|
E-mail from [email protected]
I just received an email purporting to be from [email protected]. It says:
You recently submitted a request to correct your personal data and a request to access your personal data. To address your requests, we must verify your identity for security purposes, and we have determined that we need additional information for our identity verification process. We would kindly ask you to respond to this email within two weeks with your date of birth (MM/DD/YYYY) and with as much detail as possible on what you would like to be corrected. Once we receive this additional information, we will complete our identity verification process and address your requests as appropriate, which we anticipate will occur within a reasonable amount of time. If you have a MileagePlus account, you can also update your personal details and marketing preferences anytime by logging into your MileagePlus account here or contacting the MileagePlus service center here. Please note that we may not be able to correct certain information, such as where we are maintaining a record or as related to historical transactions. If you are requesting a correction because you believe that historical information reflects an inaccuracy, we may request additional details to confirm that the correction is appropriate. Sincerely, United Airlines Regardless, there is NO way I'm responding to this by replying via email with sensitive personal information. If this is legit, United needs to do a better job of identity verification -- but I'm assuming it's not legit, return path not withstanding. |
Did you make a request? That would be my first test of legitimacy.
If so, what are you trying to correct that can not be address via your account? |
Originally Posted by ExplorerWannabe
(Post 35859131)
I just received an email purporting to be from [email protected]. It says:
The email header shows a return path of [email protected] but a message ID ending in outlook.com. Regardless, there is NO way I'm responding to this by replying via email with sensitive personal information. If this is legit, United needs to do a better job of identity verification -- but I'm assuming it's not legit, return path not withstanding. |
Originally Posted by Clemson
(Post 35859296)
I think you're being a bit too paranoid. I received this as well after making a Privacy request and responded. If you're worried, simply reply and type in the email address manually instead of relying on the auto-filled address. [email protected] is listed on United's website as their point of contact for privacy requests.
|
Originally Posted by limey1K
(Post 35859312)
There is no such thing as paranoia. Your worst fears can come true at any moment.
|
The outlook.com is a red flag I’d think.
|
Folks getting this email, whiich I just did, perhaps you triggered this based on responding to links provided in United Might Sell our Data
Originally Posted by Clemson
(Post 35859296)
.. If you're worried, simply reply and type in the email address manually instead of relying on the auto-filled address. [email protected] is listed on United's website as their point of contact for privacy requests.
Originally Posted by limey1K
(Post 35859312)
There is no such thing as paranoia. ....
|
https://cimg5.ibsrv.net/gimg/www.fly...bc2739d47f.png
Where are you seeing an outlook.com? |
if you're seeing outlook.com in the headers, do you use outlook the app or microsoft 365 to receive the e-mail in question? if so, then, there's your answer. i get my gmail in outlook and every e-mail i receive (or send, but that's separate) has an outlook.com header bc it passes thru their servers to get to me
|
Originally Posted by WineCountryUA
(Post 35859138)
Did you make a request? That would be my first test of legitimacy.
|
Originally Posted by Bear96
(Post 35859521)
It could someone else making an illegitimate request, and this is UA making a legitimate request to verify it.
|
Originally Posted by WineCountryUA
(Post 35859359)
Folks getting this email, whiich I just did, perhaps you triggered this based on responding to links provided in United Might Sell our Data
This technique of manually entering the email is good internet hygiene and removes any concerns of phishing In most cases, paranoia is overrated |
Originally Posted by WineCountryUA
(Post 35859138)
Did you make a request? That would be my first test of legitimacy.
If so, what are you trying to correct that can not be address via your account? My point in posting this was 1) see if anyone else got a similar e-mail and 2) to warn anyone else getting one of these. If United monitors this page, it wouldn't hurt for them to know this is a stupid way to do authentication but I really don't think this is legit.
