Jamie celebrated a birthday recently and was mildly pleased when he got an email purporting to be from Rituals – the beauty and cosmetics retailer – wishing him the best for his big day and offering him a gift to mark the occasion.
The catch was he would have to pay a modest sum – of less than €3 – for his present.
“The email had my full name in it and my birthday,” he writes, something which assured him all was well.
But not everything was as it seemed.
“It was linked to a scam site in India that had replicated the Rituals site and asked for card details to avail of the birthday offer of a hamper for €2.
He contacted Rituals after being conned and says that the retailer is “aware of the scam but have told me there is no evidence of any data leak. I find this very hard to believe as the scam email had both my full name and birthday. And I am a Rituals subscriber. How is this information available to scammers without a data leak? I noted that the pricing was also in euros so they knew I was in Ireland or at least the EU,” he says.
He also sent us a copy of the emails he had received from the scammers and Rituals.
The scam email looked fairly legit and was full of congratulations. It contained a simple link to a site where he could claim a lavish hamper for what looked like a steal, at a price of €2.35.
It was in fact a steal – just not the kind he thought.
In the subsequent email from Rituals, the company said that it understood “how alarming it can be to receive fraudulent emails impersonating our brand. Unfortunately, scammers are using Rituals branding to send fake messages like these around your birthday, where they ask to transfer money.
“We would like to stress that this message is not from us. At Rituals, you indeed receive a birthday gift every year around your birthday.
“Please be aware that we will never ask you to transfer any money for this birthday gift. It is important to not click on any links and never transfer any money.”
He was told that scammers “can get your data through various methods like phishing”.
We also contacted Rituals and it confirmed “that no data breach has occurred at Rituals. This conclusion follows a thorough internal and external investigation, which has been reviewed and confirmed by the Dutch authorities. Based on this, we are confident that the scammers did not obtain personal information such as names or birthdays from our systems.”
The statement said it was “aware that scammers have been misusing the Rituals brand to send fraudulent messages. We have been actively raising awareness to help protect our customers in response to this. Our customers’ privacy and security are of the utmost importance, and we communicate that we never ask for money transfers in connection with our birthday gifts.”