It always pays to be on your guard, as a phish attempt may crop up in the most unlikely of places.
Sure enough, we have an example of a scammer going phishing on Play(dot)com, the second biggest online retailer in the UK market. Play allows individuals to buy / sell their wares, much like the Amazon marketplace. Here’s an example of what I’d see while shopping for Batman DVDs (because really, what else am I going to be wasting my money on?):
Click to Enlarge
Sellers are awarded ratings depending on how awesome they are at selling things – or not. Thanks to MrTom for sending this one over, because what seemed like a bargain videogame purchase resulted in the following email from a seller:
Click to Enlarge
Yes, it’s the old “Problem with payment” trick so beloved of scammers on sites such as eBay (with random “verified by..” graphics to sweeten the deal) . What makes this attempt particularly silly is the following ramble regarding security:
“fill in the following secure form by clicking reply you should then be able to fill in the form. This is just for verfication and a security check please note we do not see any of your personal details as its encrypted through our server and part of data protection”
There is, of course, no “secure form” – all the victim is doing is sending a regular email to a @live.co.uk account. It’s worth bearing in mind that a copy of said email could well be stored on the servers it passes through, which isn’t really the best thing in the World when you just sent your card details to the Wallet Inspector.
The scammers here are rather lazy, too – hyperlinking their images from other sources and causing a little brand damage in the process. You should NEVER send a seller your card details in this manner, especially if they’re claiming there are problems and asking for card details via email. Play(dot)com is setup so that you’d never have to do this – any other reputable merchant would be doing the same thing.
Unfortunately these kind of scams cause a chilling effect for new sellers and makes it more difficult to get started selling Batman DVDs – and while you’ll get your money back from the initial transaction made through the Play(dot)com system, you may find it’s a little more tricky to get results after firing the “Take my money, and take it now” emergency flare in the general direction of an Email scammer.
Christopher Boyd
Related Posts
- Scammers Go Phishing for World Cup Soccer Fans
As my colleague Pedro Bueno noted in a recent blog, scammers are out in full force–trying to take advantage of the excitement of the FIFA World Cup tournament in South Africa to trick users into... - Scammers Going Phishing for World Cup Fans
As was noted by Pedro in a recent blog post, scammers are out in full force trying to take advantage of the excitement of the World Cup tournament in South Africa to trick users into giving up their s... - Facebook scammers go back to using Javascript
Facebook scammers know that in order to keep users falling for their scams, they have to use a variety of approaches. For example, there was a time where rogue applications were the scammers' preferre... - Cyber Crooks All Set to Crash the British Royal Wedding
As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software throu... - New spamvertized campaign theme
The wave of United Parcel Service, DHL Global and Post Express Office spam - which has been so prolific and leading to scareware infections - changed to Bobijou Inc. over the Easter weekend.Howe... - More fake Twitter emails
It’s been over a month since we wrote about fake Twitter email messages, and if it worked once for scammers, they’ll certainly try it again. Commtouch labs is seeing large quantities of &#... - The Rise of the Targattacks*: Cyber espionage and sabotage: the new way – *Abbr.: targeted attacks
During the last 18 months we saw a growing number of targeted attacks against numerous companies and organizations. Let's briefly have a look at some of them: The Aurora Attack: an attack that began ... - Spammers Intend to Make You an Easter Bunny
Easter is a Christian holiday centered on the death of Jesus Christ and His subsequent resurrection several days later. Hence Easter is an important holiday for Christians. But what gets associated wi... - Western Union hack tool: real or hoax?
When something sounds too good to be true I always take it with a grain salt.I came across this tool that "can be used to make western union transfers without any credit card. You even don't need any ... - Boxes of Money !
Phishing and 419 scams have been around for a while now. However, sometimes they never cease to amaze when it comes to their tactics. We caught this most recent one in one of our Honeypots and thought...
Posted on 28 February 2011. Tags: Phishing, Play.com, Scammers
The above information is reprinted from and copyrighted © by GFI Software.
