YesAsia.com Fake Order Scam – Also from Play.com

The Internet Patrol default featured image
Share the knowledge

A new batch of scam emails purporting to confirm your order with YesAsia (YesAsia.com) and Play.com went out this week. The scam relies on your freaking out when you see confirmation for an order you did not place, so that you will click the link to see “the order”, but of course, the link really goes somewhere else – in this case to some bad stuff being hosted on the iafrica.com website (in the case of our sample, it goes to “http://newsletters.iafrica.com/servlet/link/33/1082/140693/41003”).

Here is a sample of the scam email from YesAsia:

From: noreply-global@yesasia.com
Subject: Your Order (447041987) has been successfully placed
Date: August 27, 2011 10:33:33 AM MDT
Reply-To: noreply-global@yesasia.com

Thank you for shopping with YesAsia.com, the No.1 Online Asian Entertainment Store. Your order (Number: 447041987) has been successfully placed. We will process and dispatch your order to you as soon as possible.

To view details of your order go to : yesasia[dot]com/global/en/secure/ordertracking.html?order=47041987

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Username :
Order Number : 447041987
Payment Method : Credit Card
Shipping Method : Express
Number of Suggested Shipment(s) : 1

Item Description Catalog No. Quantity Unit Price (USD) Total (USD)
Logitech QuickCam Ultra Vision 1004715754 1 207.99 207.99
Freecom Hard Drive 3.5″ External Hard Drive 500GB 1004777221 1 229.99 229.99

Sub-total : USD 437.98
Tax : USD 0.00
Shipping (Express) : USD 45.49
Order Total : USD 483.47

Once your payment has been received and verified your payment, your order will be processed. The estimated availability information shown during checkout will only apply after your payment has been verified.

This order confirmation has been automatically generated by our order tracking system.
Should you have any questions about your order, please visit the following website for updated order information details at “My Account”.

Thank you for shopping at YesAsia.com, , and please come again!

Yours sincerely,
Customer Service Department
YesAsia.com

 

So, yes, this is a scam, and no, don’t click on anything in the email!

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

105 thoughts on “YesAsia.com Fake Order Scam – Also from Play.com

  1. Im a little scared now cause I just made an actual orde on yesasia.com so I really hoping they aren’t involved in this scam and that I didnt just give my info to a bad company

  2. I did click on the order link that invited me to download a ZIP file. Downloaded but didnt unzip it .The download was then checked by my anti spyware software (Spyware doctor) that said it was suspicious so i deleted it and the e mail then ran a full scan. All clear …… for those users that dont subscribe to a highly rated paid spyware programmes your system can be checked by Trend-Micro housecall as an alternative method.

  3. Just to follow up on my previous comment. I rang Pay pal. I told them of this page and all of the concerns. I also contacted my bank as far as my credit card and they told me that they were aware of this scam and advised me to cancel this card(used for pay pal /ebay). I changed my email address I use for both ebay and pay pal and changed my passwords. When you click on the link in the YESASIA email it appears that nothing happens when in fact it downloads a VIRUS.. This virus was NOT picked up with a Quick scan with my anti virus security. I had to do a FULL scan, which took About an Hour and a Half to complete. WELL Worth the time as this picked it up. The virus was then removed. The email I received did not have my name. I changed passwords and email address of my Pay pal and ebay accounts the week before. The email went to the old email address. I would urge Carole to do all of this. I am not a computer expert either. I read this advice somewhere after my email address had been hacked,a week or so ago. After I removed the virus I then changed all passwords and email addresses which is quite easy to do on both Ebay and Pay Pal.
    I hope this helps somebody. Good Luck to all.

  4. Lord knows where they got my details from, they used my ex-husband’s name and my email. My paypal account used to be in his name but that changed over a year ago now. So glad I didn’t click the links

  5. In response to Tom – as mentioned before I have two Paypal accounts and there are no sellers with whom I have used both accounts. (The second one is little-used). I received the messages at both account addresses. The ONLY place where both those addresses are stored in the same database is Paypal. It can’t be a seller. It’s got to be Paypal.

