Autorenewal Email - Phishing/fraud Email Pretending To Be From Bitdefender?

I received the following email sent to my registration account.

It is sent from a fishy webhelp@digitalriver.com account.

It has my correct name and order number, so I wonder what's happening.

I also never chose to automatically renew my subscription (I highly doubt this is legal unless explicitly stated) and it's nowhere near its end anyway, with 212 days still to go, that's how I guessed this is a fraud attempt. My subscription was extended a few times during the past 2 years.

It also provides a link to yet another fishy website that is not Bitdefender: findmyorder.com, with no mention or access to the actual order, and the postal address at the end of the email is not even correct.

Email:

-------

Dear [deleted],

This email is to remind you that your subscription with BitDefender SRL for your BitDefender product will automatically renew soon. If you want to cancel your subscription, please visit the link below:

www.findmyorder.com

Your Order and Billing Information:

Customer Number: [deleted]

Original Order Number: [deleted]

For any questions or information related to your BitDefender product, please do not hesitate to contact the BitDefender Support Team:

http://www.bitdefender.com/site/Main/contactEmail/

For frequently asked questions about your product, please visit this page:

http://www.bitdefender.com/help

Please note: This email message was sent from a notification-only address that cannot accept incoming email. Please do not reply to this message.

Sincerely,

Digital River Customer Service

www.findmyorder.com

Digital River International S.à r.l.

9b, Boulevard du Prince Henri,

1724, Luxembourg, Luxembourg

Managing Director: John Strosahl

Place of registration: Régistre des Commerce et des Sociétés, Luxembourg

Registration number: B 114146

Email Header:

----------------

Delivered-To: [deleted]

Received: by 10.229.138.77 with SMTP id z13cs4850qct;

Sat, 8 Oct 2011 00:58:39 -0700 (PDT)

Received: by 10.42.72.194 with SMTP id p2mr1822479icj.0.1318060717482;

Sat, 08 Oct 2011 00:58:37 -0700 (PDT)

Return-Path: <webhelp@digitalriver.com>

Received: from dc1utl24.dc1.digitalriver.com (dc1-utl-snat.digitalriver.com. [209.87.182.119])

by mx.google.com with ESMTPS id o10si4955371icv.33.2011.10.08.00.58.37

(version=TLSv1/SSLv3 cipher=OTHER);

Sat, 08 Oct 2011 00:58:37 -0700 (PDT)

Received-SPF: pass (google.com: domain of webhelp@digitalriver.com designates 209.87.182.119 as permitted sender) client-ip=209.87.182.119;

Authentication-Results: mx.google.com; spf=pass (google.com: domain of webhelp@digitalriver.com designates 209.87.182.119 as permitted sender) smtp.mail=webhelp@digitalriver.com

Received: from dc1utl24.dc1.digitalriver.com (localhost [127.0.0.1])

by dc1utl24.dc1.digitalriver.com (8.14.4+Sun/8.14.4) with ESMTP id p987wbM5021001

for <[deleted]>; Sat, 8 Oct 2011 02:58:37 -0500 (CDT)

Date: Sat, 8 Oct 2011 02:58:37 -0500 (CDT)

From: webhelp@digitalriver.com

To: [deleted]

Message-ID: <4e9002ad.ca932a0a.6ce3.599fSMTPIN_ADDED@mx.google.com>

Subject: Digital River - Your Digital River Subscription Renewal

Notification

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_Part_49968_5956458.1318060717035"

------=_Part_49968_5956458.1318060717035

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable

Find more posts tagged with

Comments

csalgau

The folks at DigitalRiver handle license renewals and findmyorder.com is a ligitimate site responsible for their customer service.

If the censored order information above is correct, the email is most likely from them.

I would consider this an error on their part, but if you would like to be sure and do not trust their handling of your information, you should consult your account status on my.bitdefender.com or contact our support team over email or phone.

I've asked a colleague to contact you on one of the emails you used in a previous ticket. Please continue there.

Chimel

Thanks for the information, Catalin, I received the support team's email.

Here was my answer to them (I don't expect to receive the answers via the forum, it's just a FYI.)

Nowhere does Digital River say they have been contracted by Bitdefender, neither did I receive an email from Bitdefender notifying me of this contractor. The email address itself, "webhelp" seemed highly suspicious and not related to any accounting system. Together with the fake autorenewal claim and the misspelled address à la Nigerian scam, all sorts of red phishing/fraud flags started to ring to my security-conscious ears. I also received 2 emails from Digital River, one empty, one with the information I transcribed; That added to the feeling of something wrong.

