cancel
Showing results for 
Search instead for 
Did you mean: 

Bad security practice

GonzoYolo
I'm a Participant Level 2
I'm a Participant Level 2

Asking to visit fido.ly domain by SMS is BAD security practice NO fido NO!

Came here just to say that.

10 REPLIES 10

fififidododo
I'm a Participant Level 1
I'm a Participant Level 1

I 100% agree with OP. I screenshot the message to show my friend how elaborate scammers are today, and then deleted the SMS. It's horrible practice for a scam aware user.

Pierre42
I'm a Participant Level 1
I'm a Participant Level 1

I didn't click the fido.ly link, I'm not sure if it's really from fido. If they want me to click on things, it has to come from fido.ca. I agree, this is a TERRIBLE practice from fido to send offers using some URL that we have no way of trusting. Anyone who clicks on these URLs fails security practices against smishing... Bad fido for sending URLs like that, there is no reason why you can't send a shortened URL from fido.ca so that we know it's legit. I'm certainly not going to encourage bad practices by clicking on links. OR: having to google to see who owns fido.ly to make sure it's legit. It's just a bad experience all around, stop doing that.

Hello @Pierre42,

 

Welcone to the community!

 

We understand your concern regarding these links though they would be safe if they are sent by us. We tend to use fido.ly links as some of our links can be quite long and this helps with keeping our texts short and simple. 



BobC83
I'm Helpful Level 1
I'm Helpful Level 1

I'm curious how "fido.ly" is shorter than "fido.ca" I mean, yes, the domain should be predictable. What's to stop me from getting a fido.mx or fido.tv or fido.org domain and phishing for account numbers that way?

Hello,

 

  You're right, Fido.ly is not shorter than Fido.ca. However, they might not wish to merely direct people to the Fido.ca. Rather they use Fido's custom Bitly domain. If you weren't aware, Bitly is an URL shortening service. Fido can use the service to shorten links such as https://forums.fido.ca/t5/General-Support/Bad-security-practice/m-p/198862/highlight/true#M70964 (link to your post) to Fido.ly. The actual link would be too long to include in a text message. So Fido.ly would be much shorter than the actual URL.

 

Cheers

 


MarcOlivier
I'm a Participant Level 1
I'm a Participant Level 1

Ok, I think I get it now. 

However I think @GonzoYolo is right regarding the fact that it's confusing for people that are not familiar with the concept and it goes against everything we hear about to prevent fraud. 

 

Im a computer engineer myself and i actually worked for Fido for 5 years a while ago. My friends have the habit of contacting me when they have questions and I can tell you I already told 3 persons to quickly delete the sms they got with the Fido.ly link because it was fraud. 

 

Maybe you can report that to your marketing people to prevent bigger long term communication issues with their clients. #justsaying

Cawtau
Senior MVP Senior MVP
Senior MVP

Hello GonzoYolo,

 

  Welcome to the community!

 

  I'm not sure Fido is using that as their domain per se. I'm guessing they are using a custom URL shortener service like Bitly. I understand a Fido URL might not be that long, but those services also offer businesses analytic metrics. If they are using Bitly, you should be able to preview the link by adding a plus sign to the end of the shortened link (see here).

 

Hope this helps 😀

 

Cheers

 


GonzoYolo
I'm a Participant Level 2
I'm a Participant Level 2

I know there might be a technical (or marketing most likely) reason for them to have done it. I work in the IT/webdev industry and I started this thread to criticise what I saw. I'm not really looking for an answer here, just pointing out the problem and hope someone from the company pays attention to it. Fido needs to be educating users about security practices not doing the contrary.

mikeyjpas
I'm a Contributor Level 2
I'm a Contributor Level 2

Did that actually come from Fido? I receive many many many SMS from fraudulent numbers asking to click on various links that look similar to fido but not fido

GonzoYolo
I'm a Participant Level 2
I'm a Participant Level 2

Yes, actual promotional SMS coming from their usual promotional channel number. Didn't visit the link from the SMS, obviously. But upon logging onto their website I received the same promotion as a popup message. Actually signed up for it. But the whole incident made me think BAD FIDO.