Tuesday, May 03, 2011

Email from "SOE". Phishing or Legitimate?

Today email has been sent from "Sony Online Entertainment" with the URL of soe.innovyx.net. It has the Subject: "Important Customer Notification". It is a copy of the statement SOE posted on their website.

This email is highly suspicious. All of the links on the page, even though they appear to be to places like www.annualcreditreport.com, www.experian.com, and www.consumer.gov/idtheft, actually lead you to soe.innovyx.net.

Since SOE has reported that hackers have gained access to the email addresses of SOE customers, all email should be suspected of being fake.

It is highly recommended that you be wary of any email purportedly from SOE. Do NOT click on any links you find in such email. Instead, type the address you wish to go to into your browser address bar.

UPDATE: A SOE customer service representative on the phone stated that SOE did indeed send out email to their customers on this. Therefore, the email may be legitimate. However, the warning to be cautious and to NEVER click on email links but to type them in yourself is still good advice.

UPDATE: SOE's web site at https://www.soe.com/securityupdate/ says the following:

A press release was issued May 2, 2011 outlining these details. We are sending customer service notifications via email to all of our impacted account holders whose customer data may have been stolen as a result of an illegal intrusion on our systems. These emails will be sent by Innovyx, our third party email distributor, and will contain either 'soe.innovyx.net' or 'soe.sony.com' in the sender field. [Bold added]

So this email appears to be legitimate.

1 comment:

Anonymous said...

The post at https://www.soe.com/securityupdate/ has valid links to the credit and governmental sites, while the email has hashed links to http://soe.innovyx.net/. For example the link in the post to http://www.annualcreditreport.com translates to /http://soe.innovyx.net/r?xnJcJWqEnEWvnlcTlJv in the email. The post also states that SOE will not try to contact you in any way. The email is a scam.