NY Times Sends 8 Million Customers False E-Mail

By Jeralyn, Section Media
Posted on Wed Dec 28, 2011 at 03:58:27 PM EST
Tags: (all tags)

Share This: Digg!

I got an e-mail this morning from the New York Times saying I had canceled my subscription and could renew at a discount. So did 8 million others in their database. Only, I didn't cancel anything. I tried calling the Times and the phone lines were busy (3 different ones.) I can't remember the last time I got a busy signal calling someone.

Turns out, it was a mistake. To make it worse, the Times first told people on Twitter the e-mail wasn't from them: [More...]

If you received an email today about canceling your NYT subscription, ignore it. It’s not from us.”

Really a stupid thing to write, given the Stratfor hack. The Times has now corrected itself, saying an employee sent it out by mistake, not a third company, and no one's security has been breached.

< Wednesday Afternoon Open Thread | Stratfor Offers Free Identity Protection Service to Members >

Legal

Nothing on this site should be construed as legal advice. TalkLeft does not give legal advice.

TalkLeft is not responsible for and often disagrees with material posted in the comments section. Read at your own risk.

NY Times Sends 8 Million Customers False E-Mail | 13 comments (13 topical)

Readers Must Login or Create an Account to Comment

Times E-Mail (5.00 / 2) (#1)
by cal1942 on Wed Dec 28, 2011 at 04:28:57 PM EST

I received the same e-mail - twice.

Me too. (5.00 / 1) (#2)
by christinep on Wed Dec 28, 2011 at 04:38:41 PM EST

: I'm feeling slighted (5.00 / 1) (#4)
by sj on Wed Dec 28, 2011 at 05:00:45 PM EST

I only got the incorrect e-mail once. Then I got a correction.

: Me three (none / 0) (#11)
by andgarden on Wed Dec 28, 2011 at 11:10:23 PM EST

Did not get one, nonsubscriber (5.00 / 2) (#13)
by BobTinKY on Thu Dec 29, 2011 at 07:46:30 AM EST

I take my free 20 articles per month. It's really helped me become a more discriminating reader. I have to give thought to whether or not to read the article, does it matter? who wrote it? etc.

I got (none / 0) (#5)
by lentinel on Wed Dec 28, 2011 at 05:09:27 PM EST

the same email.

Amusingly enough, I do not even have a subscription.

They're losing it.

Tangentially, I find their subscription policy for access to the online NYTimes.com to be totally insane.

The price is exorbitant and necessitates that you have all kinds of "apps" to justify the purchase. They won't just let you purchase online access for a reasonable fee.

They're out of their collective minds.

: I don't have a real subscription either (5.00 / 1) (#7)
by sj on Wed Dec 28, 2011 at 05:20:49 PM EST

But I signed up years ago for an on-line account, and even since they went with a subscription fee I have received a daily email with links to their top stories.

I received it also (none / 0) (#6)
by Edger on Wed Dec 28, 2011 at 05:19:19 PM EST

and received their "correction" email, even though I have never had a subscription.

I do have a user account on their site for commenting though, so I guess the email went to their entire user list.

Normally when they send emails to their users/subscribers, they send them from the nytimes.com domain - their main domain.

If you do a password change request you will get an email from nytimes.com.

This email this morning, and their correction email, were sent from nytimes@email.newyorktimes.com which is a domain they also own - which redirects to nytimes.com - but don't generally use for emailing, as far as I know.

That caught my eye, too, and (5.00 / 1) (#8)
by Anne on Wed Dec 28, 2011 at 08:23:08 PM EST

I wondered if it was in the same category with all the e-mails we've been getting from the IRS, warning that the payment we recently made had been rejected, the FDIC, warning about something or other, and various banks and retailers about our rejected ACH transactions...all looking completely legitimate.

Since I don't have a subscription, I just deleted it without ever clicking on it; when the "oops" e-mail came, I deleted that, too.

Can't be too careful.


There is lots of (none / 0) (#9)
by Edger on Wed Dec 28, 2011 at 08:37:48 PM EST

very legitimate looking spam - more and more the past few months.

As far as I'm aware you will never receive anything legitimate from ACH about "rejected" or "cancelled" transactions.

Here is the NACHA Press Release about ACH spam.

Further to previous notices since February 2011, NACHA has been the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving emails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication. Perpetrators are sending these fraudulent messages to email addresses globally.
These fraudulent emails typically make reference to an ACH transfer, payment, or transaction and contain a link or attachment that infects the computer with malicious code when clicked on by the email recipient. The source addresses and contents of these fraudulent emails vary -- with more recent examples purporting to come from actual NACHA employees and/or departments -- and often including a counterfeit NACHA logo and the citation of NACHA's physical mailing address and telephone number.
NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.
Caution your customers not to open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom they do not normally communicate, or that appear to be known but are suspicious or otherwise unusual. Direct them to forward suspected fraudulent emails appearing to come from NACHA to abuse@nacha.org to aid in our efforts with security experts and law enforcement officials to pursue the perpetrators.
more...

: The IT department at my firm does (none / 0) (#14)
by Anne on Thu Dec 29, 2011 at 10:45:08 AM EST

an excellent job of warning us about these legitimate-looking e-mails that somehow manage to slip through our filtering system - I then forward the warnings/alerts to friends and family who might not have the benefit of an IT department to keep them up-to-speed.
It's insidious.

I'm relieved (none / 0) (#10)
by desmoinesdem on Wed Dec 28, 2011 at 08:49:38 PM EST

to know an employee screwed up. I thought it was a hacker after I saw the "not from us" tweet.

: there is a hacker now taking credit (none / 0) (#12)
by Jeralyn on Thu Dec 29, 2011 at 02:04:12 AM EST

but no way to tell if he really did it.