Jump to content
IGNORED

Season ticket refund?

Thornbury Red

By Thornbury Red
in Football Chat

Recommended Posts

S25loyal

S25loyal

Posted
Posted
15 minutes ago, elhombrecito said:

I've just had my email. I won't be getting my knickers in a twist about it though, I'll just wait for some update from the club. 

Some of the overreactions on here are hilarious.

Agree that they really should have put something out by now to either explain what's happening, or say it was an error, but it's certainly nothing to get worked up about.

To be fair you could have an self isolating OAP living on their own, who had just had An email and now is worried they have been scammed.

its easy to say don’t get worked up when you you think you know what is going on. 

Link to comment
Share on other sites
S25loyal

S25loyal

Posted
Posted
5 minutes ago, Ska Junkie said:

I use my work email for our ST's and the AV picked it up, suggesting it's spam.

doesn't look like its' official. On the email I received, I hovered over the sham Bristol sport sender / attachment link and a spoof URL came up which also suggests spam / scam email.

It is a genuine yespay email, check old receipts. 

Link to comment
Share on other sites
View from the Dolman

View from the Dolman

Posted
Posted
5 minutes ago, Ska Junkie said:

I use my work email for our ST's and the AV picked it up, suggesting it's spam.

doesn't look like its' official. On the email I received, I hovered over the sham Bristol sport sender and a spoof URL came up which also suggests spam / scam email.

Which email have you received?

My email with the subject "YESpay Refund Transaction Confirmation" doesn't appear as being sent by Bristol Sport but by e-comm@yes-pay.net - YESpay being a payment service provider used by Bristol Sport.

The full message source does strongly appear as being a genuine email which has come out of YESpay via the WorldPay network.

Link to comment
Share on other sites
Ska Junkie

Ska Junkie

Posted
Posted
2 minutes ago, S25loyal said:

It is a genuine yespay email, check old receipts. 

Thanks S25, now the corporate AV has picked it up, I can't open it unless I clarify that it's genuine. I'll wait methinks, rather than put a potential trojan on the network. I'd be as popular as a shit in a lift if i did that. 

Link to comment
Share on other sites
Ska Junkie

Ska Junkie

Posted
Posted
3 minutes ago, View from the Dolman said:

Which email have you received?

My email with the subject "YESpay Refund Transaction Confirmation" doesn't appear as being sent by Bristol Sport but by e-comm@yes-pay.net - YESpay being a payment service provider used by Bristol Sport.

The full message source does strongly appear as being a genuine email which has come out of YESpay via the WorldPay network.

I couldn't receive it at all VftD but hovered over the sender (can't open it obviously) and some URL starting 'BB.abu' or something like that came up. As it wasn't something I recognised and it was picked up by the filter, I deleted it rather quickly. Sorry, should have taken more notice. :(

As part of my job, I can get on to the live NHS systems so you can imagine how tight the security is. 

 

Link to comment
Share on other sites
View from the Dolman

View from the Dolman

Posted
Posted
3 minutes ago, Ska Junkie said:

I couldn't receive it at all VftD but hovered over the sender (can't open it obviously) and some URL starting 'BB.abu' or something like that came up. As it wasn't something I recognised and it was picked up by the filter, I deleted it rather quickly. Sorry, should have taken more notice. :(

As part of my job, I can get on to the live NHS systems so you can imagine how tight the security is. 

 

Hmm that definitely doesn't seem to be anything like the email I received or those screenshotted by others in this thread. I can totally understand your caution based on what you've described!

Link to comment
Share on other sites
Nibor

Nibor

Posted
Posted
12 minutes ago, View from the Dolman said:

Who was the sender (purported or otherwise) of this email?

You never really know with email but it claims to be yes-pay.net and routes via messageprovider.com and worldpay.  It doesn't have DKIM or SPF passes.

It's just not something people should trust when it arrives in the inbox - I assumed everyone had this sort of message until the other one arrived.

Link to comment
Share on other sites
pongo88

pongo88

Posted
Posted
19 minutes ago, Nibor said:

Quite likely, just had one through for one of the kids which is just a receipt.

The one they sent to me however looks like this:

image.png.9309ed2c484ceccafa54f5e10177203a.png

If you follow the link it takes you to what could very easily be a trap.

I had the same. It asks me to open an attachment, which I haven’t as opening any link or attachment from an unsolicited email is risky 

Link to comment
Share on other sites
View from the Dolman

View from the Dolman

Posted
Posted
8 minutes ago, Nibor said:

You never really know with email but it claims to be yes-pay.net and routes via messageprovider.com and worldpay.  It doesn't have DKIM or SPF passes.

It's just not something people should trust when it arrives in the inbox - I assumed everyone had this sort of message until the other one arrived.

Hmm - sounds very similar in source and route to the one I received but mine was as per the screenshots of others in the thread.

