Beware Fake Gift Card Balance Websites
A reader just ran into a gift card scam while trying to unload an Apple gift card via CraigsList. If you're directed to a website that asks you to put in your gift card information in order to show the balance as "proof" that you're legit, you're being conned.
Sean writes:
I was recently trying to sell an Apple gift card on CraigsList and received a bite from a "buyer" who claimed they wanted the card but wanted me to take a screen shot of the balance from myapplegiftcard.com.
Having been scammed before on gift card BS, I was very wary esp since I didn't want to scratch off the pin for someone who may or may not buy the card. Especially since the woman didn't want to give out any info and pulled the old "you seem sketchy since you won't do this" card to try to put me on the defensive.
I left it alone and relisted my card and got another email from her with the same hey we want it but please take a screen shot, problem this time she screwed up and put mybestbuygiftcard.com. Now I knew something was wrong.
I actually had a gift card from apple that had like $.50 or something on it so I went back to the myapplegiftcard.com site and put it in. Of course it says "this service is not available right now" and tells you to call the number. Pretty much validating spoof status.
On the mybestbuygiftcard.com site they actually just take the full Best Buy balance inquiry page and copy it. I called both Best Buy and Apple and told them of the sites and got the whole "Oh we will look into this."
I just wanted to get the word out ASAP.
Scam sites:
myapplegiftcard.com
mybestbuygiftcard.com
UPDATE: Another reader, Richard, sent in the following tip on how to find even more of these sites:
Try this search on Google using "my*giftcard.com". Way too many suspicious sites pop up.
(Photo: ARTS)
Post a comment
Comments:
Digging around in the code for the Best Buy spoof revealed this target for the form:
[us.1.p6.webhosting.yahoo.com]
And here's the Yahoo! Profile for ja0k2:
Looks like that profile was created today. Not much else on there, though. I fed it fake numbers and it redirects to the real Best Buy page after going to the Yahoo! form.
@joshua70448: And here's the guilty party for the Apple spoof:
That one was created yesterday, matching the DNS info that taking_this_easy posted. I'm going to report these two users to Yahoo! as scammers, myself.
@joshua70448:
fake names? or stupid people?
Domain Name.......... myapplegiftcard.com
Creation Date........ 2009-08-19
Registration Date.... 2009-08-19
Expiry Date.......... 2010-08-19
Organisation Name.... Vilma Mathiesen
Organisation Address. PO Box 61359
Organisation Address.
Organisation Address. Sunnyvale
Organisation Address. 94088
Organisation Address. CA
Organisation Address. US
Admin Name........... Admin PrivateRegContact
Admin Address........ PO Box 61359
Admin Address........
Admin Address........ Sunnyvale
Admin Address........ 94088
Admin Address........ CA
Admin Address........ US
Admin Email..........
Admin Phone.......... +1.5105952002
Admin Fax............
Tech Name............ TECH PrivateRegContact
Tech Address......... PO Box 61359
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94088
Tech Address......... CA
Tech Address......... US
Tech Email...........
Tech Phone........... +1.5105952002
Tech Fax.............
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com
michelle again
Domain Name.......... mybestbuygiftcard.com
Creation Date........ 2009-08-20
Registration Date.... 2009-08-20
Expiry Date.......... 2010-08-20
Organisation Name.... Michelle Boyd
Organisation Address. PO Box 61359
Organisation Address.
Organisation Address. Sunnyvale
Organisation Address. 94088
Organisation Address. CA
Organisation Address. US
Admin Name........... Admin PrivateRegContact
Admin Address........ PO Box 61359
Admin Address........
Admin Address........ Sunnyvale
Admin Address........ 94088
Admin Address........ CA
Admin Address........ US
Admin Email..........
Admin Phone.......... +1.5105952002
Admin Fax............
Tech Name............ TECH PrivateRegContact
Tech Address......... PO Box 61359
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94088
Tech Address......... CA
Tech Address......... US
Tech Email...........
Tech Phone........... +1.5105952002
Tech Fax.............
