ResellerRatings Store Ratings - View Single Post - WARNING: fotoconnection (eshopperpro4, TVsDepot, TheWizStore, ephotoclub, 1stopcamera

Hagrinas · 05-09-2008, 07:47 PM

I placed an order with fotoconnection.com in July 2005. They had the best price by far. The shipping was fast, everything was as expected, and nobody called to try to sell me anything. Overall, it seemed like a good experience.

Fast forward to today. I got an email, purportedly from PayPal. It was actually a phishing scam. The unusual thing about it was the email address it was sent to. I have a number of domains registered, so when I deal with a merchant, I create a unique email address, so I can cut it off if I start getting spam. The email address that the phishing scam was sent to was fotoconnection@... The tail end of the address is my first name dot my last name dot org so it's not as if somebody just tried random addresses at aol.com or some big provider where it's worth their time trying to guess valid addresses.

That email address was never used by me to send anything. It was used by fotoconnection three times in 2005 to notify me about the order and shipping. It was never used before or after that. It's extremely unlikely that some spammer intercepted it back then and sat on it for three years before using it. It is also extremely unlikely that somebody guessed that email address, or used software that tried random combinations to generate email addresses. If that had happened, it's likely that they would have tried other addresses at the same sub domain. But I didn't get a single spam to any other address at that sub domain.

I can't say that the phishing attempt came from them. I have no way of knowing. But there's no plausible explanation for how somebody got that email address, except that they got it from fotoconnection. It might have been that they are perfectly innocent and a rogue employee stole their data. So anybody reading this will have to judge for themselves and take things in context with other posts.

All I know is that they had my personal information, including address and credit card number, and there is no excuse for not having procedures in place to protect data. I would have reasonably expected that they would use a secured system, and few inside users would even have the capability of dumping the email addresses to a file. I would think that if somebody may have used their system for criminal purposes, they would care. Since it violated their privacy policy, I emailed them at the address they provided. Sure enough, it bounced. There's no such address.

05-09-2008, 07:47 PM	#110 (permalink)
Hagrinas Registered User Join Date: Apr 2006 Posts: 1	See today's most popular deals at » crooks? I placed an order with fotoconnection.com in July 2005. They had the best price by far. The shipping was fast, everything was as expected, and nobody called to try to sell me anything. Overall, it seemed like a good experience. Fast forward to today. I got an email, purportedly from PayPal. It was actually a phishing scam. The unusual thing about it was the email address it was sent to. I have a number of domains registered, so when I deal with a merchant, I create a unique email address, so I can cut it off if I start getting spam. The email address that the phishing scam was sent to was fotoconnection@... The tail end of the address is my first name dot my last name dot org so it's not as if somebody just tried random addresses at aol.com or some big provider where it's worth their time trying to guess valid addresses. That email address was never used by me to send anything. It was used by fotoconnection three times in 2005 to notify me about the order and shipping. It was never used before or after that. It's extremely unlikely that some spammer intercepted it back then and sat on it for three years before using it. It is also extremely unlikely that somebody guessed that email address, or used software that tried random combinations to generate email addresses. If that had happened, it's likely that they would have tried other addresses at the same sub domain. But I didn't get a single spam to any other address at that sub domain. I can't say that the phishing attempt came from them. I have no way of knowing. But there's no plausible explanation for how somebody got that email address, except that they got it from fotoconnection. It might have been that they are perfectly innocent and a rogue employee stole their data. So anybody reading this will have to judge for themselves and take things in context with other posts. All I know is that they had my personal information, including address and credit card number, and there is no excuse for not having procedures in place to protect data. I would have reasonably expected that they would use a secured system, and few inside users would even have the capability of dumping the email addresses to a file. I would think that if somebody may have used their system for criminal purposes, they would care. Since it violated their privacy policy, I emailed them at the address they provided. Sure enough, it bounced. There's no such address.