Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Email allegedly from FamilySearch

6 views
Skip to first unread message

Ian Goddard

unread,
May 13, 2023, 10:12:01 AM5/13/23
to
Has anyone else received an email allegedly from Familysearch
congratulating them on being promoted to Level1?

knuttle

unread,
May 13, 2023, 10:57:51 AM5/13/23
to
On 5/13/2023 10:10 AM, Ian Goddard wrote:
> Has anyone else received an email allegedly from Familysearch
> congratulating them on being promoted to Level1?
>
NOT IN OVER ELEVEN YEARS OF USING FAMILY SEARCH

Frank L. Thiel

unread,
May 13, 2023, 4:39:30 PM5/13/23
to
I have been getting messages from FamilySearch for years, and have never
received one like that.

Denis Beauregard

unread,
May 13, 2023, 6:33:20 PM5/13/23
to
On Sat, 13 May 2023 15:10:02 +0100, Ian Goddard
<ian...@austonley.org.uk> wrote in soc.genealogy.computing:

>Has anyone else received an email allegedly from Familysearch
>congratulating them on being promoted to Level1?

Any idea about what would mean "Level 1" ? Sounds like malware.


Denis

--
Denis Beauregard - généalogiste émérite (FQSG)
Les Français d'Amérique du Nord - http://www.francogene.com/gfan/gfan/998/
French in North America before 1722 - http://www.francogene.com/gfna/gfna/998/
Sur cédérom/DVD/USB à 1790 - On CD-ROM/DVD/USB to 1790

knuttle

unread,
May 13, 2023, 9:17:39 PM5/13/23
to
On 5/13/2023 6:32 PM, Denis Beauregard wrote:
> On Sat, 13 May 2023 15:10:02 +0100, Ian Goddard
> <ian...@austonley.org.uk> wrote in soc.genealogy.computing:
>
>> Has anyone else received an email allegedly from Familysearch
>> congratulating them on being promoted to Level1?
>
> Any idea about what would mean "Level 1" ? Sounds like malware.
>
>
> Denis
>
I suspect that if you answered that email, you would get a "Level 1" rip
off. And if you cooperate, they could take you for much more.

Ian Goddard

unread,
May 14, 2023, 5:07:47 AM5/14/23
to
Return address is noreply at familysearch. The links in the email look
like a subdomain of familysearch unless there's one of these look-alike
alphabets in use. It's not impossible, of course, that someone has
managed to get at their DNS and create their own subdomain. I'll tru
pinging that to see if there are any clues. The outbound address looks
like the sort of 3rd party -spammer- mailing house that marketing
departments use.

Searching for the text online indicates that others have received them
as well bu no explanation on a look.

The address isn't this one but it is one I might have used with them in
the past and have used here in the past from which it's been harvested

I've emailed FS support so I'll see what they say. If someone has set
up a rogue subdomain they should be able to deal with it. If this is
marketing stupidity the email tells them it's irresponsible.

Denis Beauregard

unread,
May 14, 2023, 9:55:15 PM5/14/23
to
On Sun, 14 May 2023 10:06:25 +0100, Ian Goddard
<ian...@austonley.org.uk> wrote in soc.genealogy.computing:

>Searching for the text online indicates that others have received them
>as well bu no explanation on a look.

Perhaps this ?


https://community.familysearch.org/en/discussion/145181/what-does-notification-promoted-to-level-1-mean

This sounds like a mistake when testing some new feature !

Ian Goddard

unread,
May 15, 2023, 5:54:46 AM5/15/23
to
Denis Beauregard wrote:
> On Sun, 14 May 2023 10:06:25 +0100, Ian Goddard
> <ian...@austonley.org.uk> wrote in soc.genealogy.computing:
>
>> Searching for the text online indicates that others have received them
>> as well bu no explanation on a look.
>
> Perhaps this ?
>
>
> https://community.familysearch.org/en/discussion/145181/what-does-notification-promoted-to-level-1-mean
>
> This sounds like a mistake when testing some new feature !


