Email about area code for taxes: is this a legit Email from 1P? [Yes]

shrubbershrubber
edited September 2 in Memberships

—— AgileBits Update ——

We have posted our official response here:

View Approved Answer

—— Original Post ——

Email about area code for taxes: is this a legit Email from 1P?

Comments

  • ag_anaag_ana

    Team Member

    Hi @shrubber! Welcome to the forum!

    We will be happy to take a look at what you received. Can you please forward this email to [email protected] so we can check?

    After you have sent the email, please feel free to post the ticket number you received so we can locate your message and connect it with this forum discussion.

    Looking forward to your message!

  • It looked sketchy to me. I deleted it.

  • ag_anaag_ana

    Team Member

    @shrubber, @TDK1044:

    I have checked this internally, and I confirm that we did send out email updates about this today. But we are still happy to take a look in case you would like to double check :+1:

  • Got the email also. My subscription does not renew until next May. Is there anyway to extend the subscription before the tax thing goes into effect? Tried to do so on my account but could not find a way to do so.

    Thanks

  • [#UHN-87454-747] - ok I see your replay above. it is legit. thanks for checking.

  • BenBen AWS Team

    Team Member

    Hi @BenBob

    I would encourage you to reach out to our billing team at [email protected] to see what options might existing. Unfortunately we're unable to assist with billing situations on this public forum.

    Thanks!

    Ben

  • The e-mail behaved just like a phishing e-mail. It gave you a link to click on and then it wanted you to enter your credentials. It should have simply advised the recipients to log onto their 1Password account and update as necessary.

  • I am signed into the 1Password app on my iPhone. I don't see how to update the address information in the app. The email I received today looks suspicious.

  • Many thanks Ben

  • BenBen AWS Team

    Team Member
    edited September 2

    Hi folks,

    I apologize the email was suspicious looking. We did indeed send an email related to taxation today. Of course it is always best to check the legitimacy of an emails you have doubts about. The settings in question would need to be updated at https://my.1password.com/, rather than in one of the desktop/mobile apps. At present billing can only be managed through the web app, and not through the other apps. Hopefully that is something we'll be able to improve upon in the future.

    If there are any outstanding questions or if you'd like to verify the legitimacy of the request please do email us at [email protected]. We'll be happy to help.

    Thanks!

    Ben

  • Yeah, I had the same question b/c the e-mail seemed questionable.

  • BenBen AWS Team

    Team Member

    Understandable @mobius32x. If there is still any question please email us at [email protected], however we did email a number of customers today requesting they update their billing information based on taxing requirements.

    Thanks!

    Ben

  • Hello,
    I received the following email and clicked on the link without thinking before being presented with something that looked exactly like your login page and got very suspicious and closed the page. I then followed my own bookmarks to login but could not find anywhere to enter my zip code. This has all the marks of a phishing attack and I really hope that 1password would not send such an email. Can you confirm this?

    email text and link below:

    1Password will begin collecting state and local sales tax starting September 14, 2020. Invoices issued before this date will not be affected.
    Because your ZIP code is used to determine the correct tax rate, or whether tax is due, please take a moment to update your payment details to make sure you are charged correctly.
    Update billing details
    https://email.agilebits.com/t/r-l-jkkushy-otrkhitiht-r/

    If you have any questions, reply to this email. Learn more about taxes for 1Password.


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided
    Referrer: forum-search:phishing

  • BenBen AWS Team

    Team Member

    Hi @mnchurch

    I've merged your thread into another on the same subject. Please see above. In short: yes, the email is legitimate, but you're right to be on your guard! We need to know the ZIP code and state so we can ensure the tax we charge is accurate. You can add by editing your payment method online.

    If you don't feel comfortable clicking the link in the email we sent (understandable!), here's how you can update your credit card with the correct address information:

    1. Sign in to your account at 1Password.com
    2. Click 'Billing' in the sidebar
    3. Click edit (the pencil) on your default credit card
    4. Choose your country and state, and enter your ZIP code
    5. Click 'Edit Payment Method'

    We'll be looking at how to improve these sorts of announcements in the future so that we don't implicitly train recipients into unsafe behavior.

    Ben

  • Done. Thanks, Ben.