Now that this is cleared out, I would like to know:

1) Where exactly did I explicitly sign for automatic renewal? I would never have done such a thing and I doubt this is even legal.

2) Where did I authorize Bitdefender to provide my information to a third party like Digital River?

3) Why is my Digital River account dissociated from my actual Bitdefender licensing information? I got my license extended at least 3 times, because of the time spent investigating bugs and providing repro scenario, and once because of the Windows x64 Bitdefender bug that deleted all system files about 1-2 years ago.

rootkit

Hi Chimel

Sorry for the delayed reply.

I will try now to answer to your questions.

1. You have all the details about automatic renewal here:

http://forum.bitdefender.com/index.php?showtopic=17176

http://www.bitdefender.com/support/I-do-no...enewal-542.html

2. Bitdefender sells electronic licenses via Avangate and/or Digital River. All online purchases are handled by these 2 e-commerce platforms. That's why you have a Bitdefender Account and a Digital River/Avangate Account after a new online purchase. We do NOT provide data to 3rd party companies for commercial or any other purposes.

3. Please note that we can only change the information from your Bitdefender Account(at your request, of course). Regarding the Digital River account, please contact Customer Service here:

http://www.digitalriver.com/dr/v2/ec_MAIN....=10107&PN=1

Thank you.

Chimel

Thanks, Cristi. The issue has been solved on my side.

Still, enabling automatic renewal by default has been denounced by all consumer associations and confirmed in many trials as a practice akin to fraud.

And it's even worse when you or your vendors do it without warning the customer and without an option to unselect it.

Even in the reference link you provided, this issue seems to have been the cause of user frustration rather than satisfaction, and for years. I'd suggest to make it an opt-in option, and only in the license expiration warning email, so customers can renew their license directly from there, with the ability to provide a different unexpired credit card, if they chose the 3-year license like I did.

rootkit

Hi Chimel

The opt out procedure has been significantly improved and it is now very easy to use. Now when you login to findmyorder.com, you have the possibility to cancel the automatic billing option in a second if you don’t want this option. If you didn’t manage to cancel the order within 30 days after the first notification, you can also contact the BitDefender customer service team(via email, phone, chat or here on the forums) and they will cancel the autorenewal order:

https://myaccount.bitdefender.com/site/MyAccount/myPage/3/

Auto renewal is an option trough which the customers benefit from continuous protection and upgrades. It is really appreciated by those who don’t want to manually renew their subscription every year.

Thank you.

Chimel

It's still a fraud attempt if users are not notified, do not consent, and can't opt out during the purchase process.

You fall into the same category as all the scammers Consumer Reports constantly denounces for the very same practice of unknown revolving fees.

I can't recommend Bitdefender anymore, and won't renew my license if this practice is not ended.

If some users want the feature, that's fine, you can make it opt-in during the purchase.

Tip for Bitdefender: Do NOT EVER touch your customers' money without their explicit consent.

This makes them angry and you lose customers if you don't respect them.

It's already a tough market with all the free solutions available, I don't understand how you shoot yourself in the foot like that.

rootkit

I think you misunderstood my words.

You can cancel the automatic renewal before the purchase is made.

You simply go online and buy a product and you can cancel the automatic renewal before the transaction is made through findmyorder.com. You can uncheck the option before you receive your license in your inbox.

If a customer wants to disable this feature, can do it in the My Account section after the purchase is made

https://myaccount.bitdefender.com/site/MyAccount/myPage/3/

or by sending an email to our Customer Service department.

By definition the automatic renewal feature is:

"An automatic renewal clause allows an agreement to continue for a defined period if the existing agreement isn't renegotiated within a specified time measured from the expiration of the current contract. The term of renewal depends on the specific contract language, but such clauses generally provide that the contract shall be automatically renewed for the same period (or some lesser term) unless either party, at some stipulated and predetermined time (i.e., 60 days before expiration), gives notice to the other of its desire to end the agreement. Generally, if the contract doesn't provide a time period for the contract to be subject to renewal, it may be renewed indefinitely."( source http://definitions.uslegal.com ).

Anyway, thank very much for your feedback.

Have a nice day.

