1. Home
  2. Forums Index
  3. Local / Foo 4:12 pm May 5, 2026

Forum Moderators: open

Message Too Old, No Replies

Some companies don't understand online security

         

Sgt_Kickaxe

11:02 pm on Apr 13, 2022 (gmt 0)



A utility company sends me reminders when my bill is ready to view online, and I can't make them stop. The email contains...

- My name and home address
- My account number
- My balance due
- A link to go view my account

Only that last item is needed, if a stranger gets into my email account they don't need to see the rest.... but it gets worse.

If I click the link I only see a "soft" account page. It shows me my home address, account number, balance due BUT I AM NOT LOGGED IN. They are just trusting the fact that since I clicked the link in the email I must be the account holder. Since I am not logged in you don't see my payment info, I have to actually log in to see that, thankfully...

but it gets worse..

On that "soft" dashboard which doesn't require me to be logged in I am presented with three options, or you can log into the site and get a 4th option of giving them your info directly for a one time payment which I don't want to ever have to do, lol.

- make an immediate payment
- sign up for automatic bank payments
- sign up for automatic credit card payments

Clicking on any of those leads me to an agreement form, WHICH I DONT HAVE TO BE LOGGED IN TO ACCEPT, where I can provide the data to a third party company and pay through them(with 1.5% surcharge). It's like my own utility company site is an affiliate site, and they have 360,000 members in my area who have no choice but to use them.

Thankfully banks allow you to make one time payments directly to avoid using these options.

Scammer sites do this stuff and this is a legit utility company. They didn't do this until about 6 months ago... is anyone else seeing the same lack of concern from their own utility company?.This one doesn't want to hear about it either.

Edit: This is a legit site, I confirmed via phone when I asked them to stop emailing me the reminders or to reduce the personal info in them, to no avail. It's maddening in 2022.

LifeinAsia

6:20 pm on Apr 14, 2022 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Depending on where you live, you may be able to file a complaint with your state's public utilities watchdog agency. States (like California) with stronger privacy protection may be more active about doing something than others.

Sgt_Kickaxe

6:16 am on Apr 18, 2022 (gmt 0)



I don't file complaints, they can run their company how they see fit.

As long as I can bypass their website and pay directly from my bank I'm fine... otherwise I'm looking for an alternative source, but wow... some redesign.

graeme_p

10:49 pm on Apr 18, 2022 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



That is particularly bad, but I see bad results all over the place.

My new utility company (after my previous one became insolvent - everyone from the UK will know about that) have a website that logs you in with email address and password, but asks for your email address first and then tells you if its wrong, and only asks for your password if your email address is correct.

It does not leak as much information, but does not require to have a link: someone could test what email addresses have accounts there and match them against compromised logins to find reused passwords.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Local / Foo 4:12 pm May 5, 2026