Weird Email issue! What do you think?

[Bram]

I got an email that was....... From: Our Bank. Subject: Our Banks New Budget Tool. However, the body of the email was a message from Express Scripts that it was time to refill script #***1234, with 3 refills left, click button to refill now.
I went to ES website & checked & yes we do have an Rx with #...1234, but there are only 2 refills left & it isn't due for refill until May.

I contacted both Our Bank & Express Scripts about the email & they're checking into it. Neither asked me to forward the email. The credit card we use for ES is not one from Our Bank.

I spoke to my son & he thought I should forward the email to IDTheft@Our Bank. com.

I originally opened the email on my iPad. When I used the iPad planning to forward the email, the forwarded message showed up as it was From Express Scripts and Subject: Time to Refill Your Order, same message about refill. Nothing at all that looked like Our Bank was involved in the email.

I went to the laptop to use it, instead, to forward the email to IDTheft. Lo & Behold! The entire email (From, Subject, & Message) on the laptop looks as if it is from Our Bank!!

I changed all the passwords for Our Bank, ExpressScripts, & my yahoo mail.
I am quite baffled by this. I now hesitate to forward the email to Our Bank's IDTheft...lest they think I've slipped off the edge.

Any ideas on this?

 

[ziggy29]

If you are sure that what looks like a phishing scam was actually legit, I'd report it anyway. They should be doing a better job of making their email communications look legitimate. If enough people report it, maybe they will get the hint.

Usually when an email has a link in it, you can hover over the link (WITHOUT CLICKING!!!) and it will show you the full URL. If it's a phishing scam, it will go to a bad domain, sometimes made to look "close" to the real thing (i.e. Mac-donnalds.com for McDonald's). If it looks like a valid domain, I'd still log directly into the web site. If the email is legit, you will usually be able to see what they are talking about.

The real takeaway, IMO, is to never click on a link in an email unless you are 110% sure it is from a trusted source. And even then... I'd prefer to go directly to the web site.

 

[GrayHare]

A single email can contain messages in both text and HTML formats. Depending on what application you use to view the email, and the settings you choose in that application. you'll typically see one or the other, i.e. either the text version or the HTML version. In this case, the text and HTML version did not express the same information, and that in itself is suspicious.

 

[cathy63]

This is a bug in the iPad mail program and/or Yahoo Mail.

The iPad downloaded the email from Yahoo using the imap protocol and it mixed up the ID of the new message from your bank with the old message from Express Scripts. (You say you now have 2 refills left on that prescription, so I deduce that you have an old email from just before your last refill telling you that there are 3 refills left.) When you opened the email, you saw the subject line from the new message and the body from the old message. Either Yahoo transmitted bad data or the iPad software made an error when loading the data and the end result is that two messages got conflated.

When you went to the PC, you probably logged into Yahoo Mail directly from your browser rather than by downloading the email into a mail program such as MS Windows Mail or Outlook. When looking at the message directly on the Yahoo Mail website, you saw the correct version of the message from your bank telling you that they have a new budgeting tool.

I don't see any attempt at identity theft or anything nefarious here. It just seems like a simple software error. The fix is to delete your Yahoo account from the iPad, reboot the iPad, then add the Yahoo account back.

 

[EarlyBirdly]

^^^ Yup. That.^^^

 

[Bram]

Thank you very much for the responses.
Cathy I think what you’ve written makes a lot of sense.