Yesterday (30.01.2024 at 19:05 GMT+1) I got a survey email from ?framework?
It links to a survey for organizations, which fits, as I’ve already bought multiple frameworks for our company.
But it starts with “Hi John,” (my Name is Felix and I’ve never used John as name anywhere)
then it includes the correct company name.
The second part which made me look twice, is the sender email “email@example.com” Afaik I’ve only got emails from “XXX@frame.work”
Is this a valid email from framework or an phishing attack after the last data breach?
Screenshot & Text of email
We want to thank you and “COMPANY NAME” for joining the Framework ecosystem. We are so glad to have you join our mission!
We would like to learn more about your organization’s Framework Laptop experience. Your feedback will help us improve and guide our product roadmap!
Hover over the links inside the mail and check what URL’s they point to.
if these are not Framework-specific links, I wouldn’t touch it.
I tend to also check the full RAW mail, there are lots of headers that can give pointers.
DKIM, SPF etc. are good hints.
Chris Lombardozzi works at Framework, so I’d say its legit.
the Links point to hsforms.com, this domain is used by hubspot to host user generated forms afaik.
I do not know if framework uses hubspot?
DKIM, SPF are all ok, if not, I would not have got at (got sent to my work mail).
Maybe someone @framework can confirm this mail is legit.
I’ve just finished the survey, it seems pretty legit, as there were no questionable questions.
Don’t assume because of the display name used to mask the mail address. The email address has nothing to do with the name so should still be treated as suspicious. Someone could have easily found that they work for Framework and started spoofing emails with their name to seem even more “legit”.
Spoke with our B2B team, yes, this us. I asked about this thread and the screen capture.