  6. I received same email 3 days ago and immediately contacted Yesasia by fax asking them to confirm the email was a scam but absolutely no response from them by either fax, email or phone.Thankfully, I didnt try to open any of the links and have contacted my credit card company who confirmed no payments have gone out but also advised they have received a number of calls concerning this email and have a note on their files not to remit payments until customers have been contacted.

  7. Hi I got this e mail and totally panicked i was trying to open the links to see which card was being charged. I tried lots of times but it would not open. I am a computer novice have I damaged my computer ? and will money have been taken from me? what should I do

  8. Perhaps we all have been customers to certain seller or group of sellers via ebay like in Asia or somwhere and they have our details like email and name but nothing more and those details have been sold or given or leaked to scamers somehow.

  9. Hi people – I also contacted PayPal last night. I, too, would urge everyone to contact them.

  10. Well done, Rog — I second the recommendation that everyone ought to contact PayPal, and I would add that people ought to cite this page in evidence. I did so on Thursday after seeing all the comments after my own that implicated PayPal. So far I have only had back from them an automatic message about safeguarding against phishing, but I hope someone there will actually read what I wrote.

  11. I have emailed paypal about this matter and look forward to their response.

    I suggest EVERYONE who gets this scam eamail should also contact paypal

  12. Looked into this more and it is paypal they have all this from just hope someone as reported to paypal

  13. I share the worries about full name linked to email id. This must have been stolen or leaked. The specific name/email connection for me only exists with PayPal. Hope they are checking for a breach.

  14. Got this email this morning. Stupid me opened it then cheaked only to get to this page. I then ran a quik scan.Microsoft Security essentials, Nothing showed so I thought I better do a complete scan and there it was-Severe threat. So make sure you thoroughly scan. When I clicked it came up blank but still downloaded the Virus onto my computer. I hope thats it. Also changed my Ebay and Pay pal passwords. Thanks everyone for the info.

  15. This must be eBay or PayPal as I use unique email addresses for everything I sign up to and they have my real name. This email address has never been used on Amazon.

    I doubt it’s a rouge seller or buyer – could be an employee.

    I’m not too happy about this.

  16. It cant be paypal because they sent me one to an email that’s for work but it had my full name on which i don’t use anywhere and the email is not related to my name in any way

  17. Sorry – got that the wrong way round. What I meant to say is that I am certain that there is no one to whom I have made payments from both accounts, so the source has got to be Paypal itself.

  18. I know that Paypal shares addresses with those to whom I send money, but I have two separate Paypal accounts in two different countries, and I am fairly certain that I have not used the same account with two different people, so the source can only be Paypal itself, or perhaps a rogue employee.

  19. Interesting that, as per one of our friends earlier (Diane), the address ‘yesasia’ used for me is a) one which is used for eBay/PayPal and b) a webmaster address. Correct full name is *V* worrying …

  20. Thank you Thank you so much for putting this up so quickly I received the e-mail and freaked but google it and you popped up well done you have given me peace of mind

  21. I have a unique email address system so I can see that the email address they have is the one I use on PayPal/eBay.

    PayPal shares my email address with every seller I buy from. It’s likely that this is where the leak is happening.

  22. I had two copies of the Yesasia fake invoice scam email today, at two different email addresses. What’s interesting is that these two addresses are uniques associated with my two Paypal accounts and have never been used for anything else. And I was being addressed by my full name so the scammer has more than just my email address. I rather suspect the data was stolen from Paypal.

  23. I’m wondering if any of the commenters here are PS3 users. The email I got was addressed to me, and the only way i can think of them getting this is through the Sony attack.
    ?

  24. Real Name Use – some ideas: Could they be taking your real name from the domain name registration contact details? It’s the only link between my real name and the e-mail address they used to contact me. Just a thought…

  25. Got this email today but in my haste to get it sorted tried to contact the seller and tried to see what the address was but in the mean time have contacted my bank to change my card asap.could not get any response from this yesasia site but sent a stinkng mail to tell them they are being used so I am hoping nothing has been dropped into my Pc,any advice would be so very welcome,Cheers Guys.Mike B.

  26. It has become more sophisticated. The false link goes to yes-asia-payment-services.com now.

  27. Hi, I am a webmaster and have just received the yesasia.com email. My fear is the only reason I receive emails on this certain address that is linked to the real name of the client is via paypal. Are anyone elses emails used with paypal and there real name? If so please email me. dyan@peterspence.net

  28. I just had this email from yesasia, it was sent to an email address that I have only ever used for ebay and it had my correct name in it so I am guessing that an ebay seller is passing on the details to the scammers.

  29. I’ve just received this email and unfortunately beacause I was expecting an invoice (from a different company) I clicked on the link.

    What are the possible consequences of this? It’s quite worrying, although I think my security software has blocked it

  30. Hi. Got the sacm email today – with the name of my former boss I used to buy for him something from EBAY and AMAZON – and there was ONLY two places where my email address ( company email btw) was related to his name. So it looks somehow ebay or amazon database has been hacked ,not really good think for anybody…

  31. I received the same fake order from Yesasia.com. Same order number, items and totals as others – but they did change the account name and addressed me by my trading name. Did not download the file – but did check no transactions in place with my credit card company.

  32. Just got one of these using one of my two middle initials – only people to do this are usually Paypal and Halifax Bank (UK).

  33. Have just had the same email – somehow they have got hold of the email address i use for eBay & Paypal, plus my full name – makes it quite scary really. The only way they could do this is either via those sites (unlikely) or through an eBay supplier.
    Looking at the mail header I think it originates from powermta.vhmailer.com

  34. Hi just had the same email but it had my real name on which i never use on the internet so god knows where they found that

  35. Had the same email for an account at work, all the links within the email were to the site “yesasia-payment-service.com” and a suspicious looking ZIP file. Avoid!

  36. Just got hit, but knew better than to click on links. I too am seriously worried about their having my real name. FWIW, according to my verbose header, the message originated from powermta.vhmailer.com; whois tracks the domain down to one Tom Anderson in Sydney, registered in Russia (go figure). Spambot or villain?

  37. Just got my version this morning, and this was the first site Google throw up to confirm it’s a scam. Thanks. And damn! – going to have to consider changing email address again, now …

  38. I received this exact e-mail what do i do about it. there is no telephone number for me to call anyone. i don’t own any credit cards.

  39. I just got the same email. I was all set to go to the bank tomorrow and tell them to stop payment for fraud.

    It has me a tad worried that they had my name. I have never ever ordered from YesAsia. And I have never heard of Magneto either.

    I see someone said they got billed for $220. I will watch my bank account, I don’t have to worry too much as my bank won’t cash anyways as I only have $1 in the bank. Still they could cause me overdraft fees.

  40. I got in touch with Magento’s customer support. They admitted the malware is coming from their site. Here is the transcript–

    Chat transcript:
    Visitor: Can you remove my account and email address from your system please
    Willeke: hi
    Visitor: hello
    Willeke: of course, can you please tell us what is the issue?
    Visitor: I want you to remove my email address and account.
    Willeke: yes, is there any special reason for this? just for our information?
    Visitor: Yes I am receiving spam email after I joined your site
    Willeke: from athleta.com?
    Visitor: exactly
    Visitor: see you know it
    Willeke: it s a global issue and we are on top of it
    Visitor: You either sold my email address or your security is shit
    Visitor: can you just close my account pls
    Willeke: our netops already detected the malware and blocked the issuer
    Visitor: I dont care
    Visitor: just close my account
    Willeke: ok open a ticket please
    Willeke: we need a ticket

  41. It looks like the spam came from MAGENTOCOMMERCE. Somehow the members’ names appear on the community site. The email is probably farmed there automatically.

