I wanted to alert users to a potential scam. I received an email this morning purportedly from Ariannol@saysomethinginwelsh saying payment had been declined by my credit card. However the email is actually from ‘bounce+core+nohnoilztauv@return.recurly.com’. The email asks me to re-provide card details.
Unless SSIW can confirm this is correct, best not to respond I think.
5 Likes
Thanks Nigel - that does look suspicious. I’ll report it to the admins, plus double-tag @aran @Stine @Iestyn
2 Likes
Well spotted, these scammers are a nightmare. I had a phone call from someone saying they were PI’s and they’d seen my husband with another woman. It must have been in heaven because he passed away in January. They wanted money for extra information. I had to take call blocking off because of my consultant calling me. very cruel 
2 Likes
Definitely best not to respond until we get confirmation - @Kinetic is the one who needs to take a look at this - I’ll flag it up to him for you… 
1 Like
Hi - no, that seems legit. Recurly is the name of the company who provide our card payment processing and recurring billing services, and they send emails relating to card payment matters (confirmations, and stuff like this) on our behalf. I’ve also checked your account and can see that there was indeed a declined payment yesterday, so unless the hypothetical scammers are very clever indeed, I’d say this was genuine
However, I also notice that you’ve already updated your card details, perhaps via our own site rather than via the link Recurly provided. Either way, issue is resolved!
1 Like
Hi, apologies it was legit. Having had some internal company training on IT scams recently, it seemed to tick all of the boxes.
Nigel
1 Like
Always better safe than sorry with this type of thing - long unfamiliar email address should always raise suspicions, even if they turn out legit in the end, it’s good practice. Glad it’s all sorted now.
2 Likes
In general, never reply to a message like that using a link in the email.
I don’t know why the billing agencies haven’t twigged to this - they should provide a URL, yes, for convenience, but not as an active link. It’s too easy to redirect a link, and that’s something scammers know.
If you get something like this, or a communication from your bank, just log into your account the way you normally would - NOT through the email. Much safer.
Hi @nigel-12, definitely better to be safe than sorry so I’m really pleased you flagged it and that @Kinetic was able to confirm it was legit. There are so many scammers around these days, sadly.
Just as a general tip for all of us is that if an email is addressed to you as ‘Customer’, or to your email address only is likely to be a phishing attempt. But we’re always happy to check something’s genuine 
1 Like
Yep, definite. If anyone ever receives something they’re in any doubt about, please forward it to admin@saysomethingin.com and ask us whether it’s legit
1 Like