PlayStation Network Support
24 Jun 2014

Beware of fake email claiming to be from SONY containing link to a FAKE SONY site

14 replies

Last month I received an email that was supposedly from SONY..  This email told me that my sign in information had been successfully changed.  This email contained 2 links to actual SONY sites, and one very suspicious link to a site that starts with http://en.support.sonyentertainmentnetwork..............   I spoke with SONY support today and confirmed this email did not come from SONY, and that link is NOT a SONY website..  The SONY rep also told me that I would never get an email from any SONY Europe representatives since I am a US resident.

 

The email came from the address sony@email.sonyentertainmentnetwork.com

 

If you receive this email DO NOT click the links, especially the one starting with http://en.support

 

I believe it is some kind of phishing scam to steal login information..  I am in contact with Norton Internet Security trying to determine the nature of the site..  Will post more information in reply to thread when I have it..

 

 

Here is the text included in the email with links removed..

 

 Sign-in ID Change
 
 
This email confirms that your Sony Entertainment Network sign-in ID (Email address) has been changed successfully.

If you did not change your sign-in ID...

This email has been sent to you because the sign-in ID (Email address) for the relevant Sony Entertainment Network account has been changed. If you did not change your sign-in ID, please contact Customer Support at the following address:

 
 
 
 
The Sony Entertainment Network Team
Sony Network Entertainment Europe Limited

 
 
This e-mail message has been delivered from a send-only address. Please do not reply to this message. For more information about your Sony Entertainment Network Account, please visit the links below.

 

  • Box9Missingo (Support MVP)

    Thanks for the heads up, Jedi_Capricorn.

    0
  • I got this today as well.. I could tell it was fake. But it could be very convincing to a kid that does not know what to look for. Took a SS of the main page. BEWARE!

    sony.jpg

    0
  • chaos_789 (Support MVP)


    SWAMMIE wrote:

    I got this today as well.. I could tell it was fake. But it could be very convincing to a kid that does not know what to look for. Took a SS of the main page. BEWARE!

    sony.jpg


    What was the e-mail you recieved for, https://account.sonyentertainmentnetwork.com is an official sony website, which is used to manage your PSN account.

    0
  • vfr_800_rider (Support MVP)

    

     

    If there is any doubt change your account password using your console.

    0
  • Did you notice that when you sign into this site, you go to:

         https://id.sonyentertainmentnetwork.com/signin/

    If you ask to reset your password from this site, it will send you another one of those emails that spooked you.

    en.support is a sub-domain to sonyentertainmentnetwork.com. sonyentertainmentnetwork.com

     

    I commend your healthy paranoia, but I don't think it quite hit the mark this time and the rep doesn't know what they're talking about. Though sony could help the situation by not running multiple domains.

     

    0
  • TwinDad (Support MVP)


    ZUUL426 wrote:

    Did you notice that when you sign into this site, you go to:

         https://id.sonyentertainmentnetwork.com/signin/

    If you ask to reset your password from this site, it will send you another one of those emails that spooked you.

    en.support is a sub-domain to sonyentertainmentnetwork.com. sonyentertainmentnetwork.com

     

    I commend your healthy paranoia, but I don't think it quite hit the mark this time and the rep doesn't know what they're talking about. Though sony could help the situation by not running multiple domains.

     


    The post is over a month old. Also this would not be the first time the phone/chat support people have been incorrect. There is a markting company that sends out Official Sony emails, they also didn't know that it was legit.

    0
  • Today I received one of these emails, IT IS DEFINITELY A PHISHING EMAIL.

     

    Just look at the grammar " This link expires hours from the time that it was sent" Sony would never use grade school grammar like that, also the site it redirects you to doesn't require you to eneter your date of birth like the real Sony one does when changing your password.

     

    Untitled.png

    0
  • Just realized how I was compromised.....

    For some reason, all of my devices were deactivated and an unknown PS4 had my account as primary on it. So I can't remotely deactivate it either until 6 months later and I'm sorta stuck here while a hacker somewhere enjoys my stuff.

    I checked through my email and one password change mail had the same exact mistake as the one in your screenshot while also missing the usual "&request_locale=en_**&service-entity=psn" at the end of the reset token link.

    0
  • i havent gotten another suspicious email since i made this post but i am sad to see others have..  be alert and vigilant!

