Zyra's website //// Very //// Phishing Attacks //// Site Index
email from Very?
No! It's a scam! Spam telling you to "Verify Your Account". Don't be silly!
If you receive an email which says it's from "Very" and is signed by the dubious job title of "Security Advisor", you've probably just received a phishing attack e-mail. Now the thing is, even though the message has convincing-looking pink logos and guff, it is not from Very! Besides the fact that Very don't send you silly messages asking for your security information, it's also most likely to have come in to the wrong email address. Surely you use a quite different address for each company?
Anyway, the message is largely an attempt by bogus people to acquire your personal info. If you are silly enough to be caught out by such a scam, and you give away your e-mail address, password, postcode, and date of birth, crooks can pretend to be you (see identity theft). As well as being able to log into your account at Very and order things which you have to pay for, they can also use the info to do various other unfortunate things.
Don't let them get away with it!
Anyway, here's the bogus Very message, and after it, some clues on how to crack this racket...
Original Message -----
Site Map | Returns | Track Order | Financial Services | Manage Your Account
Terms & Conditions | Security & Privacy | Corporate Info | Very Mobile Site
Credit Account | Shopping Insurance | Personal Loans | General Insurance
Click here to view our Brand Directory.
© Shop Direct Limited. 2011, All Rights Reserved. Shop Direct Home Shopping Limited. Registered number: 4663281.
Registered office: 1st Floor, Skyways House, Speke Road, Speke, Liverpool L70 1AB.
Such nonsense is usually more associated with banks. See Bank Hoax messages. But now it looks like the famous shopping catalogue is also victim to it.
"Dear Customer" indeed! That is immediately suspicious. Also, why ask for your e-mail address when they have sent to it!
Now here are some clues about what's going on: On looking through the source-code, the crooks have used various things remote-served from the actual site of Very! However, the exceptions are the http references which go to non Very.co.uk addresses. The first of these is the broken image at the top, which is http://www.bus-kaufen.de/header.png , and then there's another which is http://static.atgsvcs.com/js/atgsvcs.js , and also there's var tmBaseUrl = "https://pfa.levexis.com/very/tagman.cgi"; , and also http;//eu.hlserve.com/Delivery/ClientPaths/SDG/Delivery.aspx?rn=[random_digits], but the most suspicious line of all is the one that says <form action="http://www.feuerschutz-brunner.at/aberlos/rayodark.php" name="$loginForm" method="post" id="">
Now let's not go blaming www.bus-kaufen.de , or pfa.levexis.com , or www.feuerschutz-brunner.at as they are probably sites that have been hacked! The thing is, though, the stolen personal details are being sent to a php script which is at www.feuerschutz-brunner.at/aberlos/rayodark.php , and from there to wherever the operation is being run.
Good Luck to Very in their attempts to crack this and in putting up proper warnings to inform customers!
There are many such scams, and various online problems. Here's a Rogues Gallery of stuff to look through!
Meanwhile, the real Very Catalogue can be accessed via this affiliate website!