Yes but it doesn't say much apart from the fact that there are a lot of
people out there who will click on links in an unsolicited email and
even try to log in when those links offer a login page.

FWIW I took a look via a dumb text-only browser but certainly didn't try
to log in. The IP address in the links isn't the same as the normal
familysearch.org but it's Cloudflare's so that leads nowhere.

What's missing so far is an explanation/apology from familysearch. Not
even a response to my support message nor anything on the main sit's
front page.

As you say, it looks like a mistake. About the only thing that tells us
is that the familysearch is about as clueless at sending emails as some
of the recipients are about responding to them.

Ian

knuttle

unread,
May 15, 2023, 6:49:03 AM5/15/23
to
If every company responded when someone sent an email under their name
they would be have to have a permanent staff to handle the volume

I don't know how many times have received email and phone calls that
were masquerade as someone or something else.

While Ideally we should eliminate it, it is like chuck holes in the
street you drive on, something to watch out for and avoid.

Ian Goddard

unread,
May 15, 2023, 7:48:30 AM5/15/23
to
knuttle wrote:
> If every company responded when someone sent an email under their name
> they would be have to have a permanent staff to handle the volume

If a company sends me an email expecting me to read it they should be
prepared to receive andy reply I might send. That's just good manners.
If that would place too great a strain on them it tells them one thing:
their email isn't really that important so they shouldn't send it.

I suspect that all too often the reason they won't look at replies is
that the feedback they'd get about their spam would be too upsetting for
the precious little marketroids who'd have to read it.

In any case, it was a support email I queried it with, not the noreply
that sent it. I expect support desks to respond - it's their job.

Ian Goddard

unread,
May 15, 2023, 8:00:32 AM5/15/23
to
Ian Goddard wrote:

Oops, sent early instead of minimised.

> knuttle wrote:
>> If every company responded when someone sent an email under their name
>> they would be have to have a permanent staff to handle the volume
>
> If a company sends me an email expecting me to read it they should be
> prepared to receive andy reply I might send.  That's just good manners.
> If that would place too great a strain on them it tells them one thing:
> their email isn't really that important so they shouldn't send it.
>
> I suspect that all too often the reason they won't look at replies is
> that the feedback they'd get about their spam would be too upsetting for
> the precious little marketroids who'd have to read it.
>
> In any case, it was a support email I queried it with, not the noreply
> that sent it.  I expect support desks to respond - it's their job.
>
>> I don't know how many times have received email and phone calls that
>> were masquerade as someone or something else.

Exactly. So anyone - even familysearch.org users should be extremely
careful of such and not respond to them. In my case any unsolicited
email like that gets either dumped or handled with metaphorical tongs
and asbestos gloves. Some of those responding to the thread were
clearly oblivious to the dangers.

No responsible organisation should send out such emails. When they do
it tells me one thing about the individual or team responsible: they see
nothing wrong with the possibility that their recipients could respond
and that they are, therefore, would see nothing wrong in responding to
similar unsolicited messages asking then to click on a link. Such
people are a danger to the businesses or organisations for which they
work. Th ransomware thieves depend on them.


>> While Ideally we should eliminate it, it is like chuck holes in the
>> street you drive on, something to watch out for and avoid.

Any organisation needs to train its staff in use of email and treat
errors as disciplinary matters.

There have been a number of cases where bulk emails have been sent out
CC rather than BCC in situations (e.g. STI clinics) where even the
identities of other recipients should have been regarded as
confidential. There have been cases where confidential information has
been sent to the wrong person or even a mailing list. It's not a cse of
ideally we should eliminate it. Such mistakes can represent a serious
threat to the organisation that makes them and sometimes to their customers.




Enno Borgsteede

unread,
May 15, 2023, 8:33:32 AM5/15/23
to
Op 15-05-2023 om 03:53 schreef Denis Beauregard:
> On Sun, 14 May 2023 10:06:25 +0100, Ian Goddard
> <ian...@austonley.org.uk> wrote in soc.genealogy.computing:
>
>> Searching for the text online indicates that others have received them
>> as well bu no explanation on a look.
>
> Perhaps this ?
>
>
> https://community.familysearch.org/en/discussion/145181/what-does-notification-promoted-to-level-1-mean
>
> This sounds like a mistake when testing some new feature !