  42. I contacted Athleta.com regarding the fake orders. they replied confirming that there are fake orders being sent. Below is the information.

    Thank you for your e-mail. We have verified that the correspondence you received did not originate from our company and was developed without our knowledge. Please be assured that none of the orders #12YWKEG, #16YWB0G, or #15YNB0G are legitimate orders, and athleta.com has not charged your account. For your protection, we recommend that you not click on any links or open any files from within the email.

    We appreciate you bringing this matter to our attention and look forward to shopping with you in the future. If you have any additional questions please contact us at custserv@athleta.com or by calling 1-877-3ATHLETA (1-877-328-4538).

    Sincerely,

    David
    Customer Service Consultant

  43. I’ve ordered from YesAsia a few times and never had any problem with them. Just lucky?

  44. I received the ATHLETA FAKE invoice today. Surprised they had my first and last name.

    Called my credit card companies first, then googled fake athleta order and saw several notices on the web about this.

    This is probably one of the most advanced scam emails ive seen.

    Almost got me fooled, I can’t imagine those who are less savvy would be better protected.

    I’d like to know how they got my full name. Makes me think a mailing list was sold or stolen.

  45. I’d just like to add that a similar scam email is being sent out from Athleta.com. Watch your inboxes if you received the YesAsia email, you will likely receive this one as well.

  46. I was impressed that their spamming list had full names embedded into the letter. Usually they just use “Dear Zzzzz,” from zzzzz@youremail.com. This time it said “Dear My Real Name,” Next year they’ll have our shipping addresses too. And your mother’s maiden name. And your first pet. We’re doomed.

  47. Got the same scam, but I got a 1TB drive for the same price as your 500GB drive… you got robbed…

    Actually, thanks for the post. Haven’t seen something like this for a long time. Was unsettling for a minute.

  48. Got the same e-mail today (9/16/11) to my work e-mail address. Almost fell for it as I had a fraudulent charge on my credit card yesterday and I was afraid it happened again. Just a coincidence I guess!!

  49. I got the email – clicked the download link (to my Mac) -deleted the download after seeing it was not readable, checked my bank acc. online – approx. $220 has been taken out by Amazon.com1 —– i have not placed any order with them. This is not good!

  50. I received the same exact e-mail on Saturday. Of course I called all of my cerdit card companies and found nothing had been charged.

  51. thank you, thank you, thank you!!!

    This is exactly what happened to me this weekend. I was smart enough to not click on to anything as I figured it was a scam. but, how do they get my email address?

  52. I just got one in my gmail account this morning. Unfortunately I clicked on the invoice and something was downloaded to my PC.

  53. I got this email as well yesterday & freaked completely out. Yes I clicked the link to open but my co-worker said stop & ran a virus check for me. I also googled yesasia & called the toll free # which was disconnected. I also called my bank immediately just to be certain.
    This website is a blessing, THANK YOU SO MUCH.

  54. THANK YOU!! I got this email too, but didn’t open anything, thinking it might be a scam. Thank you for confirming my suspicions.

  55. I also received the same email – I tried to open it using my droid phone. What should I do?

  56. I did try to open the link but thankfully nothing would open. but im still checking my accounts to make sure nothing has been charged. im glad i found all these posts!!!!

  57. I just got a scam email from yesasia.com. telling me thanks for my order which i did not make. stupid me clicked on the links but then i deleted it and am running a scan on my computer.

  58. I got this email Saturday, and like an idiot clicked the link…but my computer saved me by telling me it was trying to download a program. That alerted me and I stopped it cold. Having had someone in India charge $15k to my CC makes me a little leary. I was also wondering how they got my name and email, but another site suggested they are getting it through facebook, which I JUST signed up for. Think I’ll close my page.