     

    0
  • TwinDad (Support MVP)

    If you get a message like this, it could be from Sony or not. However, you need to check, if it is actually from Sony somebody is trying to compromise your account, and it should be your alert to action. Such as changing your password, or enabling 2 step verifcation.

     

    If it isn't from Sony, then ignore it.

     

    Check the links to see if it is from Sony, if you can do so, then read the email headers. Determine as best as you can if legit, do not ignor legit emails.

     

    Never click links in an email, always type them your self in the browser. The URL you see in the email isn't necessarily what the click will take you to. The picture of the email shows Sony URLS, I'm not so sure what the destination URL is, and could be phishing. Always go to a known Sony URL, and look for what you need.

     

    https://account.sonyentertainmentnetwork.com/ is a legit link for account management.

     

    https://support.us.playstation.com/   is the link for help, one there you can find links to reset passwors, and other items.

     

     

    0
  • Hi everyone, 

    Just got the same 3 emails today.

     

    0
  • Good rule of thumb I practice is avoide clicking through emails if at all possible unless it is something you specificalyl requested like a password change and it shows up in a few seconds. If you need to change your password, go to the website yourself and log in, do not click links in emails. Trust no one and keep your aluminum foil fresh!
    0
  • Hi,

    BE CAREFUL WITH id.sonyentertainmentnetwork.com

    I want to revive this post as it's one of the top results from Google.  I tried to recover my email address and went to this site id.sonyentertainmentnetwork.com.  A Sony rep said it is not official.  They wouldn't comment more on it.  The domain sonyentertainmentnetwork.com is legitimate but maybe the subdomain is being spoofed.  Not to be confused with account.sonyentertainmentnetwork.com which is their legitimate site.  But both domains do resolve to different IP's on what it seems like different subnets.

     

    Here is my chat transcript.

     

    Maria: Hello, My name is Maria how may I assist you today?
    Me: Hi
    Me: I reset my password, but there are two urls that are different and I am worried that one of them is not legit
    Me: https://id.sonyentertainmentnetwork.com/id/reset_password/#/reset_password/change?entry=%2Freset_password
    Me: https://account.sonyentertainmentnetwork.com/liquid/external/auth/login.action
    Maria: I will be more than happy to assist you to recover access to your PSN account. You can count on me! We are here to help you.
    Maria: To begin with, may I please have your phone number, to update your information in our system?
    Me: I already recovered my password. But I need to know if the first url is legit or not.
    Me: As I already entered private information on to that website.
    Me: If it is not legit, I will need to change security questions for numerous other accounts.
    Maria: The one we send is https://account.sonyentertainmentnetwork.com/liquid/reg/account/forgot-password!input.action
    Me: OK, so id.sonyentertainmentnetwork.com is not a legitimate site?
    Maria: Our official site to log in is: https://account.sonyentertainmentnetwork.com/login.action
    Me: But can you confirm if id.sonyentertainmentnetwork.com is owned by Sony? Or is being spoofed?
    Me: If Sony owns it, and it is just a alternate site, or a legacy one, then I am fine.
    Me: If it is being spoofed, I will need confirmation as I have entered private information on that site.
    Maria: Please allow me a moment while I research this for you
    Me: Thank you.
    Maria: Thank you so much for your patience, unfortunately this is not a Official Sony website.
    Me: Crap
    Me: So it is being spoofed?
    Maria: We need to mention there are some websites that are not official, Jack.
    Maria: In order to add an extra-security method to your account, we also recommend you to enable two step verification feature, here is a useful article that guides step-by-step on how to activate it:

    https://support.us.playstation.com/articles/en_US/KC_Article/2-Step-Verification-on-web-browser-or-PS-App/
    Me: Not official as in, it is being used as a phishing site?
    Me: Im not too worried about my security on my PSN network as so much as other sites that now have my private security information.
    Maria: We do not recommend you log into non official Sony sites, Jack; you can also contact us though this site to help you to update your account's information.
    Me: haha, I don't recommend anyone logs into non official sites either.
    Maria: I would like to know if is there anything else I can assist you with today?
    Me: Nothing else.
    Maria: Thanks for chatting today and for being part of the PlayStation Family! Have a great rest of your day!
    The agent has ended the chat.

    0
  • I just want to add an ammendment to my post above.  I went to my account on https://store.playstation.com/#!/en-ca/home/main

    Then went to the two-step verification link and it takes me to https://id.sonyentertainmentnetwork.com/id/management

    So I don't think the people at Sony know what they are doing.  Pretty frustrating if you ask me.

    0