I was transferred to EonNext after Igloo folded. I have received several emails, purporting to be from Eon Next, inviting me to set up an online account and to set up a direct debit. However, the links contained in these emails throw up security alerts along the lines of 'One or more of this website's certificates are invalid, so we can't guarantee its authenticity.' I have tried this with a couple of different browsers with the same result, so am unsure whether the original emails are actually from Eon or are a scam. I'm certainly not handing over any details until I'm certain. The problem is that I'm unable to contact anyone at Eon - no reply to emails and phone lines un-answered. Any thoughts or advice on how to solve this?
Thanks in advance.
@pkroberts Hey there, thanks for posting on the Community - would you be able to share images of the errors (excluding personal information of course) as I would to share this with the tech team!
Sending positive energy to you,
Beki - Digi Ops Team Leader & Sustainability Enthusiast
Everything & everyone powered by sustainable energy. 🌍
The screenshots would likely just be the usual ones that Kaspersky generates when it blocks something using the web protection component for any reason, so there's not much you could glean from them. Likewise, if Bitdefender was to trigger a detection on the same domains with its own web protection component, you'd get the Bitdefender block page.
It's quite common for email campaigns to use a different domain to the main website that the campaign relates to, primarily for click tracking and list management purposes. It sounds to me as if the domain that's causing the issue is the one that's only encountered via such a campaign.
What you'll probably want to look for instead, is the logs generated by Kaspersky itself, as that will have the full details on. Here's an example of such a log entry in Bitdefender. I've blocked out the URL as it was for an unrelated website that really is malicious. I will not reveal the domain in question for your safety.
Just another guy passing by... The unknown tech way...
Pete is an IHD Tariff Update Robot! 🤖 Anasa is a Giant Enemy Robot Spider 🕷 🤖 Hannah is neither! Need Customer service? click here! Replacement IHD Guide? Here it is!
To me, this sounds like a server side issue that would have to be fixed by E.On. There's not much you can do to resolve this one yourself.
By what you've described, it sounds like a bad TLS Certificate somewhere in the chain is triggering a detection in the web protection component of Kaspersky - which is definitely correct for Kaspersky to do if the certificate in question really is invalid (I have no reason to doubt such a detection). Bitdefender would do the same for me if it was faced with the same situation. I'd recommend leaving it turned on as you'd encounter the same error even with Kaspersky disabled (the warnings would just come from a different source).
I'm with another supplier, so I'd have no way to test this out myself. However, Qualys SSL Labs does report that the E.On Next website is allowing connections over TLS 1.1 which is insecure and should really be disabled anyway as it's a dead protocol - TLS 1.2 (or even better) TLS 1.3 is where it's at these days.
My guess is that there's probably a domain used to track clicks as part of the email campaigns which is setting off these warnings. If it were me, that's where I'd start to investigate first.
OK - for the benefit of anyone else who is having this problem, I'll answer my own question. DON'T use the links in the emails; instead, go to the main website and do a password reset. This bypasses the apparent security problem.
Yeah. As I suspected. This is clearly not an issue with Kaspersky, especially if Brave is also blocking you. In actual fact, those error messages precisely point to the culprit. Admittedly, Bitdefender is a bit more helpful in the error message, but either way, those two are good enough for me.
The short version is that the TLS Certificate being used on the server doesn't include the domain you're being sent to via that email campaign. Easiest fix? Using something like Let's Encrypt to regenerate the TLS Certificate via Certbot and throw that new cert onto the server in place of the broken one. Usually only takes me 90 seconds to do for my own sites! XD
As with every diverse community, there is always a mixture of opinions, knowledge as well as understanding - that’s what makes it such a great place to be! To make sure everyone gets the most out of our Community and feels good doing it, we’ve created some values below on how to be an awesome, positive member. So, take a read and then go for it!
We love having you all here in the Community and really hope you find some great advice and help from our other amazing members. As a community team, our main role here is keeping things ticking over, everyone safe and getting involved in some great conversations! We know many of you will have specific queries about your accounts and we want to keep your personal details safe so please don't post them here.
• Saying thanks goes a long way
• The community is a public website, so be careful
• Be kind, respectful and supportive
• It's a family-friendly community
• If you’re in a specific section or discussion, try to stay on topic
• One post is normally enough
• Be cool, don’t spam
We want to ensure that the community is safe and fair for everyone…
We all work hard to ensure everyone feels respected and supported while using the community, and keep that positive energy flowing. If a member or group is disrupting your experience without a genuine reason, you can report this to the community team quickly and easily by clicking the 3 dots on the post. Don’t worry about a thing, we’ll take it from there. If you get a message from the team about your behaviour, please try to work with us, as all we want to do is make this a positive place for everyone. In order to this, we have to uphold these Community Values and the Community Team has the final say.
The full Community Values can be viewed here
If you agree, please click the 'I agree' checkbox and press the 'Complete Registration' button below. If you would like to cancel the registration, click here to return to the Community homepage.
Although the administrators and moderators of E.ON Next Community will attempt to keep all objectionable messages off this site, it is impossible for us to review all messages. All messages express the views of the author, and neither the owners of E.ON Next Community, nor vBulletin Solutions Inc. (developers of vBulletin) will be held responsible for the content of any message.
By agreeing to these rules, you warrant that you will not post any messages that are obscene, vulgar,sexually-oriented, hateful, threatening, or otherwise violative of any laws.
The owners of E.ON Next Community reserve the right to remove, edit, move or close any content item for any reason.
