
Ask HN: Kickstarter asks me to pay more through email, what to do? - franciscop
I backed a kickstarter campaign in the hopes of getting an awesome product, something that I passed on the first time for being a first version but that now I feel confident they have made much better. So I backed it choosing the reward I wanted and paid it.<p>However, after completing the campaign someone[1] sent me an email asking me for more money to complete the payment and shipment[2]. Since the email looks legit, I hovered on the link only to realize to my dismay that it&#x27;s in http (not https). Nonetheless, I followed it t an official pebble website only to realize that, after few pages trying to make me buy some more products, they just offered a form that looks like another famous company form[3] asking me to write my credit card info. I didn&#x27;t check into the source code to see if it&#x27;s the official one, nor I think I should be required.<p>So these are strong indications of scam for me:<p>1. Ask me to complete a payment through email.<p>2. An insecure and easy to mitm link to complete the payment.<p>3. Only allowing to write my credit card details, while the official shop[4] accepts paypal and others.<p>Is the company as sloppy as it seems or am I being scammed? If relevant, the company is Pebble from which I would expect a high quality checkout process.<p>What can I do? I don&#x27;t mind paying 10-20$ extra so I could just cancel the order, get a refund and then go to their website and buy it using the official way with paypal. I <i>do</i> care a lot about not giving my credit card details, specially given the 3 points above. And I also care about the timeframe, because as a backer I would receive it much earlier.<p>[1] probably the campaign organizers<p>[2] The campaign said I could have to pay more<p>[3] http:&#x2F;&#x2F;stripe.com&#x2F;<p>[4] http:&#x2F;&#x2F;pebble.com&#x2F;
======
Willox
Pebble also emailed me some links to
[http://kickstarter.getpebble.com/s/<unique_identifier>](http://kickstarter.getpebble.com/s/<unique_identifier>)
which allowed me to pay through Stripe. The HTTP links redirected me to the
same URL except HTTPS, so I was happy enough with it.

It was a couple of weeks ago, but it all looked legit to me and I paid ~$30
which was claimed to be 20% VAT.

Edit: And here's part of an email that was sent out on the 30th of June:

    
    
      1. Between July 11th and July 24th, we'll send invitations to backers, so you can finalize your pledge.
      2. When you get your invite, you'll provide your shipping address and color preference, and we'll collect VAT.

------
projectramo
You've pretty much answered your own questions!

Sounds like it is a scam link, Pebble itself seems to use https: fore
everything [https://www.pebble.com/](https://www.pebble.com/)

Absolutely cancel it, and re-order through the website.

------
DanielStraight
If you think you are being scammed regarding a Pebble product purchased
through Kickstarter, you should be contacting Pebble and Kickstarter.

It goes without saying that you should never provide credit card information
of an unsecured connection.

~~~
franciscop
It _is_ redirected to an url with https with Pebble's official email, so it
might as well be legit.

