[zebrahost]

I have just received an email with links requesting me to login to my CJ account. It is an obvious phising scam. Fellow CJ affiliates don't fall for it!

[Dynamoo]

Thanks zebrahost - do you want to post an excerpt so we know what to look for?

[zebrahost]

The Title is:

Please Verify Your Account Settings for Payment and Messaging.

The body (I have deleted confidential info) is:

Is your account information still accurate? We want to make sure we reach you with your checks, tax forms and related information. We also want to keep you informed of exciting events in the CJ Marketplace and provide you with information for improving your performance in 2005.

Your Commission Junction publisher account (CID ) currently contains the following information:

Account Superuser:
Address (1st line):
Phone:


Please take a moment to verify that this information is correct by logging in to your CJ Account Manager and accessing "Account>Administrative Settings". Also, please update your email addresses as necessary within the "User Settings" section of the "Account>Administrative Settings" area.

Make sure you don't miss out on Commission Junction's customized advice and promotions, which are read by top publishers each month. Simply log in to the CJ Account Manager, select the Mail Settings tab, and check to see that you're opted in to each type of message. Your opt-ins will ensure you get the following valuable communications:*

CJ Wire - monthly publisher newsletter featuring strategy, news and the introduction of new advertisers.
What's Hot - monthly email with the top promotional offers in the CJ Marketplace selected by client development for you to review.
CJ Insider - targeted educational content sent intermittently to publishers working within specific categories, accompanied by advice on the CJ Account Manager home page.
Thank you for taking a moment to log in and update your account information, payment details, and messaging preferences.

Best regards,

Billy Hugo
Manager, Client Services
Commission Junction, a ValueClick company


*Your opt-in settings will be for Commission Junction-related messaging only. We will not share your email address with other companies.

[KariBon]

I got that email and responded before seeing this. Now what? I can't find a place on CJ to change my password.

Are you sure this was a Phishing thing? I was logged into CJ after following this email link.

??

[zebrahost]

It is definately a phishing scam. You need to login to your account ASAP and change your password.

[zebrahost]

Oops! Maybe it is not a scam! I notice that it takes you to the CJ members login. I guess that I am very paranoid about emails with links that take you to a login page.

Sorry Guys! better safe than sorry!

[Leader]

quote:

---

I can't find a place on CJ to change my password.

---

CJ Acc't Manager-->Account-->Scroll down to where you're listed as a "superuser"-->Look to the right of that line, you'll see "Actions"-->Click "Edit" link.

A popup will come up (if it doesn't, turn your blocker off) and demand your current PW. Enter it... Popup changes to show some of your info, including your PW, asks if you want to "Keep Existing" or "Change." Pick change and enter new PW.

BTW the email looks legit to me, especially since it has my acc't number (a phisher would be more likely to have one of my PIDs instead, since that's what can be seen by looking at my sites), but I didn't click the email links just in case.

[Jane]

I got the email also, if you were worried about it, just log into cj the usual way. There is no need to go through the email to do it.

[raywood]

The message I got came from a server at qwa23.boldfish-express.net. That domain is registered to Boldfish, Inc. in San Mateo, Ca. They also have a domain called boldfish.com. Browsing to that domain gets re-directed to Siebel Email Marketing.

No way to tell who is the Siebel customer that sent the message. Could be cj, but why take chances? I'll just go straight to cj.

[raywood]

Sorry, I made a mistake. Siebel in Santa Clara owns the domain boldfish-express.net. Boldfish, inc is the admin and technical contact.

[Rhea]

At first I was concerned that it was a phishing attempt but decided it was legit. When I saw they had my correct address in the email it confirmed to me that the email was from CJ.

Since this is exactly the type of method used in phishing CJ probably should have used another way to alert us that they need updated info.

[buy_online]

"Since this is exactly the type of method used in phishing CJ probably should have used another way to alert us that they need updated info. "

Exactly! CJ = Not too bright on this one.

And why are they really asking for that info? Give me a break.

Fred

[Andy]

Seems to me this would have best been handled by a notice in the CJ Account Manager, instead of via E-mail. Perhaps a message requesting users to login and update, without any links provided, would have been OK for people who don't login regularly.

Andy

[suzigeek]

I figured it was legit since it had my info correct BUT a little pissed that they sent my personal info out via email.

Maybe they thought by sending out the personal info we would realize it was a legit request??

[MichaelColey]

I got one too. It's definitely legitimate. It has personal information that only CJ (or other non-CJ merchants) would know. Most phishing schemes have absolutely no personal information in them. Also, looking at the HTML source for the email, the links go directly to a CJ domain.

[Roland]

Siebel? Isn't that roboform? I think it is.

carneol

[Dynamoo]

Well.. you can never be too careful!

[ritch111]

Quote: Siebel? Isn't that roboform? I think it is.

Siebel is a major player in CRM. They probably drive a piece of the sales management tools for CJ

Ritch

[Packy]

Remember, always as a precaution the rule of thumb all! Never click on an email link, just go directly to the site through the addy bar or your favorites folder. With all the Paypal and credit scams out there it's the safest way. JMO of course As for the CJ email, I received it also.

[ToddCrawford]

The email is real and came from Commission Juntion. We send this type of email out each year around this time reminding everyone to update their information.

[zebrahost]

Todd:

Thanks for clarifying that. Perhaps next year you could make it look more like a CJ communication and less like a phishing expedition.

[Ron Bechdolt]

Although all the links looked correct I still logged in to CJ via my normal route to update my account information. I, too, thought it was spam. A better solution would be to have this information request at the log on page (or both).

Sadly, it is because of the dozens of emails I get a day to update accounts that I am so skeptical.

Thanks, Todd, for coming here and clarifying it. Much appreciated!

[Affiliateboss.com]

Glad we got this strait

[SuZee]

quote:

---

Originally posted by ToddCrawford, CJ.com:
The email is real and came from Commission Juntion. We send this type of email out each year around this time reminding everyone to update their information.

---

________________
Quotes:
"Seems to me this would have best been handled by a notice in the CJ Account Manager"
-------------------------------
"it had my info correct BUT a little pissed that they sent my personal info out via email"
-------------------------------
"CJ probably should have used another way to alert us that they need updated info
________________


TODD -- PLEASE -- Just Alert Us When We LOGIN.. Don't send personal information regarding our accounts via E-MAIL

[loxly]

Some people don't log in on a regular basis so wouldn't see a note at log in. Not all affiliates are like those of us that hang out here.