Dave, I got an email saying that my Sirius XM subscription is going to stop because the company couldn’t renew using my credit card. I don’t recall having a Serious XM account, but when I click to renew, it just gives me an error message. Now I’m anxious! How can I know what’s really going on?
SiriusXM is a subscription satellite radio service that is now built into most cars sold in the United States. For a relatively modest fee, you can have access to hundreds of ad-free channels in a wide variety of formats. It also offers streaming services, allowing you to listen to your favorite XM channels on your phone or computer too. I have it and like it quite a bit.
Having explained that, if you don’t know whether you have Sirius XM (it’s not “Serious”, it’s “Sirius”) then you probably don’t have the service and what you’ve received is a scam. Other clues you offer reinforce that suspicion because a big commercial company like SiriusXM has solid and reliable servers that mean the site’s up 99.9% of the time.
What’s happening is that you’ve been fooled by a spam message from a scammer somewhere in the world. Their goal is get your credit card information and they’ll tell you that all sorts of services are expired or that you have won any number of wonderful things, just so you’ll “confirm” your identity by entering credit card information. Then they’ll immediately charge it up to its limit and you’re most likely then out of luck. Best to be very skeptical of these sort of email messages instead; if they don’t make sense, they’re scams.
In this instance, I also received an email telling me that my membership had failed to renew due to a declined credit card, so I dug into the message further. Please follow along and remember you could also do the same research to confirm that a message is legit or, more likely, a scam…
WHO SENT THIS MESSAGE?
I opened up my Gmail account and there it was, sitting in my inbox:
Seems a bit alarming, but let’s just look at this a bit more closely before we proceed! First off, incredibly few legitimate email messages will include an emoji, so without going any further, it’s suspicious. Further, “Sirius XM” isn’t anyone’s account, so the subject itself makes no sense.
Then there’s the sending email address. You can see a part of it above: “Payment_Declined <ConfirmationE…” but again, put your skeptic hat and ask if a big corporation is going to have “Payment_Declined” as the email account from which it would notify customers of renewal failures? Not “Billing”? Not “Customer Service”?
Look very closely at the above and immediately adjacent to “to me” is a tiny downward pointing triangle. Click on it and you’ll get more information about the sender and other relevant info:
More red flags here! Who’s “aufields.com” and why isn’t this coming from “siriusxm.com” if it’s related to that site and service? Notice the “reply-to” too: Cookstr? mail@cookstr.com? What even are these sites and how are they associated with the Sirius XM billing process? Answer: They’re not. In fact, odds are good neither company has a clue that their domains are involved with this scam.
That’s already plenty enough reason to delete this message as being a scam. But perhaps you are a bit more trusting so you’re suspicious, but not yet ready to bail. Okay…
THE ACTUAL MESSAGE
Click to open it and you’ll find that in this instance, the message is:
Here’s where things get confusing, and deliberately so. Has your membership expired, or are they offering a 90 day free extension? The answer is that they don’t really care, they just want you to click on that button!
Of course, the email does promise that they won’t withdraw any amount from your credit card, but I really, really hope you don’t believe a clearly daft disclaimer in an email that’s already so questionable. Also, companies don’t “withdraw” money from a credit card account, they “charge” the account to collect.
If you put your cursor over the “RENEW SUBSCRIPTION NOW!” link without clicking, many email programs will give you a preview of the URL you’re about to click on. In this instance, here’s my link:
Again, if it’s SiriusXM, why are they linking to Google’s API [application programmer interface] service?
WHERE ARE THEY LOCATED?
Scroll to the very bottom of the message, and, just like a legit email, there’s a link to unsubscribe and a physical mailing address, as required by US law:
Never click on these unsubscribe links, however, because what you are doing instead is confirming that you’re someone who reads these messages and clicks on links. The result? If you request removal you will receive more spam. Yikes!
Now, what about that address in El Dorado, Arkansas? Let’s just feed it into Google Maps…
You can see that Google can’t find anywhere called “Mountainview” in this tiny Arkansan town, so, as we suspected, it’s also bogus and certainly not part of a large corporation, even if they’re outsourcing subscription management to a third-party firm.
I SEE A LINK, I CLICK
After all of that, if you did click on this particular button, you’d find that it bounces you through a couple of different redirects (quite common and often how malware can show up from a mouse click) and ultimately ends up showing you this:
Given the domain name, it looks like the scammers were lazy and didn’t set everything up properly. A better scam would have a page that looks like a Sirius XM page and invites you to enter your payment info “for confirmation”. Then again, it might have sought to install some malicious code as one of the redirects too. Either way, it’s always a smart move not to click on any links on a message you aren’t 100% sure is legit.
VERIFY YOUR SIRIUS XM SUBSCRIPTION STATUS
This brings us back to the original query with you saying that you don’t recall having a Sirius XM subscription, but aren’t sure that you don’t have one. Logical conclusion: Go to the company’s official Web site to check. In this instance, SiriusXM is at “sirius-xm.com” and once I log in, I can simply click on “Billing” to confirm my account status:
It’s easy to conclude it’s a scam at this point, isn’t it? If you’re unsure about the emails you receive, a good strategy might be to simply go directly to the company in question – by typing in the URL or finding it through a Google search, not by clicking on a link in the message! – and check your account status.
The moral of this story is that you must be careful in the modern online world because there are scammers who are constantly trying to trick you into sharing your payment information, personal information, money, account access, and more. Be careful out there!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!