Peace be with you, Proton Community, 🌹
I was trying to find out which search engine Lumo uses in the background. To do this, I used the official contact form here: https://proton.me/support/contact?topic=lumo.
Unfortunately, I later realized that the official site lists “protonmail.zendesk”, not “protonme.zendesk”. The domain “protonme.zendesk” looks suspicious, and many sites online report it as a phishing attempt.
I have already taken security precautions on my end, but I want to be absolutely sure before I report this domain as malicious. Has anyone else seen this? Please let me know if you think this is phishing. And i hope you can answer my question about the search engine 😁
Thanks for the help.
I’m struggling to figure out the phishing attempt here?
You contacted support through an official channel, then got a reply answering your question, and now we think its a phishing attack?
I personally don’t think that address looks suspicious either? Both coming from the same .zendesk, one is just using mail vs me. But as Proton uses .me everywhere, I don’t think it’s sus.
Am I missing something here?
Hi. Thanks for writing back.
Honestly, I’m super confused. Because actually phishing is when they ask about your password and all that classic stuff. But no! I had a normal chat. I saw links, and thank God I didn’t click them. But the biggest warning sign is the domain. I can’t find this domain on the official Proton website: https://proton.me/blog/report-phishing-emails
My mail says: support@protonme.zendesk.com
but it should say: support@protonmail.zendesk.com.According to Proton: “if an email claiming to be from us does not have this badge, then it is a phishing attack.” So this must be a phishing attack.
I contacted Proton about four days ago, but they still haven’t answered. So I think I’ll try my luck here.
Props to you for double and triple checking! If I was to put money on it, I would say its fine, and just a good chance that Proton haven’t updated their website/articles yet.
If you mean you contacted Proton four days ago in regards to this, then yeah good move to verify. Would be very interested to hear their response here if you’re willing to share when it happens.
Also, just to clarify, there were more emails outside of the one you screenshotted? And these replies had links? Were these replies making sense and actually answering questions?
Hey, it was a long chat. This picture is just an example.
The answers were actually really good and made for perfect sense. They told me, “No, we don’t use Google or Bing.” Sometimes the replies were very short and simple, like: “No, we don’t use them either.”
Regarding the links, they were always formatted like this: Proton Mail (link to proton.me/mail/home) From: support@protonme.zendesk.com
But I didn’t click on them.
I would be really sad if this turned out to be a fake email because I actually liked the answers. I love Mojeek. But this “me” vs. “mail” thing makes me really worry. I hope I’m wrong. Now I can just wait for Protons answer.
I don’t really get how this could be a fake email when you initiated it from protons website.
I don’t get the downvotes on this.
Worst case it’s malicious. Best case it’s misleading and confusing by Proton and subconsciously (unintentionally) training people to ignore it.
And when something real malicious happens customers possibly won’t be as careful as they could be walking into a trap.
It’s not good in any case from a professional perspective.
It’s legitimate.
Proton hasn’t updated their official phishing advice page with the new domain, buuuuuuuuuuuuuuut you can see them suggesting someone contact them on the protonme.zendesk.com domain on their official App Store page (under the “the app changes fonts on internal website” review), and on their official Google Play Store page (has to be set to the turkish language in that URL otherwise the review they’re responding to doesn’t show up)
Unless BOTH accounts that manage their app distribution on both the Google Play AND Apple App Store were quietly compromised (and never found out), and used to post just a handful of replies to reviews with a phishing domain, I think it’s safe to say it’s legit and they just forgot to add it to their list of non-phishing domains yet.
Proton hasn’t updated their official phishing advice page with the new domain, buuuuuuuuuuuuuuut you can see them suggesting someone contact them on the protonme.zendesk.com domain on their official App Store page (under the “the app changes fonts on internal website” review), and on their official Google Play Store page (has to be set to the turkish language in that URL otherwise the review they’re responding to doesn’t show up)
This doesn’t exactly raise green flags.
As I said, unless their official app distribution accounts were both compromised without anyone ever finding out and raising the alarm, and used to spread just a couple fairly hard to normally find instances of that URL, I think it’s a lot more likely they just… forgot to add it.
The alternative is much less likely: that someone specifically targeted this user with a message that knew exactly what they put in Proton’s official contact form on their official domain, but chose not to ask for any information and just provided an answer to the question and then left.
forgot to add it.
Yeah. This type of stuff isn’t a great look. Carelessness from a company that’s supposed to protect privacy.
That’s what I’m saying.
The one thing I’ll point out is that proton does mail and drive and whatnot… But they haven’t built a CRM system. Zendesk has.
Thanks for writing back.
I know that. The real subdomain according to Proton is: support@protonmail.zendesk.com.
But the email they sent to me was with ‘protonme’ instead of ‘protonmail’. I’m confused because of that.
i’ve had protonmail email for 5+ years or so and they added protonme a few years ago around the time they added drive and other services. protonmail will still work indefinitely but new accts get protonme instead of protonmail since the change, and i think even older accts can use protonme if they want but i haven’t bothered. nothing sus about it, no need to worry.
Hi, thank you for writing. I hope so. I use proton.me too, and at first I thought the same thing. I really hope you are right and I am wrong, because I like the answers. But on the official website, the subdomain support@protonme.zendesk.com is not on the list. Its all about that. But I hope you are right.
Ah yeah my bad, I read this quickly yesterday. I started with proton when they were pretty new. As such, I believe t have a protonmail and proton.me account as well. I wouldn’t be too concerned as most others have said. Be well!
If you post this on Mastodon on #Proton, you may get a better response.
Thank you.
I have many support emails saved from protonme.zendesk.
My guess is it’s legitimate but just check the DNS and see who owns the ips. Also if you want post the full mail headers and I can tell you a lot more what was the full address cause .zendesk isn’t a valid tld
deleted by creator
