JB Hi-Fi eGift Cards Used by Fraudster

savemore on 19/06/2021 - 09:55
Last edited 19/06/2021 - 09:55

I can see what some people are thinking already, not another thread about someone stupidly sending photos of their JBHiFi eGiftCards to random person on Marketplace whilst waiting for non-existent payment, but I can assure you this is not that thread.

Last year a work friends daughter wanted to purchase a high end spec iMac. To help reduce the cost, I offered to help by purchasing discounted JBHiFi eGiftCards through SDA, AGL Rewards & Ambassador Card (which ended up less than 5% due to CC fees). These were all purchased on my Credit Card. As 2 didn't arrive at the time the iMac was ordered, there was $550 that remained. Between this time and January, neither myself or my friends had a copy of the codes, and after checking, it turns out that they were never sent to their e-mail address. I followed this up and they were re-mailed to them, I also forwarded them to my e-mail address for security. As neither of us had the need for anything at the time, they were not touched.
Fast forward to yesterday, they are looking to purchase an iPad Pro 12.9, so knowing there were $550 worth of GC, we entered the Code/Pin on the Online Balance Checker website. To my shock, both were used in NSW in March and April of this year. I've contacted one store this morning. They have said that I need to report it to the Police. I rang the 131444 (SA Police Hotline) and they said that I need to make a report, which I plan on doing, but my local station is not open on weekends, and I want to get this sorted ASAP. Can anyone offer constructive advice relating to making a claim online.

I will also disclose, that I suspect my work friend has had her computer compromised, as this year, they have had their Netflix account hacked and their Bigpond e-mail account disabled due to sending out unsolicited e-mails.

TIA
savemore

General Discussion

Related Stores

JB Hi-Fi
JB Hi-Fi

Comments

  • Neoika on 19/06/2021 - 10:09

    TLDR/solution: JB HF online allows you to purchase a big value eGC with some small value eGCs to consolidate them, which can also prevent the 3rd party to hold the original cards that have remaining balance.

    • savemore on 19/06/2021 - 10:12

      Thank, was already aware of this, but didn't have the presence of mind to do this at the time, as felt that being stored on e-mail account they'd be secure. Turns out this would have been a necessary step in securing the eGC's (which I will do from now on). I'd love to see eGC's have some sort of identification of purchaser associated with them, but then that'd probably result in increase in admin or negate the discounts.

  • pharkurnell on 19/06/2021 - 10:15

    its been months now, another day or 2 waiting for the cops to open wont make shit difference…. not that anything will come of it in the end…. wouldnt be a tiny weeny small insignificant priority case for them.

    • savemore on 19/06/2021 - 10:32

      If by months you mean 2 and 3, then yes it has been months. The earliest the local station is open is Monday, so yes it is 2 days to wait. It is more the inconvenience about having to attend in person. Why can't I complete an online form, which they can contact me if I'm required to attend in person? I'm hoping at least JBHiFi/NSW Police can obtain CCTV footage at each of the stores to try and identify the fraudster, but I suspect that this will be as far as they get, as unless they were stupid enough to leave some personal details or they are already known to the Police, then nothing will occur.

  • rektrading on 19/06/2021 - 10:43

    EGC like other types of digital currencies requires some level of security to prevent loss. Many of them are issued with a PIN. Users must always keep this PIN safe and not share it with anyone.

    PINs should never be stored on a device in a readable format without encryption.

    Not your keys, not your money.

    • savemore on 19/06/2021 - 10:48

      e-mail accounts are secure, compromised e-mail accounts/Windows 10 PC's are not

      • [Deactivated] on 19/06/2021 - 11:35

        e-mail accounts are secure

        They are not, as they can be compromised as you discovered.

  • vikvance on 19/06/2021 - 10:55
    +1

    I suspect my work friend has had her computer compromised

    If this has happened, then taking care of this is way more important than the gift cards.