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com
just kidding... that's a private Whois service that uses their address instead of yours if you register a domain
WOW.... as an IT Tech.... those sites are dam good! Reported them as forgeries via Firefox to google....
@taking_this_easy: Ha, yeah, I just noticed that information. The names are definitely fake, but the PO box is interesting. I did a Google search for that address, and it appears they own a few other scammy domains:
[www.americascareercenter.biz]
[www.clevelandmob.com]
[www.alliance-leicester-uk.org]
[www.kunoichi.info]
And they might have owned others in the past:
[www.xfilees.biz]
[www.soopercu-uplimit23.org]
[www.webtradebureau.com]
amazing people are.
why not;
give to neice/nephew
use for secret santa
use for last minute b'day gift
offer it in trade for work done for you
give to postman/super/hot girl or guy @dentist/dr/accountant office.
@taking_this_easy: Heh, I was trying to pull up info fast enough to be pertinent, and I didn't even notice that the org info matched the obviously-masked admin and tech info. /facepalm
@joshua70448: Keep in mind in these sorts of scams if the user info isn't faked it's most likley someone's stolen identity. Most scammers use a credit card they already scammed to purchase the domains.
Which reminds me, if you need to check the balance on your credit card, post the number in a reply here and I'll check it for you.
Wow, Cybertrust is super useless. Clicking on the cybertrust logo on the fake best buy site tells you that www-ssl.bestbuy.com is verified valid. Folks clicking that link will think it means the REFERRER is valid.
Why cybertrust doesn't put up a huge warning "WARNING: You were NOT REFERRED by a verified valid website! The website you were last on is NOT A VERIFIED WEBSITE." before showing you the certificate information, I don't know...
I put in some random gibberish and noscript kicked in.
[NoScript XSS] Sanitized suspicious upload to [[us.1.p6.webhosting.yahoo.com]] from [[www.myapplegiftcard.com]]: transformed into a download-only GET request.
Pssst... You shouldn't have those links as hyperlinks if they go to SPAM SITES
@Hockeypuck: Aw, ya beat me too it, i'd even go so far as to fudge the site when you post it like myapplegiftcard dot com
@Hooray4Zoidberg: Good sleuthing guys, it's the ease of doing extensive detective work like that makes me love the internet so much.
@shepd: Because if you went from Google or any other legitimate website to an SSL website (such as www-ssl.bestbuy.com) it would also display the message, making it a completely worthless warning. It's just not how certificate authentication works.
1) NEVER buy a gift card on Craigslist (or any other second-hand site)
2) NEVER sell a gift card on Craigslist (or any other second-hand site)
Isn't that easy enough?
Use it yourself or give it to someone for free.
Can you check balances of these at other sites? I mean obviously these are scammers, but an obvious end around is to go to a site that's legit and give them teh same thing...
@DPGumby: Using it yourself is fine if you actually want something from that company. Sometimes people get a refund from a place they don't ever want to shop at again, or just don't need anything from now. Or Apple stuff is all very well, but they need to buy groceries.
"You might get scammed out of this, so give it away free" kind of misses the point of people actually wanting to keep their money and find a way of spending it on something they want.
@coren: For Best Buy, you can do it directly at their site. But a screen print of the balance would only be valid as of the second it was printed, I could turn around and use the card right away before selling to somebody. I agree with DPGumby above, use it yourself of give to to someone for free.
@DPGumby:
Gah, never bothered to look up if most browsers will return an referrer header for HTTPS. Most don't. That's smart, but they *could* have safely let it at least pass the address minus the location/GET info, which would then make all this work just fine.
Back to the drawing board, I suppose.
@Ronin-Democrat: Maybe he needed the money? Maybe he doesn't know anyone who would have use for an apple gift card? (I sure don't.) Why is regifting or trading acceptable, but reselling isn't?
It would be so nice to see them put as much effort into doing something positive as some seem to put into scamming folks.
Can't they use their powers for good?!?
1. Buy item(s) with the gift card.
2. Sell item(s) on CL, eBay, Amazon, etc.
Problem with selling nonredeemable-for-cash-gift-card averted.