  59. Thanks so much I first called my bank credit card company the phone no. On the web site no response it was so nerve wrecking is there any thing we can do to avoid this

  60. I also received this email, but researched it before I clicked on anything. I wonder how they got our email? Thanks for posting!

  61. I just got email like this today..I’m freaking out while i’m reading this email..OMG..what’s the hell this people trying to do???

  62. Oh wow! I almost freaked out! The link didn’t take me anywhere! Google blocked it.

  63. Thanks very much. My wife was pretty confused when she got the YesAsia scam email – it sure looks legit. Fortunately she called me before doing anything. We’re all getting a little wiser.

  64. This did help. The thing I can not understand is how the product was charged to me and the e-mail was sent to my granddaughter. I did click on the order site but it sent me to google.com search site

  65. After posting my comment on here I also emailed Play.com & got this reply.
    “We have been made aware that a number of play.com and non-play.com customers have recently received an email that presents itself as a confirmation of an order from play.com. We can confirm that these emails were not sent from or on behalf of play.com and that no order has been placed with play.com.

    These emails are known as phishing emails and use recognised retail or banking brands to make the email look genuine. This type of email is sent to lure people in to clicking links that could contain viruses or to obtain personal information.

    We strongly advise that you do not click on the links and delete the email immediately. If you have clicked on any of these links then we would suggest running anti-virus software on your computer or mobile device.

    If you are ever unsure about the legitimacy of an email from play.com then please forward the email to privacy@play.com and we will be able to confirm this for you”.
    Brian, I also ordered from the US it was a company in Florida and was approx a year ago. Never done it before or since and won’t do it again. Will stick with my usual suppliers in the UK.

  66. I got this e-mail and clicked on the link which directed me to just plain www.google.com. I called the bank to check my credit card status and everything was fine. Then, I called Yesasia.com and the customer service told me that the e-mail was a scam!!

  67. I got the email. They sent it an email address that I gave to a electronics/robotics vendor in Illinois more than a year ago. I’m wondering if they were hacked. Has anybody else purchased robotic parts recently?

  68. Also received the email and tried to call – no answer. Clicked on the link too. So far 34 posts and no answers from you guys at internet patrol. What do you recommend for those of us that clicked on the link?!

  69. My YesAsia.com email was ident to the one quoted above and I knew enough not to open it fully. I just read it through the preview pane. I hope that I can just delete it safely.

  70. What is the name of the file that downloads? Sorry about the typo in the earlier post. I did freak and click the link. Now what?

  71. What is the name of the file that i downloads? I freaked and clicked the link.

  72. Got the Play.com email 9/3.
    Freaked, smelled trouble.
    Googled scam and found your site. The scam email reads almost verbatum for the items “purchased” and “to be processed.”
    Should I call my credit card fraud line?
    Thanks for the info on your site.

  73. I got this for the Play.com version, what really freaks me out is that they had my real name which isn’t listed on this email account anywhere, and it was correctly spelled.

  74. Got that exact email today. Fortunately had enough sense not to click on any links. Thanks for the relief.

  75. Got this email as well. I clicked on the link, but it won’t open since it’s an .exe file and my mac doesn’t open those. Just wondering if I’m still safe? I’ve had my mac(s) for over 6+ years and haven’t gotten a virus yet. How in the world did they get my email and name? I’ve never even been on this website!

  76. i got this email this morning.
    good one! i sent a reply to the email and actually got an email back from yes asia!
    when you hoover your cursor over the link, it tells you actually where you are linking to!
    these scams are getting better.

  77. I also received this email from (supposedly) play.com. My first reaction was someone got access to my credit card information and I was, indeed, panicked. After a deep breath, I went looking to see if this was a scam. (After reading the comments of people checking their accounts to see if anything was posted, I felt a bit sheepish for not thinking of this.) Thank you for posting this information, it is greatly appreciated!

  78. I received same email this morning, it was IAfrica.com Didn’t use any links and checked with my bank who suggested it was a scam to get CC details they also advised me to delete the email which I’ve done. As someone else asked, how do they get your name & email address?

