Please ensure Javascript is enabled for purposes of website accessibility Jump to content

Suspicious-looking Line6 email...


Crito
 Share

Recommended Posts

I just received a suspicious-looking email stating that "A request to change your account password was received and processed. Click the link below to enter a new password. This link will expire in 1 ( one ) hour and you can only click it ONCE." and providing a line6 URL (I checked, it really was a line6 URL) that allowed me to change my password without first entering my old password. What's more, it seems to have worked! However, I never made such a request. Could anyone explain to me what this means? Did I receive the email because someone unsuccessfully tried to change my password?

Link to comment
Share on other sites

Yes, but the URL was authentic (behind the printed link), and it did allow me to change my password on the Line6 site. So what bothers me is that the wording of the email includes the phrase "A request to change your account password was received and processed. Click the link below to enter a new password. This link will expire in 1 ( one ) hour and you can only click it ONCE." This is very unclear. Who made the request? For what reason? What does 'processed' mean (it sounds like my password had already been changed). If no one from Line6 responds to this thread, I will call their support number to complain.

Link to comment
Share on other sites

Thanks for the feedback, Guru. So... you're theory, which seems plausible to me, is that the email was generated by Line6, but that the process was started by someone trying to hack into my account. If that is right, I'd still like someone from Line6 to confirm it. I'd also like to point out to them that the email looks like a phishing email, and they should consider making it much more transparent and explanatory!

Link to comment
Share on other sites

Right Hurghanico. I always am very careful about my accounts. I use 1Password to generate very secure passwords, and never use the same password for two sites. And I have already done what you suggested.

 

Perhaps I didn't make it clear that I am very familiar with all the standard security protocols, and I wouldn't have clicked on the link or changed my password (the first time) after doing so if I weren't 99% convinced that I was on the actual Line6 site. Perhaps I should have been 100% convinced, but so far the situation is: no harm has been done.

 

I still think Line6 should modify the email I received from their site, especially the use of the word 'processed'. That was needlessly scary, and does not seem to have been literally true.

Link to comment
Share on other sites

If that is right, I'd still like someone from Line6 to confirm it.

Which isn't unreasonable, just don't expect an answer in here. This is a user forum... while L6 staffers occasionally chime in, nobody "official" is actively monitoring every thread, and most of the time they don't participate in discussions. If you want an answer you'll have to contact them directly... especially for something sensitive like this.

  • Upvote 1
Link to comment
Share on other sites

Sure, but they can determine what the automated response should be. 'Processed' sounds like the password had indeed been changed, not just that the process of changing it had begun. If they want to communicate 'the process of change has begun', they could have the automated system use that phrase instead.

 

I've called Line6, and they're are going to look into this further. I'll post again once I here back from them.

Link to comment
Share on other sites

So... Line6 has explained the situation:

 

I'm sorry you had an unprovoked password reset prompt from us. It was not a fishing email or anything nefarious. It seems that another user with a very similar user name mistakenly typed in yours and requested the reset, pinging your account instead of theirs. You still have a secure account and all is well. Let me know if you have any further questions.

 

I still hope they fix the language of the 'prompt' so that it doesn't mislead the recipient into thinking that their password has already been changed. (It will appear to be a phishing expedition only if the recipient has not initiated the process, which may be very rare).

 

Thanks to Line6 for responding quickly and tracking down what happened.

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...