If you check the source of the Apple one, you'll see they're also hotlinking Apple's assets (CSS and images) directly from Akamai (the CDN Apple uses). They couldn't even be bothered to host the CSS themselves.
@tbax929: I've pretty much sworn off Craigslist. Bought a refrigerator, assured it was in perfect working order, and the compressor died within a week. Inquire about a part time driving job, and got an email response that read almost like a Nigerian 419 scam. And that's not even getting into the very sketchy world of the personals section there.
Something tells me the "Wild west" was a fair bit more civilized than much of what regularly goes on via Craiglist.
@larrymac: Not to mention it is easy to doctor a screenshot... Paint would be sufficient. If you are on a Mac, you could (1) save the HTML page, (2) change the balance in the HTML, (3) reopen in browser before taking the screenshot (just eliminate the URL from the screenshot).
Screenshots are generally worthless.
I am an IT admin so I was naturally curious to check the source code to trace the scammer. Wow. This is one of the best scam sites out there. They did a really nice job of covering their tracks with the exception of the FORM posting url. This is the one area NO scammer can get away from. Their form has to go somewhere and it definitely won't be the legitimate destination.
The scammers form posts to
"http://us.1.p6.webhosting.yahoo.com/forms?login=a02h0sa"
Whereas the legit apple store form posts to
"https://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore.woa/9544002/wo/R87XTKQMJ3ww2IgdZob1lC1QGEU/3.0.26.9.5.1.0.1"
Notice the https in the legit form.
Apple should contact Yahoo to have this server account terminated. In the meantime, I have also reported the two sites to Google as forgery sites via Firefox.
@mianne:
And other places. I got burned on a CD purchase on ebay. They sent me a bootleg when I thought I was buying the original. Then when I left negative feedback, they left negative feedback on mine. I was done with them after that.
I am so sick of scam artists. Whatever happened to earning an honest wage for an honest day's work?
That's a pretty good scam.
@Hockeypuck: My goal was to intentionally try to intercept some Google traffic on them for future searches, because right now there's not enough good info out there for the casual user trying to research them.
My Google Juice skillz, they are no good. Is my idea flawed?
@macxprt: You must not have seen very many spoof sites. This is a pretty typical example and can be built in just a few minutes without much tehcnical knowledge. A legit web page is cloned and the POST URL is altered to direct to a script on the scammer's web host that emails the form details back to him. Very simple. very common.
@mianne: i have excellent luck when i am getting rid of things for free though. i post pictures and an ad on craigslist that says 'this is the stuff, this is where it is, don't ring the bell, don't email, i'll delete when it's gone.'
i've had people hauling my [former roommate's abandoned] junk away before i finished getting it all the curb after an ad like that.
You people are amazing. I wouldn't have had the slightest idea to research something like this and I don't consider myself a tech noob. Well done.
@bullwhip6: The only reason I would have been somewhat suspicious about those sites is because they ask for the PIN/security code. There's no reason they need that. Otherwise, the sites look frighteningly legit.
@Chris Walters: You might pick up people searching for those sites to research them, but my feeling is you'd more likely raise _their_ pagerank instead by having a highly ranked site such as the consumerist post a direct link.
If someone types myapplegiftcard into Google, they don't get the site, and Consumerist is actually the first hit. I think text would be fine.
both sites are down as web forgeries...high fives to the reporters!
You can verify all your gift card balances at [giftcardbalancenow.com] The site points you to the merchant websites or toll free number to verify your gift card balance.
They should use firefox. Firefox blocked the site automatically.
It would be fairly easy to set their site up to display the balance itself. For example if you can check the balance on the apple site all your form needs to do is send the card number to a processing script on your server that would be able to request the apple page itself, for example using XML-HTTP request, and then send the response back.
Domain Name: MYAPPLEGIFTCARD.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: [www.melbourneit.com]
Name Server: YNS1.YAHOO.COM
Name Server: YNS2.YAHOO.COM
Status: clientTransferProhibited
Updated Date: 19-aug-2009
Creation Date: 19-aug-2009
Expiration Date: 19-aug-2010
just created?