I receive a periodic email Newsletter from Saverpoint.com, a computer supplies company which I have dealt with over several years, so I have no reason to doubt their legitimacy.
About two weeks ago I received their latest email, but when I opened it in Outlook 2013, all the images were missing and apart from the surrounding text I had a screenful of red 'x'' placeholders.
This happens from time to time on any message, where not all parts of the message arrive at the expected time so the mail reader cannot recreate the original email. I then clicked on the link to display the content in my web browser. However, instead of the Newsletter I was directed to various unwanted pages giving me spurious 'investment opportunities', or casino type sites, or others offering me 'business advice'.
Initially I presumed that I had picked up some sort of malware, though this issue only affected this one Newsletter. Earlier issues which had previously displayed correctly now had this new behaviour. I then fully scanned my Windows 10 PC with Avast antivirus, Spybot and Malwarebytes Anti-Malware. All are up to date, but all found no issues.
I then tried to open the same emails on my iPad, linked by Wi-Fi to my router and got the same problem.
This seemed to indicate that it was not simply a problem on my PC, which only connects by ethernet.
I emailed the sending company which carried out tests and reported back to say that they had found no problems with the embedded links, which as normal do include a tracking tag. They also supplied me with a clean link to the Newsletter on their website, but again this gave me the unwanted webpages on both PC and iPad.
The only common factor then seeemed to be my Router (TalkTalk supplied HG533) so I accessed my neighbour's router (with permission!) with my iPad and once more the Newsletters and supplied link worked perfectly.
I then reset my router to the factory defaults and reset my router and Wi-Fi passwords - and once again I could read the emails without problem.
Unfortunately it has not proved to be a final solution, as today I received the next issue of the Newsletter - and once more the images are missing and all links take me to other sites on both PC & iPad. Linking to my neighbour's Wi-Fi restores the images.
When I opened the email this time, I get the attached warning - I can provide the full url if needed, but am loathe to do so here in case it leads others astray. However, the url shown is reported by a 'Whois' enquiry to belong to this company -
OrgName: Leaseweb USA, Inc. OrgId: LU Address: 9480 Innovation Dr City: Manassas StateProv: VA PostalCode: 20109 Country: US RegDate: 2010-09-13 Updated: 2014-09-17 Comment: www.leaseweb.com Ref: https://whois.arin.net/rest/org/LU
My PC is switched off when not in use, but I do have a NAS drive attached to the router so I have now switched this off as well to prevent access.
If this is a router hack, it seems strange that only one email Newsletter is affected. Saverpoint customer service department tell me that they have had only one other report of such a problem, but at the time could not resolve it. They now wonder if my additional research might help the other affected user.
In case there may be some helpful information on the router I haven't reset anything at present and will await suggestions.