Go to the website NOT via the link and change your password...

     

    Here are a couple of tips for you when you see these types of things:

     

    1.  If it is real, the email should address you personally, NOT as "Dear valued person."  That's your first tip that it could be a phishing scam.

    2.  Are they asking you to send them your information?  If they are asking you to send them the information they should already have, then it is probably a phishing scam.  They have your username, password (even though it is encrypted on their server and they can't really see it.) and they have your other information as well.  This email did not ask for any information, but asked you to "as a precaution" change your password..

    3.  NEVER... NEVER... NEVER open a link from an email unless you KNOW it is valid.

    4.  Right click on the link and choose "Properties" to view the link.  This will tell you exactly where the link is taking you.  The main thing you are looking for is the domain name or the "dot-com" name.  Even then, if you are not SURE don't click it.  Even if you ARE sure, it's best not to click the link, but to go to the website you KNOW is correct using your "favorites/bookmarks" or typing in the URL.

    5.  If you are still unsure, call the number on the email.  Don't assume it is the right one, but if they don't answer as being a part of who the email is supposedly from, then beware.  Better yet, go to the REAL website, and call them directly.  They will be able to tell you if they sent the email.

    6.  Copy the URL if it is NOT from who you think it should be and email that to the administrator or other email.  Most companies like Marriott are eager to learn of any type of scam using their name and their security follks will often put out a general warning to their members to be on the lookout for this email and what to do if you receive one.

     

    Phishing scams are around every corner, but I feel this one is legit.  However, I still would not use the email link to change your password... BUT I WOULD suggest you go to the marriott.com website and change yours for your protection.  Kroywen is spot on that we should be changing our passwords periodically anyway.

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    profchiara Alumni Steward Silver 3 Reviews
    Currently Being Moderated

    This is ridiculous.  Since I didn't have time to go through all the steps yesterday, I closed Firefox and reopened, went to the site, and clicked forgot password.  It asked me to enter my email address and various information.  I did.  Then it asked me if I wanted my hint.  I clicked, no I still did not remember (even though of course I did).  So it said it would send me my password.

     

    It sent me my password -- the real one.  Is there some other way besides saying you forgot your password to change it?  I don't see it on my firefox screen.  But other sites where I have clicked 'forgot password' just in order to change it regularly send me a temporary one, then ask me to change it on the site.

     

    This seems very half-baked to me, even if it's legit.  So I still have the same password which fortunately is not compromised .

    ProfChiara

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    profchiara Alumni Steward Silver 3 Reviews
    Currently Being Moderated

    It gets better.  I just signed out and unchecked remember me and then clicked on set up account as an alternate to forgot password.  When I filled out the info I got a red note that my account already existed. DUH! But no chance to change my password.  For those of you who have changed it what are you clicking and are you using a different browser?  I have never had this problem with any other site.

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

    • Re: Phishing?
      NathalieF Community Manager Marriott Associate
      Currently Being Moderated

      morning profchiara, I'l have screenshots in a sec. To change your password, you actually want to log into My Account on Marriott.com, visit your Profile page and select "Change Password".

       

      The "forgot password" link is intended to help those members that are unable to sign in because they've forgotten their password.

      (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

    • Re: Phishing?
      NathalieF Community Manager Marriott Associate
      Currently Being Moderated

      Once you sign into your Marriott Rewards account, click the "Member profile" tab

      Untitled-2.jpg

      Select "Change Password"

      Untitled-1.jpg

      Then, click either "Edit" or "Change Password" links

      (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

      • Re: Phishing?
        iahflyr Platinum 26 Reviews
        Currently Being Moderated

        profchiara I changed my password three times yesterday without issue using FireFox.

         

        Thanks for the screen shot Andy, that is exactly what I saw when changing passwords.

        (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

      • Re: Phishing?
        profchiara Alumni Steward Silver 3 Reviews
        Currently Being Moderated

        Thanks, Andy -- this worked!

        (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

  • Re: Phishing?
    ansaa Member
    Currently Being Moderated

    All -

     

    Please know that my message to you right now is NOT a phishing attempt, it is 100% legitimate and sent by Marriott Rewards.

     

    Attempts have been made by hackers to log into Marriott Rewards member accounts, however the vast majority of the attempts were stopped and our member’s accounts are secure. Hackers are trying to exploit the fact that many of us tend to use similar log in information across multiple sites, so this email is intended to proactively prevent such vulnerabilities.

     

    As of August 8th, 2013 you will not be able to access your online account from your mobile device until you have changed your password. Please change your password on Marriott.com from your desktop; updates cannot be made on Marriott mobile applications.

     

    1.     To change your password log into My Account on Marriott.com, visit your Profile page and select "Change Password".

    2.     Select a unique password, at least eight characters long, that is not used with any other online account you may have.

    3.     Security experts urge that a more secure password contains at least one number.

     

    If you have any questions, please call Marriott Rewards Guest Services at 855-501-6802 for assistance.


    -ansaa

    (For each location tag, you will be guided through a 3-step process to add (1) a city and a state or a city and a country, (2) a Marriott brand, and (3) a Marriott hotel.)

More Like This

  • Retrieving data ...