View from the Dolman Posted April 27, 2020 Report Share Posted April 27, 2020 7 minutes ago, Nibor said: Quite likely, just had one through for one of the kids which is just a receipt. The one they sent to me however looks like this: If you follow the link it takes you to what could very easily be a trap. Who was the sender (purported or otherwise) of this email? Link to comment Share on other sites More sharing options...
S25loyal Posted April 27, 2020 Report Share Posted April 27, 2020 15 minutes ago, elhombrecito said: I've just had my email. I won't be getting my knickers in a twist about it though, I'll just wait for some update from the club. Some of the overreactions on here are hilarious. Agree that they really should have put something out by now to either explain what's happening, or say it was an error, but it's certainly nothing to get worked up about. To be fair you could have an self isolating OAP living on their own, who had just had An email and now is worried they have been scammed. its easy to say don’t get worked up when you you think you know what is going on. Link to comment Share on other sites More sharing options...
Dolman Block B Posted April 27, 2020 Report Share Posted April 27, 2020 2 minutes ago, View from the Dolman said: Who was the sender (purported or otherwise) of this email? Exactly, where does it say its from the club? Link to comment Share on other sites More sharing options...
S25loyal Posted April 27, 2020 Report Share Posted April 27, 2020 5 minutes ago, Ska Junkie said: I use my work email for our ST's and the AV picked it up, suggesting it's spam. doesn't look like its' official. On the email I received, I hovered over the sham Bristol sport sender / attachment link and a spoof URL came up which also suggests spam / scam email. It is a genuine yespay email, check old receipts. Link to comment Share on other sites More sharing options...
View from the Dolman Posted April 27, 2020 Report Share Posted April 27, 2020 5 minutes ago, Ska Junkie said: I use my work email for our ST's and the AV picked it up, suggesting it's spam. doesn't look like its' official. On the email I received, I hovered over the sham Bristol sport sender and a spoof URL came up which also suggests spam / scam email. Which email have you received? My email with the subject "YESpay Refund Transaction Confirmation" doesn't appear as being sent by Bristol Sport but by e-comm@yes-pay.net - YESpay being a payment service provider used by Bristol Sport. The full message source does strongly appear as being a genuine email which has come out of YESpay via the WorldPay network. Link to comment Share on other sites More sharing options...
Ska Junkie Posted April 27, 2020 Report Share Posted April 27, 2020 2 minutes ago, S25loyal said: It is a genuine yespay email, check old receipts. Thanks S25, now the corporate AV has picked it up, I can't open it unless I clarify that it's genuine. I'll wait methinks, rather than put a potential trojan on the network. I'd be as popular as a shit in a lift if i did that. Link to comment Share on other sites More sharing options...
Admin phantom Posted April 27, 2020 Admin Report Share Posted April 27, 2020 10 minutes ago, Robbored said: I just received an email from Bristol Short with a refund of £18.56. I can only assume that with five home games remaining that they’re planning to refund us game on game....... Best to re-read the thread from the start @Robbored Link to comment Share on other sites More sharing options...
Ska Junkie Posted April 27, 2020 Report Share Posted April 27, 2020 3 minutes ago, View from the Dolman said: Which email have you received? My email with the subject "YESpay Refund Transaction Confirmation" doesn't appear as being sent by Bristol Sport but by e-comm@yes-pay.net - YESpay being a payment service provider used by Bristol Sport. The full message source does strongly appear as being a genuine email which has come out of YESpay via the WorldPay network. I couldn't receive it at all VftD but hovered over the sender (can't open it obviously) and some URL starting 'BB.abu' or something like that came up. As it wasn't something I recognised and it was picked up by the filter, I deleted it rather quickly. Sorry, should have taken more notice. As part of my job, I can get on to the live NHS systems so you can imagine how tight the security is. Link to comment Share on other sites More sharing options...
Bristol Rob Posted April 27, 2020 Report Share Posted April 27, 2020 Amazed the club haven't made a statement on this, even some sort of interim holding message that is available to most fans. Not sure how many fans will know what the club are doing or what the SLO has said Link to comment Share on other sites More sharing options...
View from the Dolman Posted April 27, 2020 Report Share Posted April 27, 2020 3 minutes ago, Ska Junkie said: I couldn't receive it at all VftD but hovered over the sender (can't open it obviously) and some URL starting 'BB.abu' or something like that came up. As it wasn't something I recognised and it was picked up by the filter, I deleted it rather quickly. Sorry, should have taken more notice. As part of my job, I can get on to the live NHS systems so you can imagine how tight the security is. Hmm that definitely doesn't seem to be anything like the email I received or those screenshotted by others in this thread. I can totally understand your caution based on what you've described! Link to comment Share on other sites More sharing options...
