Jump to content
Crito

Suspicious-looking Line6 email...

Recommended Posts

I just received a suspicious-looking email stating that "A request to change your account password was received and processed. Click the link below to enter a new password. This link will expire in 1 ( one ) hour and you can only click it ONCE." and providing a line6 URL (I checked, it really was a line6 URL) that allowed me to change my password without first entering my old password. What's more, it seems to have worked! However, I never made such a request. Could anyone explain to me what this means? Did I receive the email because someone unsuccessfully tried to change my password?

Share this post


Link to post
Share on other sites

That's strange and if I received such a suspicious email I would've deleted it and then went to my Line 6 profile and changed my password. Or I might just call or contact Line 6.

Share this post


Link to post
Share on other sites

Yes, but the URL was authentic (behind the printed link), and it did allow me to change my password on the Line6 site. So what bothers me is that the wording of the email includes the phrase "A request to change your account password was received and processed. Click the link below to enter a new password. This link will expire in 1 ( one ) hour and you can only click it ONCE." This is very unclear. Who made the request? For what reason? What does 'processed' mean (it sounds like my password had already been changed). If no one from Line6 responds to this thread, I will call their support number to complain.

Share this post


Link to post
Share on other sites

Thanks for the feedback, Guru. So... you're theory, which seems plausible to me, is that the email was generated by Line6, but that the process was started by someone trying to hack into my account. If that is right, I'd still like someone from Line6 to confirm it. I'd also like to point out to them that the email looks like a phishing email, and they should consider making it much more transparent and explanatory!

Share this post


Link to post
Share on other sites

Right Hurghanico. I always am very careful about my accounts. I use 1Password to generate very secure passwords, and never use the same password for two sites. And I have already done what you suggested.

 

Perhaps I didn't make it clear that I am very familiar with all the standard security protocols, and I wouldn't have clicked on the link or changed my password (the first time) after doing so if I weren't 99% convinced that I was on the actual Line6 site. Perhaps I should have been 100% convinced, but so far the situation is: no harm has been done.

 

I still think Line6 should modify the email I received from their site, especially the use of the word 'processed'. That was needlessly scary, and does not seem to have been literally true.

Share this post


Link to post
Share on other sites

If that is right, I'd still like someone from Line6 to confirm it.

Which isn't unreasonable, just don't expect an answer in here. This is a user forum... while L6 staffers occasionally chime in, nobody "official" is actively monitoring every thread, and most of the time they don't participate in discussions. If you want an answer you'll have to contact them directly... especially for something sensitive like this.

  • Upvote 1

Share this post


Link to post
Share on other sites

Understood, cruisinon2. But I also think it's important for other users to be aware of this issue, hence the post here.

Share this post


Link to post
Share on other sites

Sure, but they can determine what the automated response should be. 'Processed' sounds like the password had indeed been changed, not just that the process of changing it had begun. If they want to communicate 'the process of change has begun', they could have the automated system use that phrase instead.

 

I've called Line6, and they're are going to look into this further. I'll post again once I here back from them.

Share this post


Link to post
Share on other sites

So... Line6 has explained the situation:

 

I'm sorry you had an unprovoked password reset prompt from us. It was not a fishing email or anything nefarious. It seems that another user with a very similar user name mistakenly typed in yours and requested the reset, pinging your account instead of theirs. You still have a secure account and all is well. Let me know if you have any further questions.

 

I still hope they fix the language of the 'prompt' so that it doesn't mislead the recipient into thinking that their password has already been changed. (It will appear to be a phishing expedition only if the recipient has not initiated the process, which may be very rare).

 

Thanks to Line6 for responding quickly and tracking down what happened.

  • Upvote 1

Share this post


Link to post
Share on other sites

finger slip?

Sorry pianoguyy - not following you.

 

Finger slip - meaning accidentally click something. 

I used to do it all the time, then I turned "tap to click" off. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×