Thursday, June 19, 2003

Be Warned

There's a new spam scam. Well, maybe it's not new. But it's new to me. I just got the following email:
Date: Wed, 18 Jun 2003 18:57:46 -0400 (EST)
From: "Vanni Goldarina"
Subject: BestBuy Order #1095619. Fraud Alert.

Dear customer,

Recently we have received an order made by using your personal credit card information.

This order was made online at our official BestBuy website on 06/17/2003.
Our Fraud Department has some suspicions regarding this order and we need you to visit a special Fraud Department page at our web store where you can confirm or decline this transaction by providing us with the correct information.
This e-mail address has been taken from National Credit Bureau.

Click the link below to visit a special Fraud Department page to resolve the cause of the problem.
http://www.BestBuy.com/fraud_department.html

====================
ORDER# 1095619 - STATUS: SUSPENDED

ITEMS PURCHASED
===================
Item No: 73890
CDA-9815 In-Dash CD Player/Ai-Changer Controller
Price: $387.65 Qty: 2 Total: $775.3
----------------------------------------------------------------------------------------------------
The order listed above has not yet been processed.
The reason for the delay in processing your order is:

- UNVERIFIED SHIPPING ADDRESS

- Information provided:
Shipping
41 WINHAM ST
Staten Island, NY 10306
United States
phone# 206-337-9843

In our effort to deter fraudulent transactions, we need your help in providing us with the correct information. Your prompt response is needed to avoid any unauthorized charges to your credit card.
At first glance, I was nervous. The email actually had a link to BestBuy.com's fraud department. Or so it seemed. But when I clicked on the link, it didn't work. When I cut-and-pasted the link into another browser, it still didn't work. Then I noticed that when I moved the mouse over the link, the URL that showed up at the bottom of the browser didn't go to BestBuy.com at all; rather, it went to some site at www.digitalgamma.com. So I tried typing in that URL directly, and the website was down. But I'll bet anything that if it had been up and running, it would have been a webpage that was made up to look like an official BestBuy fraud reporting page. Pretty tricky.

Of course, there were several other big clues: 1) the fact that the email was coming from a Yahoo account in the UK; 2) the fact that I was being contacted by email at all rather than by phone; and 3) the fact that I was being asked for my credit card information by someone who supposedly already had that information. And I did notice all these things. But the faked URL threw me off -- until I figured out that they had somehow faked a link to BestBuy.com, I kept thinking, "Why would a spammer link to an actual BestBuy fraud reporting website?"

Which is why I could imagine someone falling for a scam like this. Be warned.

No comments:

Post a Comment