Originally Posted by benjymessner
(Post 35859472)
if you're seeing outlook.com in the headers, do you use outlook the app or microsoft 365 to receive the e-mail in question? if so, then, there's your answer. i get my gmail in outlook and every e-mail i receive (or send, but that's separate) has an outlook.com header bc it passes thru their servers to get to me
Originally Posted by Clemson
(Post 35859360)
https://cimg5.ibsrv.net/gimg/www.fly...bc2739d47f.png
Where are you seeing an outlook.com? https://cimg9.ibsrv.net/gimg/www.fly...b79ee1f184.png |
Originally Posted by ExplorerWannabe
(Post 35859666)
Of course, if you never actually requested something, maybe you should forward the message to [email protected] and ask what this is about. |
"Just because you're paranoid doesn't mean they aren't out to get you"
That said it appears that United is using Office 365 for email infrastructure so the .outlook.com traces are to be expected. One option is to look at the full message headers for signs that might lead you . In Outlook (on PC, at least) open the message then File -> Properties and they're in the box labeled "Internet Headers", you can CTRL+A then CTRL+C to copy and paste to something more readable to than the tiny box. In GMail while viewing a message click the three dots at the far right then "Show Original". For example/comparison, headers for a legitimate email received from an individual at United are below with heavy redactions for their anonymity. In particular the Received: headers are read chronologically with the newest entry at the top, and stop reading at the last at the last entry that is made by a server you control or trust (since headers ca be forged much like caller ID can be spoofed...but everything that touches the message after that will add its own header. Received: from My Corp Mail Server 1.local (10.5.0.12) by My Corp Mail Server 1.local (10.5.0.12) with Microsoft SMTP Server (TLS) id xx.x.xxxx.xx via Mailbox Transport; Thu, 9 Nov 2023 06:16:30 -0500 Received: from My Corp Mail Server 1.local (10.5.0.12) by My Corp Mail Server 1.local (10.5.0.12) with Microsoft SMTP Server (TLS) id xx.x.xxxx.xx; Thu, 9 Nov 2023 6:16:29 -0500 Received: from My Corp Mail Server 3.local (10.5.0.19) by My Corp Mail Server 1.local (10.5.0.12) with Microsoft SMTP Server id xx.x.xxxx.xx via Frontend Transport; Thu, 9 Nov 2023 06:16:29 -0500 Received: by My Corp Mail Server 3.local (Postfix, from userid 1001) id 6AA8382070C; Thu, 9 Nov 2023 11:16:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin x.x.x (20xx-xx-xx) on My Corp Mail Server 3 X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_A U,HTML_IMAGE_RATIO_04,HTML_MESSAGE,RCVD_IN_DNSWL_L OW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NO NE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: from mx0a-00212602.pphosted.com (mx0a-00212602.pphosted.com [67.231.145.22]) by My Corp Mail Server 3.local (Postfix) with ESMTPS id 37E148203A0 for <My Corp Email Addrss>; Thu, 9 Nov 2023 11:16:25 +0000 (UTC) Received: from pps.filterd (m0142708.ppops.net [127.0.0.1]) by mx0a-00212602.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3A99qfFG035188 for <My Corp Email Addrss>; Thu, 9 Nov 2023 05:16:23 -0600 DKIM-Signature: [...] Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2169.outbound.protection.outlook.com [104.47.57.169]) by mx0a-00212602.pphosted.com (PPS) with ESMTPS id 3u7w2ntuhm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <My Corp Email Addrss>; Thu, 09 Nov 2023 05:16:23 -0600 ARC-Seal: [...] ARC-Message-Signature: [...] bh=qCSLcF6gUhbVbUQK8YTuo4W/F ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=united.com; dmarc=pass action=none header.from=united.com; dkim=pass header.d=united.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ual.onmicrosoft.com; s=selector2-ual-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=[...] Received: from DM8PR10MB5414.namprd10.prod.outlook.com (2603:10b6:8:32::10) by BY5PR10MB4273.namprd10.prod.outlook.com (2603:10b6:a03:205::19) with Microsoft SMTP Server (version=TLS1_2,cipher=TLS_ECDHE_RSA_WITH_AES_256_ GCM_SHA384) id 15.20.6954.28; Thu, 9 Nov 2023 11:16:17 +0000 Received: from DM8PR10MB5414.namprd10.prod.outlook.com ([fe80::29fd:56db:668d:4119]) by DM8PR10MB5414.namprd10.prod.outlook.com ([fe80::29fd:56db:668d:4119%4]) with mapi id 15.20.6954.029; Thu, 9 Nov 2023 11:16:17 +0000 From: "someone at united" <someone@united.com> To: lincolnjkc <My Corp Email Addrss> Subject: FW: Email Subject Thread-Topic: Email Subject Thread-Index: [...] Date: Thu, 9 Nov 2023 11:16:16 +0000 Message-ID: <[...]@DM8PR10MB5414.namprd10.prod.outlook.com> References: <[...]><[...]@SA1PR09MB7376.namprd09.prod.outlook.com> In-Reply-To: <[...]@SA1PR09MB7376.namprd09.prod.outlook.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: [...] x-ms-office365-filtering-correlation-id: [...] x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: [...] MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM8PR10MB5414.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: [....] X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2023 11:16:16.8844 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: [...] X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: [...] X-MS-Exchange-Transport-CrossTenantHeadersStamped: [...] X-Proofpoint-GUID: [...] X-Proofpoint-ORIG-GUID: [...] X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.61 9,FMLib:17.11.176.26 definitions=2023-11-09_10,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 impostorscore=0 adultscore=0 bulkscore=0 phishscore=0 suspectscore=0 clxscore=1011 spamscore=0 lowpriorityscore=0 priorityscore=1501 mlxscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311090082 Return-Path: someone@united.com X-MS-Exchange-Organization-AuthSource: My Corp Mail Server 1.local X-MS-Exchange-Organization-AuthAs: External X-MS-Exchange-Organization-AuthMechanism: 10 X-MS-Exchange-Organization-Network-Message-Id: [...] X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0 |
| All times are GMT -6. The time now is 2:11 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.