We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Beware Scam Websites
Walesnum1
Posts: 18 Forumite
Hello, all. I thought I'd share my story so others won't fall into the same silly subscription based scam that I did.
Initially, I found a spa online through a fake profile on Instagram (DO NOT BOOK ON THIS WEBSITE) - https://luscioustouchspa.com/booknow/726/index.html. The website uses the iFrame method where they hide the terms and condition where you enter your credit card. After looking at the source code for the website, I found a hidden link. After clicking on it, this appears on the webpage under where you add you card details:
The spa website states they would only charge $2.99 for a card payment and no other charges would be taken until after the treatment. After Googling the website detailed in the item description from my bank statements (e.g. mkpdfg.com), I came across the website that confirmed I'd been duped into a subscription scam. These separate websites ask for the first 6 and last 4 digits of your credit card to unsubscribe. So far I've done this for payments that have already gone from my account, I've contacted my bank who've either blocked any future payments or deactivated my card. I've also reported the matter to ActionFraud and ReportFraud.
Initially, I found a spa online through a fake profile on Instagram (DO NOT BOOK ON THIS WEBSITE) - https://luscioustouchspa.com/booknow/726/index.html. The website uses the iFrame method where they hide the terms and condition where you enter your credit card. After looking at the source code for the website, I found a hidden link. After clicking on it, this appears on the webpage under where you add you card details:
By pressing 'Click Here For Access', I certify that I have read and agree to the complete terms of membership and billing and that the card entered above is my credit card. Your access to LocalSexFriends includes a 2 day free trial promo to You're My Reason To Love. If you choose to remain a member of You're My Reason To Love beyond the trial period, your membership will renew at thirty nine ninety nine (notice the lack of a currency here). Your membership to LocalSexFriends will be Free for Lifetime. You will also receive a free membership to InboxPartners.
Your IP Address has been logged for fraud protection.
Charges made to your credit card will appear under "mkpdfg.com (888)496-1427", operated by Staffordish Limited, an eCommerce Merchant located in Cyprus.The spa website states they would only charge $2.99 for a card payment and no other charges would be taken until after the treatment. After Googling the website detailed in the item description from my bank statements (e.g. mkpdfg.com), I came across the website that confirmed I'd been duped into a subscription scam. These separate websites ask for the first 6 and last 4 digits of your credit card to unsubscribe. So far I've done this for payments that have already gone from my account, I've contacted my bank who've either blocked any future payments or deactivated my card. I've also reported the matter to ActionFraud and ReportFraud.
1
Comments
-
Haven't you already shared it once?
https://forums.moneysavingexpert.com/discussion/6255995/subscription-fraud/p1
0 -
Why have you opened another thread on this when you already have one on the topic subscription Fraud?Time is a path from the past to the future and back again. The present is the crossroads of both. :cool:0
-
Mainly to put all the information together in one clear post now I've collected all the evidence. The previous thread had become a little messy and the new information about the iFrame method is an important part of the puzzle on how the scam works.dr_adidas01 said:Why have you opened another thread on this when you already have one on the topic subscription Fraud?0 -
Walesnum1 said:The website uses the iFrame method where they hide the terms and condition where you enter your credit card.
Iframes are used to allow payment card data to be entered in a secure way by keeping the payment window fully segregated from the rest of the website, thereby minimising the risk of cards being compromised. Naturally this means that such frames don't contain content relating to the rest of the site, but this is by (desirable) design rather than a weakness.Walesnum1 said:
the new information about the iFrame method is an important part of the puzzle on how the scam works.
If you're saying that Ts & Cs aren't displayed anywhere then that's a different matter, but citing their absence from the payment iframe misses the point....2 -
The Terms & Conditions are not visible on any page of the website. Believe me, I've looked everywhere. Only by looking into the webpage's source code can a hidden link be found. Once you click on this link, they appear under the box where you enter your card information.eskbanker said:Walesnum1 said:The website uses the iFrame method where they hide the terms and condition where you enter your credit card.
Iframes are used to allow payment card data to be entered in a secure way by keeping the payment window fully segregated from the rest of the website, thereby minimising the risk of cards being compromised. Naturally this means that such frames don't contain content relating to the rest of the site, but this is by (desirable) design rather than a weakness.Walesnum1 said:
the new information about the iFrame method is an important part of the puzzle on how the scam works.
