Is Roku trying to phish Richard Samuels? And if not, why is it giving him the silent treatment? Let’s find out.
Question
I recently received an email from Roku thanking me for creating a new account. There’s just one problem: I have no Roku products. I asked the company when and how the account was created, but it refused to provide the information. I’m concerned this is a possible case of identity theft.
Can you help me find the right person at Roku? I’d like to reach someone who can tell me how this account was created and remove all of my information from their database. — Richard Samuels, Portland, Ore.
Answer
I would have been a little worried, too. The email, which talks about “planned maintenance,” is riddled with grammatical errors and, on first blush, looks like a clumsy phishing attempt. The fact that Roku didn’t respond to any of your queries seems to support the conclusion that the email was a fake.
Of course, Roku should have responded to your inquiries to let you know if this was legit or not. I’m not sure why it didn’t. Sometimes, call centers can get overwhelmed with inquiries, and that may be what happened. But it’s no excuse.
Did you ever have a Roku device?
While you might not currently have Roku’s digital media player, I asked you to think back. Have you ever owned one of its devices? And indeed, it turns out you had — back in 2011. I used to own one, too, but had forgotten about it until I reviewed your case. With so many gadgets in our lives, it’s hard to keep track of all of them.
So this wasn’t identity theft. Roku made a legitimate update that only looked like an amateurish phishing scheme.
Wow.
I publish the names, numbers and email addresses of Roku’s executives on my consumer advocacy site. You could have used those to hold the company’s feet to the fire. I contacted Roku on your behalf, too, but also got the silent treatment.
In the end, you figured out that your identity was safe, the maintenance issue was real and that Roku staff needs to take some remedial English lessons. Good to know.
Meh; I would have ignored it. I’m [email protected], and I get subscribed to mailing lists, websites, etc. accidentally all the time. Phishing, a mistake, something I don’t care about any more, whatever… I just send it to my Google spam folder and ignore it; it doesn’t hurt anything.
Yea that’s not a good idea. “Hackers” these days use build up a profile of you by gathering information from small inconsequential sites to impersonate you to the bigger more important sites you have accounts with.
Want to read a cautionary tale about how companies you trust with your info just hand it out to people pretending to be you? It’s a long but worthwhile read: https://medium.com/@N/how-i-lost-my-50-000-twitter-username-24eb09e026dd
What information can be gathered from an account that’s not mine to begin with?
I have a Roku (Several of them) and I have never gotten “planned” maintenance email from them, There have been a few times where some parts of there backend is down, But they never do a notification.
The device check each 24 hours for firmware & software updates. When it been on the home screen for a few hours of inactivity. Most updates do not need a re-boot. Some do, But it does it when It the device is in inactive/sleep mode, and takes only a 2 or 3 minutes.
I get updates and notices of changes quite a lot, about accounts that I may or may not have with companies that I may or may not deal with. I always forward them to “[email protected] I usually get the canned response that they take these notices seriously, they always investigate them and they will notify me whether I need to do anything special. If it looks legit, I’ll go to the company’s website to see whether there are any special notices.
How did the OP contact Roku? Did he click thru the email? That can be cyber suicide.
If they did, that could be why “Roku” did not answer. 🙂
I just take communications I receive that contain grammatical errors, punctuation mistakes, or just look amateurish, and immediately send them into the Trash. Of course, the list of items I actually read keeps getting shorter and shorter….
There are a few simple rules to keep yourself safe. Not that you can do it 100% but you can at least try.
1. Never click on a link in an email – always type in the address of the company in the browser yourself.
2. Never, Never , give personal information to someone who called you. Tell them you will call them and use the number from the company’s website or back of credit card etc.
3. Use two factor authentication if offered by the vendor. Most vendors offer it.
4. Make passwords difficult to guess and a separate password for each account.
5. Check your bank/brokerage/401K accounts regularly.
6. Never never use a debit card. You don’t hang protection from the bank.
7. Assume everyone out there is trying to steal from you. Unfortunately this were we are.
These just common sense rules I have learned over the last year thanks to Target, Equifax, Yahoo and host of other companies that have done a miserable job of protecting my data to line the pockets of their CEO’s. We live in a country where none of these CEO’s went to jail.