I don't think so. I followed the link to the beta community, and signed
in with my existing FamilySearch account. I did that, because I felt
safe enough to do so, because it looked like a legitimate page in the
FamilySearch domain, and it logged me in in the usual way, using the
standard FS authentication.

Anyway, when I did that, I was immediately promoted to level 1, which
probably just meant that I am a member now. That's all there is to it,
in my mind.

Regards,

Enno

Ian Goddard

unread,
May 16, 2023, 7:18:05 AM5/16/23
to
Enno Borgsteede wrote:
> Op 15-05-2023 om 03:53 schreef Denis Beauregard:
>> On Sun, 14 May 2023 10:06:25 +0100, Ian Goddard
>> <ian...@austonley.org.uk> wrote in soc.genealogy.computing:
>>
>>> Searching for the text online indicates that others have received them
>>> as well bu no explanation on a look.
>>
>> Perhaps this ?
>>
>>
>> https://community.familysearch.org/en/discussion/145181/what-does-notification-promoted-to-level-1-mean
>>
>>
>> This sounds like a mistake when testing some new feature !
>
> I don't think so.

It was. familysearch.org have confirmed that to me:

"Last week we changed one of the settings in the Beta Community, which
is a testing site that we use before anything gets launched here in this
Community. That change triggered a mass email that we did not know was
going to be sent. We are still exploring why the email was sent and who
got it. We are so sorry for the confusion.

Please disregard these emails or any others that direct you to the Beta
Community."


I followed the link to the beta community, and signed
> in with my existing FamilySearch account. I did that, because I felt
> safe enough to do so, because it looked like a legitimate page in the
> FamilySearch domain,

Thousands of people have done similar things because they felt safe
because it looked like a legitimate page in a legitimate domain.

You were lucky this time. It was a legitimate domain, only the email
was an error.

What has happened is that familysearch.org have now trained you to be
accepting of emails which look as if they've come from a trusted source
and to click on and log into what looks like a trusted site. And next
time you do that it might be a scammer. You might get your bank account
emptied. If you do that on a work computer your company might get taken
down with ransomware.

This time you were lucky. Next time you might not be. I repeat, this
time you were lucky. Please don't push your luck.

Ian

Martin Brown

unread,
May 22, 2023, 4:47:36 PM5/22/23
to
Unfortunately big organisations that should know *MUCH* better do this
sort of thing all the time. I got one this morning which I believe to be
genuine from the Charities Commission that was indistinguishable from a
sophisticated spear phishing attack (and may yet prove to be one).

It was titled "Setting up your Charity Commission Account" and tells me
that I will have to follow a magic link that they will send me shortly
in a later email to verify my credentials. The phone number given for
support is the genuine one from their own website...

Injection was via a probably government Amazon hosted mail server.

WTF they can't port the existing credentials over to the new system I
don't know. I expect it is an IT problem of pay peanuts get monkeys.

I have complained to them about just how stupid this is as an SOP but I
don't honestly expect much if anything by way of a reply :(

--
Martin Brown

Steve Hayes

unread,
Jun 15, 2023, 1:53:06 AM6/15/23
to
On Mon, 15 May 2023 10:53:17 +0100, Ian Goddard
<ian...@austonley.org.uk> wrote:

>Yes but it doesn't say much apart from the fact that there are a lot of
>people out there who will click on links in an unsolicited email and
>even try to log in when those links offer a login page.

I sometimes do that. They are usually phishing attempts, sent from an
obviously fake address, and if they ask me to log in I do so with a
fake user name and password, so they can waste a bit of their time
too.


--
Steve Hayes
Web: http://hayesgreene.wordpress.com/
http://hayesgreene.blogspot.com
http://groups.yahoo.com/group/afgen/

0 new messages