1. Forum
  2. USENET
  3. alt.comp.software.firefox

  • SOLVED, Sort of. Website tries to change my default brower

    From micky@NONONOmisc07@fmguy.com to alt.comp.software.firefox on Tue Jan 6 13:34:53 2026
    From Newsgroup: alt.comp.software.firefox

    SOLVED, sort of. There was also an 800 number. The letter was not a
    fraud. I said there were no 3rd party claims or insurance or lawyers
    involved and that's all they wanted to know, so they will pay the
    backpain claimes themselves and not try to subrogate. She answered
    the phone within a minute of calling -- I thought that went extinct in
    1975 -- but of course didn't know why the website was messing with me.
    She said they'd had problems with it and she'd pass on the information.

    Original post, not sent until now:
    I got a letter, seemingly from UnitedHealthCare, who is my Medicare
    Supp. insurer that says roughly: Our records show you received medical
    care that may have been the result of an accident or injury. We need
    more information about the treatment you received, because it is
    possible your medical costs should be paid by another insurer. This
    review helps to control or reduce the health care costs paid by you
    and/or your employer.

    Googling, I find that many people get such letters but in my case the
    letter suggests the url selfservice.katchig.com . When I went there it
    wanted to install a Firefox add-on to change my default browser, without
    even saying the name of the add-on. I closed the page, and the next
    time, it did it again. The only choice was Continue, no X'ing out.

    Even though the letter said selfservice.katchig.com, the second time a /
    had been added at the end, and I removed the / and then ublock origin
    didn't like it. The third time I didn't remove the / and again it
    wanted to install the add-on. What's going on?

    Each time I left the tab trying to get me to install the add-on, when I
    went back there was a duckduckgo search page that was searching for
    !ducky katchig and even though there is ! in front of ducky, all
    the hits were about hatching duck eggs. I guesss they got hatching from ketchig. It's not a good advertisement for Duckduckgo.

    If it only changes the default I could change it back but who knows what
    else it will do?
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Andy Burns@usenet@andyburns.uk to alt.comp.software.firefox on Tue Jan 6 18:42:57 2026
    From Newsgroup: alt.comp.software.firefox

    micky wrote:

    selfservice.katchig.com

    If it only changes the default I could change it back but who knows what
    else it will do?

    Get a longer bargepole ...

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Paul in Houston TX@Paul@Houston.Texas to alt.comp.software.firefox on Tue Jan 6 13:56:08 2026
    From Newsgroup: alt.comp.software.firefox

    micky wrote:

    snip

    Googling, I find that many people get such letters but in my case the
    letter suggests the url selfservice.katchig.com . When I went there it
    wanted to install a Firefox add-on to change my default browser, without
    even saying the name of the add-on. I closed the page, and the next
    time, it did it again. The only choice was Continue, no X'ing out.

    Even though the letter said selfservice.katchig.com, the second time a /
    had been added at the end, and I removed the / and then ublock origin
    didn't like it. The third time I didn't remove the / and again it
    wanted to install the add-on. What's going on?
    snip

    My browsers say that the katchig.com domain name is for sale.
    Sounds like a place to go phishing.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Nobody@jock@soccer.com to alt.comp.software.firefox on Tue Jan 6 15:46:19 2026
    From Newsgroup: alt.comp.software.firefox

    On Tue, 6 Jan 2026 13:56:08 -0600, Paul in Houston TX
    <Paul@Houston.Texas> wrote:
    micky wrote:

    snip

    Googling, I find that many people get such letters but in my case the
    letter suggests the url selfservice.katchig.com . When I went there it
    wanted to install a Firefox add-on to change my default browser, without
    even saying the name of the add-on. I closed the page, and the next
    time, it did it again.
    Why do you keep butting your head against an obvious threat?
    My browsers say that the katchig.com domain name is for sale.
    Sounds like a place to go phishing.
    For me, Ffox 146.0.1 immediately blocked it becaws of a re-direct.
    CCleaner browser blocked it immediately as well, citing malicious
    software involving a website called *zepisu* and placing same on a URL Blacklist.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From micky@NONONOmisc07@fmguy.com to alt.comp.software.firefox on Wed Jan 7 11:48:08 2026
    From Newsgroup: alt.comp.software.firefox

    In alt.comp.software.firefox, on Tue, 6 Jan 2026 13:56:08 -0600, Paul in Houston TX <Paul@Houston.Texas> wrote:

    micky wrote:

    snip

    Googling, I find that many people get such letters but in my case the
    letter suggests the url selfservice.katchig.com . When I went there it
    wanted to install a Firefox add-on to change my default browser, without
    even saying the name of the add-on. I closed the page, and the next
    time, it did it again. The only choice was Continue, no X'ing out.

    Even though the letter said selfservice.katchig.com, the second time a /
    had been added at the end, and I removed the / and then ublock origin
    didn't like it. The third time I didn't remove the / and again it
    wanted to install the add-on. What's going on?
    snip

    My browsers say that the katchig.com domain name is for sale.
    Sounds like a place to go phishing.

    Very strange, since selfservice.katchig.com was a choice in the same
    postal letter that included the 800 number, and when I called that, it
    was really the subcontractor for unitedhealthcare, and they really
    wanted to know if some other insurance might pay the claim my doctor had submitted. And she knew about the website. I didn't ask her what the
    url was but it was given in the letter.

    Could it be for sale and still be in use, like somone who is still
    living in his house but is trying to sell it?

    And somehow there is a redirect to the place that wanted to change my
    default browser? It didn't say to what, but the page switched to
    duckduckgo when I left the tab and came back.
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Schugo@schugo@schugo.de to alt.comp.software.firefox on Wed Jan 7 17:51:07 2026
    From Newsgroup: alt.comp.software.firefox

    On 07.01.2026 17:48, micky wrote:
    In alt.comp.software.firefox, on Tue, 6 Jan 2026 13:56:08 -0600, Paul in Houston TX <Paul@Houston.Texas> wrote:

    micky wrote:

    snip

    Googling, I find that many people get such letters but in my case the
    letter suggests the url selfservice.katchig.com . When I went there it
    wanted to install a Firefox add-on to change my default browser, without >>> even saying the name of the add-on. I closed the page, and the next
    time, it did it again. The only choice was Continue, no X'ing out.

    Even though the letter said selfservice.katchig.com, the second time a / >>> had been added at the end, and I removed the / and then ublock origin
    didn't like it. The third time I didn't remove the / and again it
    wanted to install the add-on. What's going on?
    snip

    My browsers say that the katchig.com domain name is for sale.
    Sounds like a place to go phishing.

    Very strange, since selfservice.katchig.com was a choice in the same
    postal letter that included the 800 number,

    Social Engineering also happens in real life!

    Shit happens.

    ciao..

    --- Synchronet 3.21a-Linux NewsLink 1.2