14 DAY TRIAL // Sony PlayStation customers are being bombarded these days with emails that remind them to check their PSN accounts for wallet balances. While the emails seem legitimate, the way they are made scares users, most of them refusing to click the links they contain fearing a phishing scam.
There’s nothing really new with these emails, customers complaining from the beginning of 2011 about them. At the time it turned out that they were in fact legitimate, but now users are again presented with the same types of emails.
So what is so confusing about them?
First of all, they come from a domain called “playstation-email.com”. As many security enthusiasts know, domains of this sort contained in an email address practically scream “phishing”.
Another issue is that email clients show the message as coming via innovyx.net, which even if it’s a legitimate marketing company, in the eyes of the users who are accustomed to permanently being targeted in phishing campaigns, it looks highly suspicious.
According to the Examiner, a few days ago, Sony released a statement claiming that the emails are phony and users should be wary about them.
“The message you received was not sent by a representative of Sony Computer Entertainment America (SCEA). I apologize for the inconvenience and concern that this has caused you,” said a Sony representative.
However, the same source informs that Sony came out with another statement saying that the emails did in fact come from them.
I have contacted Sony for further details, but they failed to respond. Meanwhile, most customers remain confused.
“I had some funds in my PSN Wallet, but I spent them a long time ago. I have no idea how they managed to get my username, but the domain ‘playstation-email’ and the fact that it comes via 'innovyx' makes me believe that it’s a phishing expedition,” says a customer.
Until the situation is clarified, especially since this may be a good opportunity for cybercriminals to send real phishing emails, I advise users to make sure they only access their accounts by directly typing the address of the official page into the browser's address bar, instead of clicking on links received by email.