Is a “Welcome to Disney” email a phishing scam? Anyone knows about this?

Topic

New Reply

This morning, when I had a look at my mail, I found  there a very well-presented email welcoming me as a new subscriber to Disney and, therefore, entitled to use its various services, including streaming movies, buying movie tie-in toys and knickknacks, etc., etc.

The letter said “do not respond to this address, as it is not monitored.” Nice. It also included a couple of URL links to click on to get “more information.” After giving this some thought, I trashed it. There was no “Unsubscribe” link.

I have never started a subscription to Disney as such. I have been subscribing for quite some time to “National Geographic”, that is now owned by Disney. But if that is the reason for this email, it has taking Disney a really long time to realize that I have “just” become a denizen of one of its many domains.

So: has anyone here received an email like this one recently?
Is there something more known about it?

I tried to find out by searching the Web, but got nowhere doing that.

The reason for my concern is that the email looked every bit as a legitimate one that a company like Disney would send its subscribers: well composed page, no bad English syntax or spelling, no  strange wording, etc.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Replies

I wouldn’t worry about it Oscar. If you don’t want it Junk it. I’ve received an email or two saying thanks for subscribing and I just throw it to the junk pile and forget about it. GMAIL in general does a pretty good job recognizing spam/junk. Once in awhile one or two make their way through.

MacOS iPadOS and sometimes SOS

1 user thanked author for this post.

OscarCP

Reply | Quote

It’s scam and dangerous to follow up.

* _ ... _ *

2 users thanked author for this post.

Steve, OscarCP

Reply | Quote

Two candidates:

One. The link for “unsubscribe” will be to the scammer. Everything else will be “clean”.
Two: I suspect that someone has signed up to Disney with an incorrectly spelled address – which is yours. There isn’t much you can do about that because of “Data Protection”.
Several years ago, a woman signed up to Vodafone UK using my email address. She changes her phone every 2 years and Vodafone sends me all the details. Type, contract, charges, delivery address, time and date of delivery.

Vodafone UK has ignored me claiming “Data Protection”.

I would have to drive some 1000 miles to “claim” the new phone and I am sorely tempted…

Reply | Quote

Anonymous #2441728 : That “Data protection” claim by Vodafone seems like a contradiction in terms, given that you are getting all those details about this woman’s deal from them every time she replaces her phone with a new one. I wonder if she is getting anything at all from them as well, or if all she should be getting is being sent to you instead.

As to that “unsubscribe” link in my “Disney” email : as I explained in my comment, there was no “unsubscribe” link in the suspect email.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Some time ago I started getting mail from Disney+ even though I never signed up for their service. Since I never click on links in email messages I went to Disney’s site to see how to remove my email address. Ironically, at that time the only way to accomplish this was to create an account with them. That’s a non-starter for me so their mail just goes to the bit-bucket upon arrival.

It’s unfortunate that there is no requirement that recipient email addresses must be confirmed by the recipient before being used in mailing programs. Although a reputable site could correct their mailing lists due to such a requirement its likely that it would have no deterrent effect on spammers.

1 user thanked author for this post.

OscarCP

Reply | Quote

Reminds me of a time that a Playstation account was created by entering my email address from a Playstation console hundreds of miles away from where I lived – a place I’ve never been to. I jumped through all kinds of hoops to make sure my email account wasn’t compromised, and gain control of the PS account to confirm it didn’t have my CC or personal information (it didn’t have any CC and the info was obviously fake).

Eventually, customer service deleted the account. But it was difficult to get them to do so. I suspect they didn’t care at all about who the owner of the email address was, and they only agreed to delete the account because it hadn’t yet spent any money.

2 users thanked author for this post.

OscarCP, Steve

Reply | Quote

SB9K: Thanks for the story of your problem. Yes, this email I got from Disney might be a real one from Disney, not sent with bad intentions but the result of a mistake on their part. So, if they are bad at fixing this, I am stuck with getting emails from them (I hope with “unsubscribe” buttons in at least some them), until they start asking me to pay my subscription dues. And if and when it comes to that, that will certainly be an interesting day.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Well, if it is a real account registered to your email, I think you could do basically the same thing I did to eventually delete the account. Just don’t start with or ever use any of the links in the email.

“Nuke the entire site from orbit – it’s the only way to be sure.”

Reply | Quote

SB9K:

I did get in touch with the Disney Help Web Page and there I had a chat with an agent. He reassured me that no account to my name is open there, so no collection agency is going to come after me demanding that pay my overdue subscription, or else.

So this might be the end of the story.

If I get any further “Disney” emails like the one yesterday, the one I started this thread about, I’ll regard them as new attempts at phishing, and I’ll junk them. I hope this does not keep going and going, as that would be tedious.

Thank you for your suggestion: it seems to have worked.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Have you checked with https://haveibeenpwned.com/ regarding your email address ?

Reply | Quote

? says:

do you hover over the From:? if you get these on your AOL it is easy to tell if it is spam or legit. i still carry over 2500 spams a month on AOL. they delete 300 to 500 per month from the total in the spam bucket but never block\delete everything. lately 4 to 6 of the spam emails are placed in the inbox every two weeks or so as i usually check it on the 1st and 15th of the month. maybe Elon will buy AOL and use his magic anti spam algorithm…

https://www.npr.org/2022/04/25/1094671225/elon-musk-bought-twitter-plans

Reply | Quote

I’ve been the recent recipient of a phishing campaign that uses random harvested newsletters from real businesses but the links are changed to possible malware downloads, so good on you for being cautious!

1 user thanked author for this post.

OscarCP

Reply | Quote

Anonymous: ” I’ve been the recent recipient of a phishing campaign that uses random harvested newsletters from real businesses ”

I think this is an important observation that could explain why the email I received looked so convincingly genuine: it could well have been a “kidnapped” legitimate Disney email with the links in it possibly kept looking as they originally were, but replaced underneath with actual links to unhealthy places.

An important observation and a warning to all of us to be distrustful of unsolicited emails that look OK, but convey unexpected or, as in this case, inappropriate messages.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

It doesn’t take much to become the unwilling recipient of email from mailing lists, even if the mail comes from a bona fide sender.  I have had my email address for a long time.  Since the address was already assigned by my ISP a woman (uses same ISP) who wanted to use that address but could not decided to add a 1 digit suffix.  Different enough to satisfy the ISP but I now receive all kinds of mail that should go to her because the address used by her mailing lists omit the 1 digit suffix.  I sent her a message to advise of the misdirected mail but no response was ever received and the spam continues.  Junk mail filter to the rescue!

1 user thanked author for this post.

OscarCP

Reply | Quote

EricB: That is another way one could get someone else’s mail. Something similar happened to me once, years ago, but with my telephone number, who, as usual, had belonged to others before I got it. It was also resolved by the callers getting tired of hearing me, after numerous attempts on my part to convince the mistaken callers of their error (actually a whole family that thought I was their errant son and brother), they started to get my choosiest expletives before I hanged up on them. Eventually, they had enough and gave up. I hope they found their missing relative.

Now, the “Disney” email was addressed to me.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Sounds “phishy”to me. I am a Disney+ subscriber, and have never received an email like that from them.

Windows 10 Pro 22H2

1 user thanked author for this post.

OscarCP

Reply | Quote