Now it’s official: The elaborately designed website “playstation-sony.eu”, which claims to sell PS5 consoles directly from Sony, is a fake shop. Sony is aware of the website and it does not belong to the group. Sony did not provide any further information.
The computer magazine c’t had yesterday Thursday warned of the website “playstation-sony.eu”, which continues to pretend to be officially selling PS5 consoles and accessories by Sony in the UK. The page is extremely elaborately designed, so that the forgery was only noticed on closer analysis. As a result, numerous readers reported in the course of yesterday, who had noticed further inconsistencies, small spelling errors and picture details with Cyrillic packaging labels.
Network of fake shops
Analyzes by the security service provider urlscan.io suggest that the fraud site is part of an extensive network of fake shops and phishing sites that are “potentially controlled from Ukraine”. According to Johannes Gilger, CEO of urlscan.io, the websites have repeatedly been switched to different regions in sync with the official delivery waves of the Playstation 5 from Sony in the past few months.
“The websites all follow the same pattern and look and could therefore be easily identified and linked by us.” explained Gilger to c’t. Apparently the pages would be constructed with a commercial building kit and hosting system called “Weblium”, which is based on Google’s cloud infrastructure. The IP address “18.104.22.168” linked to “playstation-sony.eu” currently belongs to a Google cloud server in Brussels. The TLS certificates currently used by the website were set up between February 21 and March 22, 2021.
According to Gilger, the following domains belong to the network of similarly constructed websites:
One of the domains showed up a server of the German host “Hetzner”: “There we found a number of empty websites as well as prepared scam websites,” explained Gilger.
“Blunt but effective”
Gilger, however, gave little hope that the flood of fake shops and phishing websites could be contained in the foreseeable future: “This is one of hundreds or thousands of fraud attempts that are carried out every day with minimal work on the Internet: The Website comes from a modular system, the way in which the bank data is accessed here is dull but effective. ”
The perpetrators have hardly been prosecuted so far: “Such attempts at fraud are unfortunately so common that hardly any researcher or security company has the time or the interest to take care of them.” Gilger makes the hosters responsible for this: “Even serious scams like the one against customers of the British Royal Mail in the last few weeks generate little interest and the responsible hosters are difficult to get to cooperate.”
The fact that the perpetrators’ scam is apparently worthwhile is shown by the incrementally increasing order numbers that c’t had received after two attempts to order on “playstation-sony.eu”. According to this, almost 100 orders were placed there within half an hour. The website demands the official prices of 400 to 500 euros for the consoles. If you extrapolate these numbers, the fake website could receive credit card orders from all over Europe and Great Britain worth 2 million euros per day.
Be careful with young domains
The example “playstation-sony.eu” shows that despite all warnings to buy PS5 consoles only from established retailers, too many customers still fall for scams. There is currently no end in sight. The websites are getting better and better and if one is shut down, the next one pops up again in the Google ranking.
References to such fake shops and phishing sites can be checked urlscan.io deliver. However, the data are sometimes difficult to interpret. While there are scans there for official websites of reputable retailers that go back years, fraudulent sites often only have a short scan history that is only a few weeks or months old. In the case of playstation-sony.eu, they only go back two weeks.
Update 4:00 p.m .: The website “playstation-sony.eu” is now offline and no longer accessible. At least the DNS servers no longer resolve the domain name. The domain “gta5moneydrop.net” is now linked to the same IP address. She pretends to exchange real money for virtual coins for the game “Grand Theft Auto 5”.