I just noticed this email in a clients inbox, red flags are no named recipient, no unsubscribe link, amateur sig, etc etc.
The particular client is in her 90's with substantial assets invested with the company below. Her husband recently died and no family in NZ.n
Not so much the email I'm concerned about but the Wealth Management Company that sent it. Just a single review on Google.
|
|
Subscriber
lxsw20:
I don't see too much wrong with that.
The to is empty because they will have BCC'd, and the links being wrong is probably their marketing team/person being a marketing team/person.....you're talking about a small business here by the looks.
The link you've put is not the same company, this is the company in question - https://yhpj.co.nz/
Hi yeah different site but essentially same firm. In 2020 it was split into two parts - Wealth Management, and Accounting.
There are around 70 emails that go back to 2017 - but most not spam. The mailing list spam started at the end of last year.
My main concern lies with the growing number of unsolicited emails being sent to my client without an unsubscribe link - totally illegal of course.
Not the sort of activity an upstanding, professional accounting firm would engage in....?
At first glance these look just like typical scam/phishing emails. There are 5 or 6 similar to the example screenshots below.
I'm wondering how reputable this company is now after the restructure? What do you think?
Trusted
SirHumphreyAppleby:
K8Toledo:
My main concern lies with the growing number of unsolicited emails being sent to my client without an unsubscribe link - totally illegal of course.
An unsubscribe link is not required. Even though the DIA has in their FAQ that a link is acceptable, the law actually requires that "... the unsubscribe facility allows the recipient to respond to the sender using the same method of communication that was used to send the principal message". Technically, that makes all that "noreply" nonsense illegal.
https://www.legislation.govt.nz/act/public/2007/0007/latest/whole.html#DLM405207
I disagree, and the link you posted confirms what I said? It is illegal to send unsolicited emails without an unsubscribe link.
K8Toledo:
I disagree, and the link you posted confirms what I said? It is illegal to send unsolicited emails without an unsubscribe link.
Also, refer to Mark's comment above.
SirHumphreyAppleby:
K8Toledo:
I disagree, and the link you posted confirms what I said? It is illegal to send unsolicited emails without an unsubscribe link.
Also, refer to Mark's comment above.
Could you clarify?
Trusted Lifetime subscriber
K8Toledo:
SirHumphreyAppleby:
Also, refer to Mark's comment above.
Could you clarify?
IANAL - but if I was, then I would say it may come down to the interpretation of 'a functional unsubscribe facility' - it doesn't expressly state the form the unsubscribe facility needs to be in, only that there is one available and that it's functional.. Based on the screenshots provided, I would argue that they would fall foul of section (1)(b) - I can't see any mention or option of unsubscribing in a 'clear and conspicuous manner'... Which then begs the question whethere there is in fact a 'functional unsubscribe facility' is present at all?
Hi, so closer inspection confirms there are phishing emails coming in after all. I also checked the headers of five suspect emails with MXToolbox and all were blacklisted.
I think it's possible the previously mentioned accounting firm's email server may be compromised. This has to with events IRL that I won't go into....:)
Inside the red squares below you'll see a company name.
Screenshot on the left is the original image (taken from mailchimp). Screenshot on the right is the shopped image from a phishing email.
Another one.
Is it likely the company email server above is compromised, as I'm wondering if I should contact them.
ID Verified Lifetime subscriber
Trusted
Subscriber
|
|
|