My email does share some common technical traits with previous emails from YESpay but messageprovider.com does appear to be different though this appears related to Fidelity National Information Services who acquired WorldPay last year (with WorldPay having previously acquired YESpay).

Link to comment
Share on other sites
Ska Junkie

Ska Junkie

Posted
Posted
16 minutes ago, View from the Dolman said:

Hmm that definitely doesn't seem to be anything like the email I received or those screenshotted by others in this thread. I can totally understand your caution based on what you've described!

That make sense then. Mine looks like a genuine spam mail rather than the ones everyone else received.

I haven't had the same email, most certainly.

Thanks VftD and apologies for the bum steer. 

Link to comment
Share on other sites
Redtucks

Redtucks

Posted
Posted
2 hours ago, elhombrecito said:

I've just checked, and last year's season payment ticket was definitely purchased through YesPay, and the reference used in today's email is the same as the reference on the original payment. And the email doesn't ask you to click on anything.

So there's no way this is a scam. Just somebody pressing the wrong button somewhere!

Totally agree.

Somebody's made a **** up!

 

Link to comment
Share on other sites
Olé

Olé

Posted
Posted
1 hour ago, Nibor said:

The one they sent to me however looks like this:

image.png.9309ed2c484ceccafa54f5e10177203a.png

If you follow the link it takes you to what could very easily be a trap.

I had the same one as you, and agree with all the precautions you've mentioned, although FWIW as I work in the same industry as WorldPay and know them well, I took an interest and safely looked at the content of the attachment to recognise that it wasn't malicious (though certainly a terrible UX that appears like a phishing attack - Yes Pay has consistently dangerous UX).

Once opened the form doesn't actually require any sensitive information, it already has your email, I gave my name as God, and was able to open the content which was clearly not fraudulent given it had my season ticket purchase reference and was giving an apparently unusual amount that was actually 1/23 of the season ticket value. I’m absolutely certain it’s the club.

As to the different types of email it looks to me from screenshots posted that those that got the receipt in their email directly are using native mobile email clients that securely render the attachment and retrieve the relevant content automatically, whereas those that got the secure file to open are in web based email clients that can’t safely do so and treat as an attachment.

Link to comment
Share on other sites
Nibor

Nibor

Posted
Posted
4 minutes ago, Olé said:

I had the same one as you, and agree with all the precautions you've mentioned, although FWIW as I work in the same industry as WorldPay and know them well, I took an interest and safely looked at the content of the attachment to recognise that it wasn't malicious (though certainly a terrible UX that appears like a phishing attack - Yes Pay has consistently dangerous UX).

Once opened the form doesn't actually require any sensitive information, it already has your email, I gave my name as God, and was able to open the content which was clearly not fraudulent given it had my season ticket purchase reference and was giving an apparently unusual amount that was actually 1/23 of the season ticket value. I’m absolutely certain it’s the club.

As to the different types of email it looks to me from screenshots posted that those that got the receipt in their email directly are using native mobile email clients that securely render the attachment and retrieve the relevant content automatically, whereas those that got the secure file to open are in web based email clients that can’t safely do so and treat as an attachment.

The problem is the form looks exactly like a phish would.

It's very likely this did originate with yes-pay, whether as a cock up or on premature instructions from the club. 

But it could be that someone nicked yespay's database so they'd have all the info you are using to trust them.

My point really though was a general one - nobody should be doing the things this email asked them to.

image.png.6b452f0114ecaa0028b705a7ab95d4d1.png

Link to comment
Share on other sites
East End Old Boy

East End Old Boy

Posted
Posted
5 hours ago, Olé said:

A payment authorisation is sent and processed in real time and is shown as pending, a refund isn't necessarily authorised real time (until recently they were only sent overnight) so won't show up as a pending transaction (also some banks/issuers love to drag their feet on mentioning a refund, to sit on a float of money for a day, every little helps - themselves)

@Olé Correct! I had a notification last week of a travel refund, via PayPal, which will reach my account in 4/5 days, unlike the speed of the original payment - and it’s taken me 28 days to get this far!

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

So I've received this email now and everything looks legit.

The email headers look Ok and the only thing that causes me concern is, the time stamps are all over the place by minutes, forwards and backwards (seconds, I can put up with, but minutes - I'd expect the servers to be using ntp and not to drift so much).

I'm expecting the club to clarify what is going on i.e. is this fubar, legit or something shitty.

 

Link to comment
Share on other sites
Thornbury Red

Thornbury Red

Posted
  • Author
Posted

Thinking this through. I'll wager that the club have asked their payment provider about potential season ticket refunds. Provider has done some testing but using a copy of live data (which is a big no no under GDPR) and forgotten to redact email addressess.

 

Why they can't come out and admit that though? Dunno?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...