Website Security Issue

  • pkroberts's Avatar
    Level 1
    I was transferred to EonNext after Igloo folded. I have received several emails, purporting to be from Eon Next, inviting me to set up an online account and to set up a direct debit. However, the links contained in these emails throw up security alerts along the lines of 'One or more of this website's certificates are invalid, so we can't guarantee its authenticity.' I have tried this with a couple of different browsers with the same result, so am unsure whether the original emails are actually from Eon or are a scam. I'm certainly not handing over any details until I'm certain. The problem is that I'm unable to contact anyone at Eon - no reply to emails and phone lines un-answered. Any thoughts or advice on how to solve this?
    Thanks in advance.
  • 9 Replies

  • Best Answer

    Beki's Avatar
    Best Answer
    @pkroberts Hey there, thanks for posting on the Community - would you be able to share images of the errors (excluding personal information of course) as I would to share this with the tech team!
    Sending positive energy to you,
    Beki - Digi Ops Team Leader & Sustainability Enthusiast

    Everything & everyone powered by sustainable energy. 🌍
  • Best Answer

    theunknowntech's Avatar
    Level 80
    Best Answer
    The screenshots would likely just be the usual ones that Kaspersky generates when it blocks something using the web protection component for any reason, so there's not much you could glean from them. Likewise, if Bitdefender was to trigger a detection on the same domains with its own web protection component, you'd get the Bitdefender block page.

    It's quite common for email campaigns to use a different domain to the main website that the campaign relates to, primarily for click tracking and list management purposes. It sounds to me as if the domain that's causing the issue is the one that's only encountered via such a campaign.

    What you'll probably want to look for instead, is the logs generated by Kaspersky itself, as that will have the full details on. Here's an example of such a log entry in Bitdefender. I've blocked out the URL as it was for an unrelated website that really is malicious. I will not reveal the domain in question for your safety.

    Name:  Screenshot 2021-11-28 195934.png
Views: 4442
Size:  84.0 KB
    Just another guy passing by... The unknown tech way...
    Pete is an IHD Tariff Update Robot! 🤖 Anasa is a Giant Enemy Robot Spider 🕷 🤖 Hannah is neither! Need Customer service? click here! Replacement IHD Guide? Here it is!
  • theunknowntech's Avatar
    Level 80
    To me, this sounds like a server side issue that would have to be fixed by E.On. There's not much you can do to resolve this one yourself.

    By what you've described, it sounds like a bad TLS Certificate somewhere in the chain is triggering a detection in the web protection component of Kaspersky - which is definitely correct for Kaspersky to do if the certificate in question really is invalid (I have no reason to doubt such a detection). Bitdefender would do the same for me if it was faced with the same situation. I'd recommend leaving it turned on as you'd encounter the same error even with Kaspersky disabled (the warnings would just come from a different source).

    I'm with another supplier, so I'd have no way to test this out myself. However, Qualys SSL Labs does report that the E.On Next website is allowing connections over TLS 1.1 which is insecure and should really be disabled anyway as it's a dead protocol - TLS 1.2 (or even better) TLS 1.3 is where it's at these days.

    My guess is that there's probably a domain used to track clicks as part of the email campaigns which is setting off these warnings. If it were me, that's where I'd start to investigate first.
  • pkroberts's Avatar
    Level 1
    OK - for the benefit of anyone else who is having this problem, I'll answer my own question. DON'T use the links in the emails; instead, go to the main website and do a password reset. This bypasses the apparent security problem.
  • pkroberts's Avatar
    Level 1
    @beki

    After clicking the email link inviting me to set up a direct debit, here is a screen-shot of the message I see when using Firefox/Kaspersky

    Name:  eon 3.JPG
Views: 4375
Size:  43.3 KB
    and here is the message using the same link in Brave

    Name:  eon 4a.jpg
Views: 4316
Size:  31.8 KB
  • theunknowntech's Avatar
    Level 80
    Yeah. As I suspected. This is clearly not an issue with Kaspersky, especially if Brave is also blocking you. In actual fact, those error messages precisely point to the culprit. Admittedly, Bitdefender is a bit more helpful in the error message, but either way, those two are good enough for me.

    The short version is that the TLS Certificate being used on the server doesn't include the domain you're being sent to via that email campaign. Easiest fix? Using something like Let's Encrypt to regenerate the TLS Certificate via Certbot and throw that new cert onto the server in place of the broken one. Usually only takes me 90 seconds to do for my own sites! XD
  • pkroberts's Avatar
    Level 1
    @theunknowntech I think the easiest fix would be for EONs web team to sort it ......😏