Nibor Posted April 27, 2020 Report Share Posted April 27, 2020 12 minutes ago, View from the Dolman said: Who was the sender (purported or otherwise) of this email? You never really know with email but it claims to be yes-pay.net and routes via messageprovider.com and worldpay. It doesn't have DKIM or SPF passes. It's just not something people should trust when it arrives in the inbox - I assumed everyone had this sort of message until the other one arrived. Link to comment Share on other sites More sharing options...
pongo88 Posted April 27, 2020 Report Share Posted April 27, 2020 19 minutes ago, Nibor said: Quite likely, just had one through for one of the kids which is just a receipt. The one they sent to me however looks like this: If you follow the link it takes you to what could very easily be a trap. I had the same. It asks me to open an attachment, which I haven’t as opening any link or attachment from an unsolicited email is risky Link to comment Share on other sites More sharing options...
Robbored Posted April 27, 2020 Report Share Posted April 27, 2020 11 minutes ago, phantom said: Best to re-read the thread from the start @Robbored This is the opening line - YESpay Refund Transaction Confirmation Fake eh? Link to comment Share on other sites More sharing options...
MSN Red Posted April 27, 2020 Report Share Posted April 27, 2020 The 'Original Payment Reference No' quoted in the mail matches the reference on the receipt email, from the same sender, when I purchased my 2019/20 season ticket. Link to comment Share on other sites More sharing options...
Genghis Khan's pants Posted April 27, 2020 Report Share Posted April 27, 2020 5 minutes ago, pongo88 said: I had the same. It asks me to open an attachment, which I haven’t as opening any link or attachment from an unsolicited email is risky Yep, mine was this one too. Not touching it! Link to comment Share on other sites More sharing options...
Red Grovesy Posted April 27, 2020 Report Share Posted April 27, 2020 Dissapointed we have heard nothing from the club. Either it's a scam but the scammer has my details that I gave to BCFC or it is from BCFC but makes little sense (one match refund). Either way, BCFC should comment in my opinion. Link to comment Share on other sites More sharing options...
Lanterne Rouge Posted April 27, 2020 Report Share Posted April 27, 2020 If it is a scam you can bet other clubs using the same system have been targeted too - anyone heard anything from mates who have STs at other clubs? Link to comment Share on other sites More sharing options...
View from the Dolman Posted April 27, 2020 Report Share Posted April 27, 2020 8 minutes ago, Nibor said: You never really know with email but it claims to be yes-pay.net and routes via messageprovider.com and worldpay. It doesn't have DKIM or SPF passes. It's just not something people should trust when it arrives in the inbox - I assumed everyone had this sort of message until the other one arrived. Hmm - sounds very similar in source and route to the one I received but mine was as per the screenshots of others in the thread. My email does share some common technical traits with previous emails from YESpay but messageprovider.com does appear to be different though this appears related to Fidelity National Information Services who acquired WorldPay last year (with WorldPay having previously acquired YESpay). Link to comment Share on other sites More sharing options...
Ska Junkie Posted April 27, 2020 Report Share Posted April 27, 2020 16 minutes ago, View from the Dolman said: Hmm that definitely doesn't seem to be anything like the email I received or those screenshotted by others in this thread. I can totally understand your caution based on what you've described! That make sense then. Mine looks like a genuine spam mail rather than the ones everyone else received. I haven't had the same email, most certainly. Thanks VftD and apologies for the bum steer. Link to comment Share on other sites More sharing options...
ever-red Posted April 27, 2020 Report Share Posted April 27, 2020 It's not henbury #ss sorting out I T is it. Link to comment Share on other sites More sharing options...
Dolman Block B Posted April 27, 2020 Report Share Posted April 27, 2020 I have Kaspersky security on my laptop and it as danger Haven’t opened it Link to comment Share on other sites More sharing options...
Redtucks Posted April 27, 2020 Report Share Posted April 27, 2020 2 hours ago, elhombrecito said: I've just checked, and last year's season payment ticket was definitely purchased through YesPay, and the reference used in today's email is the same as the reference on the original payment. And the email doesn't ask you to click on anything. So there's no way this is a scam. Just somebody pressing the wrong button somewhere! Totally agree. Somebody's made a **** up! Link to comment Share on other sites More sharing options...