Chimel

The checkbox "Store my billing information and automatically renew my subscription" is actually invisible, unless you click on a specific link to make it appear. I bought a product for a specific duration. If I wanted a renewable license, if it has a cost, I expect to be the one to decide that, not Bitdefender to make that financial decision for me, hiding it behind links.

rootkit

Welcome back Chimel

That initial link is available on the page.

In the software industry there is no "renewable license". You simply pay for a license key with the possibility to automatically renew that license. In this way, your machine is protected 24/7 for 1, 2 or 3 years (depending on your purchase).

You don’t have to worry about remembering to pay for your subscription before it expires. Also, as a customer you are eligible for free upgrade to the latest versions.

Bitdefender Automatic Renewal Service is available to all customers who purchase eligible products online and can be disabled from My Account:

https://myaccount.bitdefender.com/site/MyAccount/myPage/3/

Thank you.

Chimel

The "I do not want the Automatic Renewal" link on that page is not working (HTTP error 500), tested from 2 different browsers.

Let's not play on words, what you describe as the "possibility to automatically renew that license" is what I called a "renewable license."

For fun, I received an email from Digital River just now saying that I have only 6 days left, when I have 189.

Their customer service page does not allow me to pass through the order number or 3-year old credit card number I don't remember, and their email says "or contact us at webhelp.v4@digitalriver.com" but then says this very email address is a "notification-only address that cannot accept incoming email," I give up on them.

There's something very wrong if you extend the licenses in the Bitdefender site, but you don't communicate these extensions to your billing vendors. You should work it out. My license was extended 2 or 3 times for services rendered or as a compensation for harm caused by Bitdefender yet Digital River only knows my initial purchase order from 3 years ago.

rootkit

Welcome back Chimel

I have some fresh information regarding your current situation.

I've checked that link and it's working fine.

Your license key(the one for BitDefender Antivirus 2009 with 20 characters) was modified by one of my colleagues and is set to expire now on 2012/05/08.

Since your purchase was made via Digital River, we don't have access to their database to modify the initial period.

You have received 2 notifications about automatic renewal(search your inbox - your GMAIL account for 14304575800 & 14304575700)

Also, please note that automatic renewal for your Digital River Account is disabled(in this moment).

Now, regarding the Automatic Renewal Service at a new purchase, please note that the option is checked by default, but the customer has to agree with this offer by selecting the check box from that page.

If not, the automatic renewal is canceled by default and the purchase is made without this service.

Thank you. Have a nice day.

Chimel

Hi Cristi, it's probably a temporary glitch but all links from the "My Support" page return an error 500 from Firefox, IE and Chrome:

The website encountered an error while retrieving https://myaccount.bitdefender.com/support/I...enewal-542.html. It may be down for maintenance or configured incorrectly.

Maybe you are using the intranet or have special permissions as a Bitdefender support person I don't have.

I'll check the site again in 1-2 hours to see if I can access it and will report here, or other users can jump in too.

Chimel

Nope, these pages are still not working for me. They display a blank page in Firefox 7, HTTP 500 Internal Server Error in IE9, and the previously mentioned message in Chrome 15, even with my antivirus disabled and with no other upload/download traffic.

rootkit

Welcome back Chimel

Do you use proxy? I will further investigate this.

Let me know if you are able to access this:

http://www.bitdefender.co.uk/support/I-do-...enewal-542.html

Thank you.

Chimel

Yep, the http://www.bitdefender.co.uk link works fine from Firefox, same if I replace .co.uk with .com.

And now the https://myaccount.bitdefender.com link works too!

I tried the latter https link from IE9, it still shows as internal server error.

I tried the .co.uk link in IE9, it worked, but the https link still did not work.

I replaced .co.uk with .com as I did in Firefox, that worked too.

I then tried the https link again, hoping that maybe the previous links triggered something, but unlike Firefox, it didn't work in IE9.

Same thing with Chrome, I can open the .co.uk and .com links, but not a single link from the https My Support page.

And even in Firefox, only the first link (Automatic Renewal) in the My Support page works.

The 9 other links in that page, including the FAQ links, do not open.

rootkit

You forgot to answer my question.

Do you use proxy?

Also, please note that I've edited the topic's name.

Thank you.

Chimel

Sorry, no, I don't use a proxy.

rootkit

Hi Chimel

We have a new link for that KB article. You can access it without logging in your account.

http://www.bitdefender.com/support/I-do-no...enewal-542.html

Thank you.