  79. I have just received this email from play.com today – seems the scam is still about. I also freaked out but when I clicked on the link and saw that it was wanting me to download a .exe file I closed it and it appears no harm done. Googled and found this site – thanks for clearing it all up for sure.

  80. received same message a few hours ago purporting to be from play.com. Coincided with me having made several purchases. Unfortunately I opened the link as I wanted to find out more details. At least your site now clarifies my suspicion. Thanks!

  81. I recieved same email but from PLAY.COM. I downloaded the file AND opened the file. it came up as an app. i hade virus checked it first using McAfee and it said it was safe. i have since seen sense, deleted the file and running thorough security scan of my computer. Does anybody have any idea of what these nasty bits are on the iafrica website?

  82. Have received this email but from Play.com – again no money debited and clearly a scam

  83. We got the same email but from play.com – other wording exactly the same. Freaked us out but didn’t open anything. Thought it was a credit card fraud.

  84. Yes, I received this scam mail and yes it was very helpful to learn it was a scam. Thank you.

  85. Just got this email BUT YesAsia was replaced with **Play.com**.
    All the same layout as shown above – same products, etc. So beware, Play.com is now the name. I have no account with them and never have. Looking at the ‘help’ link, the address shows iafrica.

  86. Just got this e-mail today, and quickly checked my bank account to make sure that I hadn’t been charged for anything that I didn’t purchase. Thanks for the info!

    Mark

  87. Thanks for your info about yesasia – I received exactly the spam you showed – thankfully my technological savvy daughter was here to show me what to do

  88. thank you for the post. I got one of the Emails and did click on the link but Kaspersky gave me a warning and wouldn’t let me open the “invoice”

  89. I just got one of these emails and thought it was someone hacking my PayPal card, AGAIN. Thanks for posting this info.

  90. Thanks for the update. I called my bank thinking that my actual Credit Card was compromised yet again… stupid internet BS… why cant they just leave people alone?

    Fun fact:
    Your Order (447041989) has been successfully placed?

    I got 1989… i think it has something to do with the birthyear? idk.

  91. I received this email and determined it came from my Amazon account due to the old credit card info they used in the email.

  92. I got it and clicked all the “go to’s”. What do I do now? They did not take me anywhere but do I have a virus now??

  93. I just got one of these. I figured it was a scam because it didnt even show my shipping address nor did it show the last 4 digits of either my social or my credit card.

    I double checked my credit card accounts to make sure then came here.

    For a minute there I was kinda freaked.

  94. Yeah. I received the same thing just a couple of hours ago. Any link on the page prompts you to download something. I highly recommend that you do not do this. If you are worried about it and think there is some validity to it check with your bank to verify.

  95. Thanks, great work. My wife received this same order, verbatim, but I was able to google “scam ‘yesasia.com’,” & your link was right there to this excellent report. Saved us lots of aggravation quickly. Thank you so much. YOU GUYS RULE THE BUS!

  96. I found this info after the fact—What to do if you did click on that link that lead to the newsletters.iafrica.com crap?

  97. Too late. I clicked on it. Now what wonderful surprises do I have in store? It downloaded a file but thankfully I didn’t open it.
    Arrgh.

  98. Thanks for posting this! I just received the exact same message and google’d it immediately ! I hope others do the same!

  99. I was one who freaked out (should have calmed down, but I had good reason to think it was a legitimate theft due to some things that happened to us this summer). I clicked on the link, but did not actually open the zip file – I googled first, saw it was a scam, and deleted the unopened file from my computer. My question: if I did NOT open the zip file am I safe from a virus? My computer is an Apple…

  100. Thank you very much! And yes I was freaking out until I found your webpage.

  101. Thank you for this! I just got this email this morning and fortunately did not click on anything within the email. I checked my bank account first to make sure that nothing suspicious had happened. After that I immediately started searching to see if this is a scam. Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.