If you're saying that Ts & Cs aren't displayed anywhere then that's a different matter, but citing their absence from the payment iframe misses the point....0 -
Simple rules for using any website.Walesnum1 said:
The Terms & Conditions are not visible on any page of the website. Believe me, I've looked everywhere. Only by looking into the webpage's source code can a hidden link be found. Once you click on this link, they appear under the box where you enter your card information.eskbanker said:Walesnum1 said:The website uses the iFrame method where they hide the terms and condition where you enter your credit card.
Iframes are used to allow payment card data to be entered in a secure way by keeping the payment window fully segregated from the rest of the website, thereby minimising the risk of cards being compromised. Naturally this means that such frames don't contain content relating to the rest of the site, but this is by (desirable) design rather than a weakness.Walesnum1 said:
the new information about the iFrame method is an important part of the puzzle on how the scam works.
If you're saying that Ts & Cs aren't displayed anywhere then that's a different matter, but citing their absence from the payment iframe misses the point....
Do they have a registered UK address and contact no.
What does the whois information say about the website, where it was registered, who owns it and when was it set up.
For the site you listed it has no postal address listed, it's contact email is a gmail account.
Website registered nine months ago in Iceland and ownership/administration/abuse contacts are all hidden.
It also quotes prices is dollars.
More than enough red flags on those simple starter points to not go any further.1 -
It's not "an important part of the puzzle on how the scam works."Walesnum1 said:
Mainly to put all the information together in one clear post now I've collected all the evidence. The previous thread had become a little messy and the new information about the iFrame method is an important part of the puzzle on how the scam works.dr_adidas01 said:Why have you opened another thread on this when you already have one on the topic subscription Fraud?
The scam works because people are stupid and don't seem to do any due diligence before they hand their card details over to random websites on the internet. This subform, the credit cards one and the consumer rights ones are all littered with people handing card details over to some of the ropiest websites on the internet. Until people start to show just an ounce of common sense before they hand their details over, these "scams" won't go anywhere.
I don't even know how this is supposed to work even if it was genuine. There's no information at all on the page on where this spa is located. Wouldn't you at least want to know that before you parted with your money?2 -
Believe me I'm more than kicking myself right now. Let's just hope I can put the fire out quickly to lessen the damage.kaMelo said: Simple rules for using any website.Do they have a registered UK address and contact no.
What does the whois information say about the website, where it was registered, who owns it and when was it set up.
For the site you listed it has no postal address listed, it's contact email is a gmail account.
Website registered nine months ago in Iceland and ownership/administration/abuse contacts are all hidden.
It also quotes prices is dollars.
More than enough red flags on those simple starter points to not go any further.0 -
This is the first time I've been scammed but sadly I've learnt the hard way. The worst part of it is the amount of time I've had to spend trying to minimize the repercussions. Unfortunately, I'm expecting more attempted payments in the future so I don't think it's over yet.Batesy1976 said:It's not "an important part of the puzzle on how the scam works."
The scam works because people are stupid and don't seem to do any due diligence before they hand their card details over to random websites on the internet. This subform, the credit cards one and the consumer rights ones are all littered with people handing card details over to some of the ropiest websites on the internet. Until people start to show just an ounce of common sense before they hand their details over, these "scams" won't go anywhere.
I don't even know how this is supposed to work even if it was genuine. There's no information at all on the page on where this spa is located. Wouldn't you at least want to know that before you parted with your money?0 -
But can you answer the question of why you handed money over to book a spa appointment without knowing where the spa was? Or is there something on the page I'm missing?Walesnum1 said:
This is the first time I've been scammed but sadly I've learnt the hard way. The worst part of it is the amount of time I've had to spend trying to minimize the repercussions. Unfortunately, I'm expecting more attempted payments in the future so I don't think it's over yet.Batesy1976 said:It's not "an important part of the puzzle on how the scam works."
The scam works because people are stupid and don't seem to do any due diligence before they hand their card details over to random websites on the internet. This subform, the credit cards one and the consumer rights ones are all littered with people handing card details over to some of the ropiest websites on the internet. Until people start to show just an ounce of common sense before they hand their details over, these "scams" won't go anywhere.
I don't even know how this is supposed to work even if it was genuine. There's no information at all on the page on where this spa is located. Wouldn't you at least want to know that before you parted with your money?3
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards