Yet Another Fake Jollibee Happyplus Email

recent Security

A few days ago, I received an email from Jollibee‘s Happyplus that I won ₱500 in their monthly raffle draw. Cool, I thought, because as one of the first batch of users of the Happyplus Card, I have not won anything despite loading ₱500 to ₱1000 per month when the program started (I have strong doubts their raffle is real). Imagine my curiosity after receiving this email.

But, as I already had a bad experience with receiving Happyplus emails (read: Fake Spotify Login Site, Was Happyplus Compromised), I already have doubts. Sure, I was interested because in this new email they claim that they have a Happyplus app!

I checked the link and I was not surprised that the Happyplus Android app is fake. The link downloads an APK file. If this was an official app, they will link to Google Play and let users download it from there. Secondly, it should come from at least (still not advisable).

Still, I checked Google Play and the website for any information, nothing. There is no doubt this is another phishing scam by the same group behind the fake Spotify website coming from, supposedly, Happyplus.

I checked the Happyplus website today and they have posted an official announcement about this phishing scam.

I really hope they add DKIM and DMARC TXT records. It is a strong addition to SPF, which in this case can be spoofed or the Happyplus engineers misconfigured it somewhere (SPF is showing as “PASS”).

With a correctly configured SPF, DKIM, and DMARC TXT records, almost all fake emails using their domain name will go directly to the Junk/Spam folder — even blocked by the email provider, preventing the end-user from receiving it. (Careful though with setting up DMARC, a wrong configuration will affect even official emails.)

In any case, Jollibee should have sent an email blast notifying users of this phishing scam. They send newsletters monthly, surely, informing your patrons about this phishing scam warrants an “emergency” email blast. If they did, I have yet to receive that mail and it’s 4 days since the official announcement was posted (2017-07-28).

This slideshow requires JavaScript.

Donations for the magus

  • XLM (Stellar Lumens) 🚀🪐17: yukino* XLM (Stellar Lumens) 🚀🪐17: yukino*
    • XLM memo/tag (optional): for
    • Highly preferred
  • ZEC (Zcash) Z0.03: t1W7HusjBAXgquM7YHu6xDUEBejmYPKU2HC ZEC (Zcash) Z0.03: t1W7HusjBAXgquM7YHu6xDUEBejmYPKU2HC
  • XRP (Ripple) X5: rU2mEJSLqBRkYLVTv55rFTgQajkLTnT6mA XRP (Ripple) X5: rU2mEJSLqBRkYLVTv55rFTgQajkLTnT6mA
    • XRP memo/tag (required): 246013
  • STEEM: yahananxie STEEM: yahananxie
  • ETH_smartcontract (Etherium) Ξ0.007: 0x739d2aae2a5b7a4e1d64c58d121c9d908d706c83 ETH_smartcontract (Etherium) Ξ0.007: 0x739d2aae2a5b7a4e1d64c58d121c9d908d706c83
    • Gas: please use at least 35,000
    • Do not send non-smartcontract ΞTH and ERC20 tokens to this address.
  • ETH_ERC20 (Etherium) Ξ0.007: 0xB127362Dc268B63cE22E697344D2c51e673f18B6 ETH_ERC20 (Etherium) Ξ0.007: 0xB127362Dc268B63cE22E697344D2c51e673f18B6
    • Accepts non-smartcontract transactions and ERC20 tokens (in particular: AWC, ENJ, PAX, TUSD, USDC)
  • BCH (Bitcoin cash) ₿CH0.004: pp8fkmchlu6a7c53a2s682jd70mncrzemsthca6ftl BCH (Bitcoin cash) ₿CH0.004: pp8fkmchlu6a7c53a2s682jd70mncrzemsthca6ftl
  • XBT (Bitcoin core) ₿0.0002: 32w1De4wvr5jEzC4g5P4rkjvqg2bvMR8Vk XBT (Bitcoin core) ₿0.0002: 32w1De4wvr5jEzC4g5P4rkjvqg2bvMR8Vk
Yet Another Fake Jollibee Happyplus Email
Article Name
Yet Another Fake Jollibee Happyplus Email
Another fake Jollibee Happyplus email is making its round online, tricking patrons to download a fake Happyplus Android application.

CC BY-SA 4.0 Yet Another Fake Jollibee Happyplus Email by ᜌᜓᜃᜒ (Yuki|雪亮) is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Legal Notice.

Leave a Reply