back to article Hilton hotels' email so much like phishing it fooled its own techies

Hilton hotels' HHonors loyalty program has shipped an email so similar to a phishing email it tricked its own IT shop into advising that it was a scam. The email was an attempt to get customers to confirm their contact details by logging into their accounts and revising their stored contact details. One user reported the …

Anonymous Coward

Re: Verifiable?

Banks are high-profile targets. And some have gone to insane lengths to break into banks to get the goods. I wouldn't be surprised if someone went to insane lengths to steal the bank's private signing key so they can pass off spam e-mails as legit ones even with key checking.


A genuine email from Southern Rail last year.

"Anonymous John, important information about your Account.

"Dear Anonymous John,

We're improving the way you buy train tickets from our website and you're invited to give it a try. Check out the new features we are rolling out and buy your ticket from the beta version which is now available."


How do I access it?

In order to continue logging in using your usual email address, all you need to do is reset your password using the button below."

It came within a whisker of being binned.

Silver badge


I got an email from Newegg yesterday thanking me for creating an account and asking me to login (can't remember the reason) It looked very phishy to me, but it was from Newegg and the link was to I've had an account there for years, so maybe it was an error. Or something else, I have no idea.

It is bad enough that Hilton does it, but a tech oriented company like Newegg should be smarter...

Silver badge

Re: Newegg

This sounds like the reverse in this case. Someone's probably trying to establish an account in your name and used your e-mail address. Perhaps you should contact newegg and tell them you didn't create this account and that someone could be trying to usurp your online identity. Meaning you should start snooping around your contact details.


1) Don't click on email links.

2) Don't open email attachments.

3) Trust no one.


@ Nameless Faceless Computer User

1) Reject HTML emails as SPAM

2) Don't click on email links.

3) Don't open email attachments.

4) Trust no one.


Bronze badge

I've sent PayPal suggestions about NOT including links in their emails. They don't seem to think it's a problem. I delete everything that asks me to logon somewhere and provides a convenient link. I don't mind using those typing skills I learned in school to type in my bank's URL and access my account the normal way. Just have a message there under "notifications" that asks me to do whatever the email stated. Then I'll know if the email was legit.

I find that everything that tries to make using the internet easier just compromises security. Now we have loads of silly gadgets that let you look inside your fridge or adjust the temperature of your home from anywhere in the world. Why? Just buy another liter of semi-skim on your way home from work and if it turns out that you really didn't need it, buy some biscuits the next day to help the old carton go down easier. You don't want to get home and find that some prankster has put your heat and fridge on their highest setting or has had your AC on full blast running up your electricity bill.


Nationwide statement notification emails look like a scam

Nationwides notification emails look like a total scam, telling my my statements have been sent to my internet bank. Why the hell are they sending statements anywhere especially to an Internet bank? It's proof that no one reads the emails.



POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2018