This is an email that I received from fitness for less a couple of days ago. My immediate response was that this was a very poor phishing attempt that probably used a PDF vulnerability.
Curiousity got the better of me though, because I remember getting an emai form the gym last year about an extra payment that was for ‘gym improvements’.
I cloned and then fired up a virtual machine that was pretty much disposable and forwarded the email to it.
The pdf was a legitimate one. They were informing me that they are taking a couple of extra ££’s this month.
There are a lot of things wrong here.
The email checked pretty much every known box when looking for suspicious emails.
Fitness for less know my name, yet nothing was personalised.
The email contained nothing at all of value, if you wanted to find out the details you have to open the PDF.
The phraseology feels awkward.
So I replied to the email . I explained that I was not going to open the pdf. I told them that it looked like spam and a very amateurish phishing attempt.
Sadly they just sent me a wall of copy pasted text explaining that they had invested £100k in the website And the payment that they are taking would do towards that.
It’s a shame that they did not spend a few ££s on a decent CRM system that was capable of spitting out personalise emails.
I wonder how many people disregarded the email and are now wondering why their bank account is a little short ??
Share on Facebook