Olé Posted April 27, 2020 Report Share Posted April 27, 2020 1 hour ago, Nibor said: The one they sent to me however looks like this: If you follow the link it takes you to what could very easily be a trap. I had the same one as you, and agree with all the precautions you've mentioned, although FWIW as I work in the same industry as WorldPay and know them well, I took an interest and safely looked at the content of the attachment to recognise that it wasn't malicious (though certainly a terrible UX that appears like a phishing attack - Yes Pay has consistently dangerous UX). Once opened the form doesn't actually require any sensitive information, it already has your email, I gave my name as God, and was able to open the content which was clearly not fraudulent given it had my season ticket purchase reference and was giving an apparently unusual amount that was actually 1/23 of the season ticket value. I’m absolutely certain it’s the club. As to the different types of email it looks to me from screenshots posted that those that got the receipt in their email directly are using native mobile email clients that securely render the attachment and retrieve the relevant content automatically, whereas those that got the secure file to open are in web based email clients that can’t safely do so and treat as an attachment. Link to comment Share on other sites More sharing options...
Nibor Posted April 27, 2020 Report Share Posted April 27, 2020 4 minutes ago, Olé said: I had the same one as you, and agree with all the precautions you've mentioned, although FWIW as I work in the same industry as WorldPay and know them well, I took an interest and safely looked at the content of the attachment to recognise that it wasn't malicious (though certainly a terrible UX that appears like a phishing attack - Yes Pay has consistently dangerous UX). Once opened the form doesn't actually require any sensitive information, it already has your email, I gave my name as God, and was able to open the content which was clearly not fraudulent given it had my season ticket purchase reference and was giving an apparently unusual amount that was actually 1/23 of the season ticket value. I’m absolutely certain it’s the club. As to the different types of email it looks to me from screenshots posted that those that got the receipt in their email directly are using native mobile email clients that securely render the attachment and retrieve the relevant content automatically, whereas those that got the secure file to open are in web based email clients that can’t safely do so and treat as an attachment. The problem is the form looks exactly like a phish would. It's very likely this did originate with yes-pay, whether as a cock up or on premature instructions from the club. But it could be that someone nicked yespay's database so they'd have all the info you are using to trust them. My point really though was a general one - nobody should be doing the things this email asked them to. Link to comment Share on other sites More sharing options...
East End Old Boy Posted April 27, 2020 Report Share Posted April 27, 2020 5 hours ago, Olé said: A payment authorisation is sent and processed in real time and is shown as pending, a refund isn't necessarily authorised real time (until recently they were only sent overnight) so won't show up as a pending transaction (also some banks/issuers love to drag their feet on mentioning a refund, to sit on a float of money for a day, every little helps - themselves) @Olé Correct! I had a notification last week of a travel refund, via PayPal, which will reach my account in 4/5 days, unlike the speed of the original payment - and it’s taken me 28 days to get this far! Link to comment Share on other sites More sharing options...
BS4 on Tour... Posted April 27, 2020 Report Share Posted April 27, 2020 9 hours ago, jimross2005 said: I've had a email saying I'm due £15.43??? Seems a odd amount Both this season's and next season's season tickets were paid in full I heard of a couple of other people who had £15.43 refunds today ... ?! Link to comment Share on other sites More sharing options...
Guest Posted April 27, 2020 Report Share Posted April 27, 2020 So I've received this email now and everything looks legit. The email headers look Ok and the only thing that causes me concern is, the time stamps are all over the place by minutes, forwards and backwards (seconds, I can put up with, but minutes - I'd expect the servers to be using ntp and not to drift so much). I'm expecting the club to clarify what is going on i.e. is this fubar, legit or something shitty. Link to comment Share on other sites More sharing options...
Redtucks Posted April 27, 2020 Report Share Posted April 27, 2020 28 minutes ago, BS4 on Tour... said: I heard of a couple of other people who had £15.43 refunds today ... ?! ......and I guess that their season ticket for 2019/20 cost £355. Yes? Link to comment Share on other sites More sharing options...
RedLionLad Posted April 27, 2020 Report Share Posted April 27, 2020 Could it be Eddie Nketiah playing tricks on his laptop again? Link to comment Share on other sites More sharing options...
Thornbury Red Posted April 28, 2020 Author Report Share Posted April 28, 2020 Thinking this through. I'll wager that the club have asked their payment provider about potential season ticket refunds. Provider has done some testing but using a copy of live data (which is a big no no under GDPR) and forgotten to redact email addressess. Why they can't come out and admit that though? Dunno? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.