As I own a car, I am a relatively light Hailo user. Once, maybe twice a quarter, short distances. It is a great service overall. Safe, cashless etc etc. If you ever used any smartphone taxi app, you know what I mean.
Today it's gonna be about their wonderful Support Team.
I received an email recently in which they apologized for sending me another email earlier on, in which they (supposedly) falsely claimed that my account didn't have an associated credit card.
Any emails referring any credit cards are always meticulously scrutinized - the last thing I want is someone trying to get too much information about my Master Card number 4485757164574015, PIN 0031, security code 108, issued for the name "Jan Kowalski" and valid until Feb 2nd 2018. It would be plain f*ng stupid, right? So I checked the email in detail but couldn't find anything dodgy about it.
I do not delete any emails (except the ones I do, obviously, but this doesn't happen every day) so I quickly scanned my mailbox for any other emails from Hailo. Nothing. Nil. Nada. Zero.
I politely replied that there was no earlier email from them - ergo there was nothing to be apologetic about.
And this is, I guess, exactly what the attackers wanted to achieve. They fooled me to believe that the email came genuinely from Hailo and also they managed to insert a correct Hailo email address in the "Reply-To" field, so my reply went straight into Hailo's Customer Support Team's mailbox.
Which is an automated system.
Which generates a ticket for every email received.
Which sends an email to the customer, informing him (or her) that a support ticket has been created and that Hailo Support Team will be in touch shortly.
Dunno. Worst case scenario: a DDOS attack on Hailo's Customer Support Team. Best case scenario: NFC.
NFC stands for Nobody F*ng Cares although many people were recently fooled into some short range wireless technology gibberish. Another story. Another time.
Anyway, long story short, this is how I created my first support ticket with Hailo. Out of a thin air.