I received a most interesting email this weekend from “Kmart”
as an e-receipt for purchases made at the Salem Kmart. You can register with
Kmart to have these receipts sent to your email. It is a nice convenience which
we chose last Christmas so that we could track purchases and exchanges. What
was troubling was that I was in Salem last week but did not make any purchases
anywhere. Additionally, the e-receipt showed the last 4 digits of the credit
card and they were not any of mine. Hmm…
Now, there are some interesting analytic software out which
can customize spam messages to your location, jobs (based on my .edu domain),
and even shopping habits. This is also why you get customized advertising on
some sites after doing a particular kind of search.
Additionally, I tracked the destination on some of the
hyperlinks and saw a site called kmart.rsys2.net. Interestingly, I found an
rsys2.net server in Russia. Ah-ha! Gotcha. So I sent a spam report to Kmart.
It turns out that the e-receipt was indeed authentic. The
problem was that when we applied for e-receipts, the data entry person aligned
our email with someone else's account. So when they made a legitimate purchase, it was applied to our account. [!]
The moral of the story is: sometimes the hacker you fear
most is the data entry person inside your own organization.
4 comments:
I've just received the same type of eReceipt from Kmart. Strange thing is, I haven't applied for eReceipts because we don't have a Kmart on our side of the island. But even stranger, just before this happened, gmail posted a notice on the top of my email that states:
Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.Protect yourself now
I've just received the same type of eReceipt from Kmart. Strange thing is, I haven't applied for eReceipts because we don't have a Kmart on our side of the island. But even stranger, just before this happened, gmail posted a notice on the top of my email that states:
Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.Protect yourself now
Thank you for bringing this up. KMart says they haven't "heard from me in a while" and would like me to confirm my email address by clicking on a link going to kmart.rsys2.net. Um, no...
Good to know it's probably legit. Gonna take myself to their website, and NOT via that email. They can hear from me that way.
what do you mean you fwd the email to kmart? to what kmart address
Post a Comment