    Firstly, she should check her email in a website such as https://haveibeenpwned.com/ to see if it has been part of some data breach. If it has, and she has reused the same password on other websites, then her password is now known by hackers.

    If the above has happened, then she should change all her passwords ASAP. She should use an add-on such as Bitwarden to generate random passwords, and then make sure she uses a different password for each website. This stops hackers from gaining access to multiple accounts, when they have the password & email combo for one account.

    • savemore on 19/06/2021 - 11:08

      Just checked their e-mail address, following response appeared: Good news — no pwnage found! Plot thickens!

      • [Deactivated] on 19/06/2021 - 11:36
        +1

        Just because it is not on HIBP that doesn't mean there hasn't been a compromise, it just means that the compromise and its data hasn't been released publicly.

  • bobbified on 19/06/2021 - 11:30

    As 2 didn't arrive at the time the iMac was ordered, there was $550 that remained. Between this time and January, neither myself or my friends had a copy of the codes, and after checking, it turns out that they were never sent to their e-mail address.

    Does you or your friend have common usernames on your email addresses? Since you never received the codes in the beginning, could it be possible that the codes were sent to the wrong email recipients (typo or something on their end) when you first purchased them? And then the same codes forwarded to your correct email address when you followed JB up later?

    I followed this up and they were re-mailed to them, I also forwarded them to my e-mail address for security. As neither of us had the need for anything at the time, they were not touched. Fast forward to yesterday, they are looking to purchase an iPad Pro 12.9, so knowing there were $550 worth of GC, we entered the Code/Pin on the Online Balance Checker website.

    How old is your friend's daughter? Does she have access to your friend's email account? (Not accusing her of actually doing anything, but just looking at all possible scenarios).

    • savemore on 19/06/2021 - 11:41

      Does you or your friend have common usernames on your email addresses?
      Neither mine nor their e-mail addresses I would consider to common, but they do contain aspects of people's names.

      could it be possible that the codes were sent to the wrong email recipients when you first purchased them?
      It may be possible. I've got a copy of the e-mail that was sent to them as it was forward to me on 24/1. It contained their e-mail address, plus a possible email alias (not going to publish either here). The dumb thing that Ambassador's in addition to attaching the PDF of the eGift Cards, also listed both the Gift Card Number and PIN in the e-mail message. I would have thought that if someone else received them, they would have used them straight away, not on 23/3/2021 & 17/4/2021.

      How old is your friend's daughter? Does she have access to your friend's email account?
      She is 19, not sure if she has access to their e-mail account. They all live within SA. They all use iPhones and I also have questions about how secure iPhones are.

      Feel free to ask other questions and I'll answer them as honestly as possible (without providing identifiable details).

      • bobbified on 19/06/2021 - 11:48

        I would have thought that if someone else received them, they would have used them straight away, not on 23/3/2021 & 17/4/2021.

        Sometimes people don't check their emails for months. Maybe they found the random unexpected email, gave it a try and.. score! lol

        They all live within SA. They all use iPhones and I also have questions about how secure iPhones are.

        It doesn't stop someone from selling the codes on Gumtree or Facebook marketplace and the buyer being in another state. iPhones are used by corporations all over the world (each would run their own series of security tests before rolling them out), so I'd say that the security would be quite decent. Law enforcement also have trouble getting into them. If it was that easy, our own government here wouldn't need to bring in legislation that allows them to compel someone to reveal their lock codes, etc.

        I'm just throwing all sorts of wild possibilities out there, so don't mind me! 😁

        • savemore on 19/06/2021 - 11:56

          Don't mind at all, I like to talk conspiracy theories when it comes to Apple Products, as this is an entire family that have all been brainwashed into purchasing multiple (and I mean multiple) Apple Products, with the constant need to upgrade. They always try and offload their old devices on me (still using an iPhoneSE 1st Gen and Apple MacBook Air - both purchased due to travelling overseas for 2018-2019), which I just refuse.

Login or Join to leave a comment
Login Join