Snap-Phish

This email, allegedly from HP’s Snapfish photo printing service, just arrived in my inbox. Is it a phish, or – maybe worse – is it the most inept promotional email ever? (Click to embiggen.)

The random capitalisation starts in the subject line: “FREE 20 prints”. Also they want to 3nlarg3 my p3nis with H3RBAL V1AGRA.

Thank you for using wireless@Sg and signing up with iCELL account. With this account, we provide you with a FREE 20 4R prints for your use.

I’ve only seen worse grammar than this in two places: Youtube comments and Nigerian scam emails. Do they also have thirty million dollars from the estate of general Sani Abacha that they want to transfer into my bank account?

Your photo account has been created for you at:

Username: [deleted] | Password: snapfish

I do actually have a Wireless@SG account, and the username (the email address I registered with) was right. But have they just gone and created a million or more Snapfish accounts, one for every Wireless@SG user, and all of them with the same password?

I give it fifteen minutes before some pimply internerd launches a dictionary attack on Snapfish, guesses a bunch of Wireless@SG usernames, and prints himself twenty million pictures of Angelina Jolie.

Also, they’ve nicely preloaded the account with my full name – so if you’ve got someone’s email address and they might have a Wireless@SG account, you can try logging into Snapfish – and if they do have an account, you’ll have their full name. Maybe even their address and their credit card details, if they’ve saved those and haven’t changed the password.

OK, fine, maybe this isn’t a phish. Maybe this is just an incredibly stupid promotional offer. But what self-respecting PR team would send out a promotional email without even running the spell-checker over it?

Your’s Sincerely,

Snapfish Singapore Team

“Your’s”?

Bad grammar, an invitation to click a link and supply my logon details (and my address and my credit card), and one or two million accounts all with the same password?

Totally a phish. A huge company like HP (Snapfish’s owners) would never send out something this clumsy. Right? Right? Right?

This entry was posted in Rant. Bookmark the permalink.