Advisory: Odd Looking PSN Email Going Around

[drop2]Looks like there’s an odd looking email going around trying to get PSN owners to part with their usernames and passwords, and although Sony have said it’s fake it’s apparently from a real PlayStation email address.

“This is just a friendly reminder that you have funds in your PSN wallet that have not been used for six months or more,” starts the email, which looks just like a real PlayStation one.

– ARTICLE CONTINUES BELOW –

“To view your account balance, please sign-in to account management by clicking here,” it continues, with the ‘clicking here’ a link to a PlayStation site.

However, Sony have said that it’s not a real PlayStation email, confusingly.

“The message you received was not sent by a representative of Sony Computer Entertainment America (SCEA)” is the official line.  “If you have clicked on any links included in the email or have replied to the email, we also recommend that you immediately change your PlayStation Network account password.”

Looks like the messages are also going out via the PSN itself.

If this is a fake phishing email, then great – just mark it as spam and move on, but if it’s real then somebody needs to tell the Sony rep behind the keyboard this morning they’re sending out real emails.

Our advice: wait for someone at Sony to pick either way before clicking on the link.

– PAGE CONTINUES BELOW –

27 Comments

  1. “you have funds in your PSN wallet” HA! Nice try, I have funds NOWHERE :op plan foiled.

    • This is how I know everything is a scam.

      • With no funds, there’s not much to be scammed either.

  2. It’s an american one as i have only received one from my american account

  3. I actually think the email is legit (the same conclusion on GAF). It points at a domain being hosted by Sony and you are forwarded to the correct PSN login page owned by Sony.

    But it shows that Sony needs to change their practice. Sure they forward you to the correct page, but the domain they are using to (http://playstation-email.com), doesn’t exactly scream it’s being owned by Sony. Please Sony use the playstation.com domain for such things.

    • Might or might not be a coincidence, but I just noticed today there’s a tiny link at the top of the EU PS blog, and a quick mention on Twitter. They’ve got eu.playstationmail.net as “a new IP address” (not really an IP address, is it?) you should be warning your spam filters to allow.

      They’ve also got emails.eu.playstation.com and eu.playstationmail.com as well. Presumably because having everything come from a single domain that doesn’t look like a phishing scam would be nowhere near confusing enough.

      That other domain does belong to SCEA though, and possibly the US site has a similar message buried in it somewhere, hoping not to be found. Possibly behind a sign saying “beware of the leopard”.

      These things are easy to fake though. Emails can look like they come from someone else and links can be quite well disguised. It might look like you’re logging in with the proper PSN login page, but it could just be something else in disguise.

      If it looks suspicious, it probably is. Use some common sense (or get a grown up to help you) and don’t click on any links. Go and type the address you actually know into a browser to access your account.

      • Really? Really? *sigh*

        …. you don’t have to explain to me, what a phising email is and how easy it is to fake a mail, plus create a phising site, geez.

        Let stay on target here and focus on what this email contains & avoid the herp-derp guidelines, which even my mom knows about.

        It contains a link to a domain, OWNED by SONY. When clicking this link, you are forwarded to the CORRECT PSN login site. The Received header in the mail also clearly says this is coming from Sony’s mailservers. The mail is legit, Sony just needs to use better domains, so the mail looks less suspicious.

  4. Got a message on my ps3. The message linked me to that video app. I should probably change my password right?

  5. i never log in to anything from links in email.
    if i suspect the email is legit, and i can’t recall the last time that happened, i’ll make my own way to the site in question and log in there.

    if people think this is a sign of lax security on sony’s part, they shouldn’t play world of warcraft.
    within hours of signing up i started getting phishing emails.

    funnily i’ve been getting a few of the nigerian millionaire emails lately.
    people are still pulling that crap?
    nobody’s gonna fall for that one anymore.

    • I do the same, make my own way there..
      Nigerian millionaire? What? I’ve not heard of that scam, sounds amusing though.

      • Search for the 419 scam (or even better, go to 419eater.com).

        Alternatively I can help educate you on the intriciacies of this scam, all I need are your bank details, date of birth, home address, passport number and a DNA sample. Can’t turn down a deal like that surely!

      • Additonally, if you have ever seen phonejacker, George Agdgdgwngo is based on that exact scam.

        http://www.youtube.com/watch?v=Xp6Se-RDJ5M

    • God I get tons of these mails all the frikken time.
      Not just from poor hard-done-by people (the most recent was from the wife of Saif Ghadaffi apparently, aren’t I lucky she chose me to help her get her father-in-laws hidden billions out of the country!) but from DHL/Parcelforce saying I have a delivery (when I didn’t order anything) and from Natwest/Egg/Lloyds and a host of other banks saying I have unusual transactions/outstanding payments/security issues I need to resolve (ironically I’ve never received one from the bank I actually bank with), not to mention the paypal “You have suspicious activity, please log in here” mails.

      Some of them look pretty damn convincing as-well, from the source address through to the site (I have a macbook and my old “junk” laptop at home with nothing useful on it so occasionally click on the links out of curiousity. There’s nothing of use on that old laptop and I format it regularly anyway. Would never do it on my Mac though)

      Anyway, as hazelam said, go to the site in question and log in on your own accord, NEVER from e-mail links. Doing that is just asking for trouble.
      Although I wonder how long it will be before the “OMG SonyPSN has been haxxorzed again!” posts start on the other news sites.

  6. There’s still a lot of this about. My work email inbox gets spammed constantly even with all our filters and protection in place.

  7. Arrg when will people ever learn.

    The nothing complex or even hard with puting a fake from address in e-mail. In fact I could send e-mails now with [email protected] or [email protected] or [email protected].

    All e-mail software around will allow this to be done.

    http://en.wikipedia.org/wiki/Email_spoofing

    • I genuinely didn’t know there was a way of doing that. And I like to think I’m pretty savvy about stuff like that. But hadn’t realised you could actually alter how your email address is percieved.

      Learn something new everyday.

  8. Seeing as i have eff all in my PSN wallet and have common sense, i shall ignore any PSN messages and Emails from the scammers. Now, if you excuse me, i’m off to Nigera to pick up my winnings. :p

  9. Haven’t recieved one yet, that email spoofing is scary stuff :(

  10. maybe there’s a mix up between departments. but that link(i was dumb enough to click it) actually takes you right to the Sony Network Entertainment page. i even doubled checked to make sure it was the legit site by going to the Sony site and going to my account through there.

    • fyi it’s the same email account the weekly PSN store update emails com from

Comments are now closed for this post.