  • BenBen AWS Team

    Team Member

    Thank you, @TDK1044. :)

    Ben

  • I got this in my inbox earlier:

    The reason is that I thought it was mandatory for you to have my address on file along with my credit card to handle payments correctly, so this is puzzling.

    Thanks,


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided

  • BenBen AWS Team

    Team Member

    Hi @kv3

    I apologize for causing concern here. We actually had not previously collected address information with regard to billing. Even now we're not collecting detailed information — just the ZIP code. If you would rather not click the link (which I can't blame you for!) you can instead navigate to the billing settings in the 1Password web app directly by starting at https://my.1password.com/

    Ben

  • I also found this email regarding billing to be very suspicious. I am phished constantly, and this has all the hallmarks of a very well done phishing attempt. In fact, it still does. I, and I think the entire 1Password community, would appreciate a follow up email, which should frankly include an apology. I did log in and add my zip code, but come on! This is the cave where all the family jewels are. Please escalate to whomever, so that this can be made right. I almost sent out a blast to all of my family members who use 1Password - I still have the draft, in case it turns out this was a phish.

  • I got the following email from supposedly 1Password - to my surprise when clicking on it it directs you to sign in.
    Email like this is exactly what phishing email is.
    1Password is an entrusted company for passwords - how can we trust this company that sends out "phishing style" email?
    Whoever made that decision should be fired - conditioning people to click on email links and give away their passwords.
    Wow - unbelievable. I still hope this is a joke.

    1Password

    1Password will begin collecting state and local sales tax starting September 14, 2020. Invoices issued before this date will not be affected.
    Because your ZIP code is used to determine the correct tax rate, or whether tax is due, please take a moment to update your payment details to make sure you are charged correctly.
    Update Billing Details
    If you have any questions, reply to this email. Learn more about taxes for 1Password.

    1Password
    unsubscribe here
    made by 1Password • sent to: xxxxxxxxxxxx
    303-49 Spadina Ave. • Toronto • Ontario • M5V2J1 • Canada


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Sync Type: Not Provided

  • Just posted this as well as I received an email.
    We are trained to delete such email due to phishing problems.
    For a password security firm to send out "phishing-style" email is very disappointing - this creates doubt about this company!!!

  • I second all the comments above. I'm nervous about having ultimately followed the link after finding no clear path to adding the information when logging in directly. This is appalling and 1Password needs to immediately send a clarification and apology.

  • Mine even went into my spam folder, so I was already on high alert when I saw it. It did look like pure phishing. That's when I came here to check.

    Very odd.

  • BenBen AWS Team

    Team Member

    Hi everyone,

    First please allow me to apologize for the confusion and frustration that the email many of you received has caused. We did indeed send an email regarding taxes to many US-based customers yesterday (September 1). It has come to our attention that this email appeared in many ways like a phishing attempt would. We applaud everyone's vigilance and appreciate that you've come here to investigate the legitimacy of said email. It is always a good idea to confirm. It is possible that scammers could try to take advantage of this situation and send emails that look just like ours. As such, we would recommend against clicking the links in any emails (more on that below).

    As for the reason the email was sent out: because of the growth we've experienced we find ourselves in a situation where we're obligated to collect tax on our Software as a Service (SaaS) offering in many US states. Not all states charge this tax, and receiving this email isn't necessarily an indicator that you'll need to pay any taxes. What it does mean is that we don't currently have enough information from you (notably your ZIP code) in order to make that determination. It is good security practice to not click links in emails, and so I'm happy to provide the steps necessary to complete this task without clicking any links:

    1. Open your web browser and type https://1password.com/ in the address bar and press the return/enter key on your keyboard
    2. Verify that the lock icon appears, and (optionally) check the validity of the SSL certificate by clicking on the lock icon (see the example below)
    3. Sign in to your account at 1Password.com
    4. Click 'Billing' in the sidebar
    5. Click edit (the pencil) on your default credit card
    6. Choose your country and state, and enter your ZIP code
    7. Click 'Edit Payment Method'

    Updating your billing information will help ensure that you pay the correct amount of tax (or no tax) based on your location.

    I am sorry for the scare here. Our security team is looking into the methods that were used to compose and send this email so that we can do better next time. Thank you for reading. If you have questions or concerns not addressed here, or you think you may have received an email that is a phishing attempt, please contact us at [email protected]

    Ben

This discussion has been closed.