Hometown Favorites - Would You Like Phish with Your Candy? 8/27/2006 - 2,166 views, 2 Comments
|
Previous Article « Create eBooks to Take Along on Your iPod!
Read Next Article » Buyer Beware When It Comes to Shipping Insurance for Things You Buy Through eBay and Other Online Services
It appears that someone has gained access to the customer records at the popular online retro candy and food store, HometownFavorites.com. A phish from what purported to be Hometown Favorites, but was not really, was sent out today, to customers of HometownFavorites.com. The phish went out to customers who had recently placed orders, and contains both the real last four numbers of the customer’s credit card information, and the correct expiration date, and claims that “We recently tried to charge your credit card for your HomeTownFavorites.com order, and it was rejected by the bank because it has no complete infomation.” It then goes on to say: “To update the credit card infomation details for your order, please select this link:” When you click the link, it takes you to a very convincing looking page, which is a direct rip-off of the Hometown Favorites.com site, complete with the last four numbers of your credit card number and the expiration date prepopulated on the page. Then it asks you to put in your SSN (social security number) and date of birth. It is well enough done, with enough information unique to you, to fool most people. After all, if you get this phish, you recently did place an order with Hometown Favorites, and with that credit card. This is pretty clearly an inside job, given all of the information they have. So, if you are a Hometown Favorites customer, please don’t fall for this (however, if you do get this phish, please let us know about it).
|
|
Email the link for this page to a friend! |
Read more:
» Sexy Dead Singles (Stupid Adsense Ad)
» Yahoo Shoposphere: Online Shopping Meets Everybody’s Favorites Lists
» U.S. Phisher Implicated in Global Phish Netting
For additional similar stories check out our archives on Hacking, Phishing
Got this one a couple of days ago. Luckily, hadn’t ordered anything in months and the card I used has long since expired. The page looked realistic, but anytime anyone asks for SSN you know there’s a scam afoot. HF has put a disclaimer on their homepage asking to be notified if you have been targeted. I emailed them yesterday but have heard nothing in reply as of yet. Will give them the benefit of the doubt. They have probably been inundated with questions and complaints.
Comment by Kris — 8/29/2006 @ 7:45 am
Got a phish as well. 4 of them in fact all had the info but there were errors in their message.
Last four numbers were close to mine but not accurate.
Expiry date was not right. Not even close.
Put in zip code on mine. Only thing that was right.
Instead of Hometown Favorites, it was HomeTownFavorites.
Funny thing though going to the on-line bank showed that said purchase HAD gone through two weeks before, and the order arrived NP.That day. The Invoice number on the phish for the order was not even close to what I was holding in my hand at the time.
The e-mail had other errors as well.For the hell of it I tried to connect with the page. No luck for some reason.
Comment by Devon — 8/31/2006 @ 10:17 pm