We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
1and1 asking for web password over the phone
afly
Posts: 105 Forumite
Hey all, just a quick 1&1 warning
I get a lot of expiring domain type emails from various companies. Many of which I dont renew but I missed one with 1&1 which must of been some kind of auto-renewal (not an option I usually go for).
In my first experience of its kind, I'm being threatened with a debt collection agency for £7 if I don't get back to them within 7 days or pay the amount online
Fair cop, I should of paid more attention
Read it, logged into my account and it's locked. I can and have added payment methods but I can't initiate a payment to an invoice, nor anything else (such as changing my password)
Called the number on the notice, recorded voice informed me payment can't be made over the phone for security reasons but I persisted in the hope I could get the account unlocked and make the payment.
I was greeted by a lady with an american/indian accent who asked me my name, my username/account number and then to my astonishment, my password. I thought she meant some sort of phone password but she clarified, "The password you use to log into the 1and1 website". I hung up at that point convinced of a scam.
Turns out no, they actually ask for it, for cancellations also (although I never got as far as specifying why I was calling). So whilst they can't take payment over the phone for "security reasons" I can provide enough information to allow unlimited use of my on file CC and associated paypal account.
I've tried the email route and expressed my displeasure at the practice. Just thought I'd rant on here a little should anyone be considering them for web services. Scammers have indeed exploited this practice and why not? It's perfect. When a scam victim googles "do 1and1 ask for your password over the phone" the answer is yes, they do.
http://www.andrewmunsell.com/blog/one-and-one-asks-for-your-password/
I get a lot of expiring domain type emails from various companies. Many of which I dont renew but I missed one with 1&1 which must of been some kind of auto-renewal (not an option I usually go for).
In my first experience of its kind, I'm being threatened with a debt collection agency for £7 if I don't get back to them within 7 days or pay the amount online
Fair cop, I should of paid more attentionRead it, logged into my account and it's locked. I can and have added payment methods but I can't initiate a payment to an invoice, nor anything else (such as changing my password)
Called the number on the notice, recorded voice informed me payment can't be made over the phone for security reasons but I persisted in the hope I could get the account unlocked and make the payment.
I was greeted by a lady with an american/indian accent who asked me my name, my username/account number and then to my astonishment, my password. I thought she meant some sort of phone password but she clarified, "The password you use to log into the 1and1 website". I hung up at that point convinced of a scam.
Turns out no, they actually ask for it, for cancellations also (although I never got as far as specifying why I was calling). So whilst they can't take payment over the phone for "security reasons" I can provide enough information to allow unlimited use of my on file CC and associated paypal account.
I've tried the email route and expressed my displeasure at the practice. Just thought I'd rant on here a little should anyone be considering them for web services. Scammers have indeed exploited this practice and why not? It's perfect. When a scam victim googles "do 1and1 ask for your password over the phone" the answer is yes, they do.
http://www.andrewmunsell.com/blog/one-and-one-asks-for-your-password/
0
Comments
-
Hey all, just a quick 1&1 warning
I get a lot of expiring domain type emails from various companies. Many of which I dont renew but I missed one with 1&1 which must of been some kind of auto-renewal (not an option I usually go for).
In my first experience of its kind, I'm being threatened with a debt collection agency for £7 if I don't get back to them within 7 days or pay the amount online Fair cop, I should of paid more attention
Read it, logged into my account and it's locked. I can and have added payment methods but I can't initiate a payment to an invoice, nor anything else (such as changing my password)
Called the number on the notice, recorded voice informed me payment can't be made over the phone for security reasons but I persisted in the hope I could get the account unlocked and make the payment.
I was greeted by a lady with an american/indian accent who asked me my name, my username/account number and then to my astonishment, my password. I thought she meant some sort of phone password but she clarified, "The password you use to log into the 1and1 website". I hung up at that point convinced of a scam.
Turns out no, they actually ask for it, for cancellations also (although I never got as far as specifying why I was calling). So whilst they can't take payment over the phone for "security reasons" I can provide enough information to allow unlimited use of my on file CC and associated paypal account.
I've tried the email route and expressed my displeasure at the practice. Just thought I'd rant on here a little should anyone be considering them for web services. Scammers have indeed exploited this practice and why not? It's perfect. When a scam victim googles "do 1and1 ask for your password over the phone" the answer is yes, they do.
http://www.andrewmunsell.com/blog/one-and-one-asks-for-your-password/
How would giving the password to your web site allow unlimited use of your credit card and Paypal account?0 -
all they really need is the domain name and account username, using these they will be able to locate the account in their admin area, which would allow them to see and change the password, but just google 1 and 1 and you will see many negative reviews about them and their CS.0
-
How would giving the password to your web site allow unlimited use of your credit card and Paypal account?
You associate/authorise your paypal account with 1and1 to allow quick instant purchases. Your CC is held on file for the same reason. (think amazon 1 click checkout)
Had this of been a scam I would of provided the scammers with unlimited ability to purchase 1and1 products using my details (and potentially lock me out of my account with a simple change of email).
Im sure you can appreciate that asking customers for information like that is a serious issue. It only takes a single 1and1 employee (let alone scammers) to note the password and the customers email address and start trying to login to all kinds of other websites with that info.
On the plus side, billing@1and1.co.uk got back to me today to say because I've associated the PP account, they have initiated the payment and the account should be unlocked within 3 days, so I'd recommend that route if you can
0 -
As above - they shouldn't ask for your password, and worse still it probably means that somewhere your password is being stored in plaintext and being displayed to someone in a call centre!Nothing I say represents any past, present or future employer.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.6K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.6K Work, Benefits & Business
- 600K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards