Energy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a confusing toll free number and directs customers to a parked page that tries to foist Web browser extensions on visitors.
The mailer (the first page of which is screenshotted below) urges customers to visit exxonmobilrewardsplus[dot]com, to download its mobile app, and to call “1-888-REWARD+” with any questions. It may not be immediately obvious, but that “+” sign is actually the same thing as a zero on the telephone keypad (although I’m ashamed to say I had to look that up online to be sure).
Anyone curious enough to guess at other ending numbers other than zero will wind up at a call center advertising “free” Caribbean (1) cruises or at a pricey adult chat service dubbed “America’s hottest talk line” (6).
Worse, visiting the company’s new rewards Web site in Google Chrome prompted my browser to run a “security check,” followed by a series of popups offering to install a Chrome extension called “Browsing Safely.”
That extension changes your default search engine to Yahoo and appears to redirect all searches through a domain called lastlog[dot]in, which seems to be affiliated with an Israeli online advertising network. After adding the Browsing Safely extension to Chrome using a virtual machine, my browser was redirected to Exxon.com.
Many people on Twitter who expressed confusion about the mailer said they accidentally added an “e” to the end of “exxonmobil” and ended up getting bounced around to spammy-looking sites with ad redirects and dodgy download offers.
ExxonMobil corporate has not yet responded to requests for comment. But after about 10 minutes on hold listening to the same Muzak-like song, I was able to reach a customer service person at the confusing ExxonMobil Rewards+ phone number. That person said the Web site for the rewards program wasn’t going to be active until July 11.
“Currently the Web site is not available,” the representative said. “Please don’t try to download anything from it right now. It should be active and available next week.”
It always amazes me when major companies with oodles of cash (ExxonMobil made $20 billion last year) roll out new marketing initiatives without consulting professionals who help mitigate security and privacy issues for a living. It seems likely that happened in this case because anyone who knows a thing or two about security would strongly advise against instructing customers to visit a parked domain or one that isn’t yet fully under the company’s control.
Update, July 11, 11:36 a.m. ET: As several readers have observed in the comments below, it appears that ExxonMobil has registered a different domain for its new rewards program: https://exxonandmobilrewardsplus.com/welcome/home (note the inclusion of the word “and” between Exxon and Mobil). This domain is advertised as the official new rewards program domain via ExxonMobil’s corporate homepage, exxon.com (albeit via a redirect).
Wasted too much time on this. I don’t care what the explanation is – I’m done. Plenti was a non-starter…now this. Usually I buy Shell gasoline anyway and would go to an Exxon station only if the price was on par. No incentive now.
Agreed! Ridiculous.
This has the fingerprints of the Hillary server wipe all over it.
Ricki, get over it, you won. How’s all the winning going?
The Clintons are the gift that keep on giving. They simply will not go peacefully into that night.
So far so good!!!
yea, if they are sending stuff out, the sight should be up, and the mail should say (starts on [date here]) nethier of which are happening. all the stuff says “register NOW”.
just got mine and tried to register. no dice. got my gas at speedway anyhow.
Got mine today, read this article and threw the whole thing in the trash.
After reading this ,in the garbage it goes
In reading all the comments, I didn’t notice anyone realizing that the no matter how careful I was in typing https://www.exxonmobilrewardsplus.com, it got changed to https://ww1.exxonmobilrewardsplus.com and hopefully I didn’t get a virus.
I received an Exxon Mobil reward card in the mail today, with instructions that said it’s replacing my Plenti card. After wasting 20 minutes trying to activate it, I stumbled across this online article. I’m glad I did, because I couldn’t figure out why I couldn’t find their online site to activate the card. If this new card is as useless as the Plenti card, I will be tossing it very soon. I used my Plenti card often but never once received a reward of any kind. I prefer to keep using my Shell card, because I instantly see the benefits with that one. It allows me to save money at the gas pump nearly every time I buy gas. If you’re looking for a good gas reward card, I recommend getting a Shell card and tossing the Exxon Mobil reward card in the trash
The only reason I’m holding onto mine is because unused Plenti points are supposed to roll over. Although considering this rollout disaster, I’ll believe it when I see it.
Don’t count on it rolling over.
The manager of the store/station I use, told me “that on the 11th Plenty points would be dropped and NOT roll over. That I would need to USE any/all points BEFORE the 11th or loose them.”
The brochure that came in the mail promises that the Plenti points will be transferred. The footnote (dagger) on the back page says that it might take a week. So apparently they sent the brochures out too early, the web site is not operational, and they did not prepare a proper message for that eventuality. The spam search page is a normal thing that spammers do for misspelled popular URLs, for instance. And the + sign in the phone number is really poor judgment, but on my iPhone the zero key maps to the plus character. Not on any landline phone I’ve ever owned.
The plus character was designated as an international dialing thing, but it’s really more or less exclusively used like that, not elsewhere within a phone number. And you’ll understand why I’ve you learn about what it does:
«When phone numbers are published for international use, the international call prefix is omitted, and the number should start with a plus sign (+) followed by the country calling code. The plus sign indicates that the country code follows and that an access code may have to be dialed in the originating country.» –https://en.wikipedia.org/wiki/International_direct_dialing
Note: “+” isn’t equivalent to “0”, on US networks, is equivalent to “011”, and in most of the rest of the world it’s equivalent to “00”.
Basically, the world *didn’t* standardize on a dialing sequence that meant “I want to dial internationally”, which meant people traveling around the world couldn’t portably dial anyone. Similarly, initially, the world didn’t standardize on a three-digit number to reach emergency services (in some places it’s 999, in North America, it’s 911, in Europe, it’s 112) – for reference, the eventual GSM standard is 112 which should work on all cell phones worldwide. The “+” functions to smooth over the inconsistency, and experienced travelers could read a “+” and understand that they can ask a local for the equivalent dialing sequence in the event the need to use a landline to make a phone call to a number with that encoding…
While it is generally placed on the “0” key of modern phones, it’s a distinct thing. (Typically you either tap and hold or quickly tap repeatedly to get it.)
And, of course, if you’re using a computer or something with a keyboard, you can get a plus using the plus key. – Something I do more often than the strange machinations required to get it from a dialpad.
Exxon must have assigned Joseph Hazelwood and his crew to head up this project.
I have been trying to register this and get my card ready since plenti is ending
but dang. I have sat here for over hour and couldn’t get anywhere.. I am tired
My wife is already ‘off of them’ due to the plenti card fiasco – the rfid fob worked fine for us.
I tried to force the site – McAfee said Very Risky
i told it OK and it changed to the ww1 and had the usual spammer menu
where is your brain Exxon?
now where is my conoco or shell stuff?
Well, yeah, they sure bungled this rollout. But I’m not going to throw the baby out with the bathwater.
Ongoing, this will amount to about a 1% rebate at ExxonMobil (based on $3/gal; bigger % if prices go down, lesser % if prices go up). That’s around 3¢ per gallon, which is the typical premium for my local Mobil compared to the Costco down the street. In cases where I’m traveling and Mobil happens to be the best bet anyway, the 1% in rewards is just gravy. When it’s like now, when using ExxonMobil’s Speedpass+ is giving me an extra 10¢ off per gallon, Dosh is giving me an extra 2% discount and AmEx is giving me a 10% rebate on ExxonMobil, this just ups the ante a bit more. And for the first 30 days, the new program is offering effectively a 5% rebate (again, based on $3/gal price). From where I sit, it’s worth a little hassle come July 11 for that kind of deal stacking.
Chris.
I’ve been searching for over an hour on this web page to register my new card I got in the mail today and NO WHERE is there a button that says, “register my card”. I’m done trying! You want customers then you need to make an easier changing method to register these new cards.
I have try to register my card can’t find where to go no phone to call to help me out. if you going to send someone a card you should have a number to go with it. Thanks
Thank you for the helpful article. I agree nothing should have been sent out until the website was up and running or they should have said you cannot register before July 11th. I used my plenti card all the time in combination with my ExxonMobil Credit Card and not only saved 6 cents a gallon on gas but earned 1 point per gallon in plenti points. Every time I reached 200 pts. I got $2.00 off my purchase at the pump. When I got my card statement I received the 6 cents off per gallon. You have to remember this new program and the credit card are separate.
I’m sure glad I saw this site first before attempting to register my card!!
My Norton anti-virus caught an attack byCategory: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
7/7/2018 9:40:27 AM,High,An intrusion attempt by 172.93.194.61 was blocked.,Blocked,No Action Required,Web Attack: Malicious Redirection 21,No Action Required,No Action Required,”172.93.194.61, 80″,”www.exxonmobilrewardsplus.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=2d987db6-81ea-11e8-a3fc-66a9f3578c61″,”DESKTOP-9GLJ55S (192.168.1.64, 58704)”,172.93.194.61,”TCP, www-http”
Network traffic from http://www.exxonmobilrewardsplus.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=2d987db6-81ea-11e8-a3fc-66a9f3578c61 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEMAPPS\MICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWE\MICROSOFTEDGECP.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.
Exxon Mobil should be ashamed of asking you to go to a website to activate a card to keep your points before the site is active. Shell is looking very good.
I put in the website address – saw your site and read it. I’m not doing anything until I receive something else from Exxon. It was also odd that the multitude of instructions was missing a page or two. Just not executed well at all.
Exxon bungled this worse than Obamacare roll out!
Thanks for the Krebs on Security infom or I would have spent
a week trying to figure out what # was + on my phone! as
I certainly got nowhere with online efforts and probably
messed up my computer for good.
Absolutely ridiculous for a MAJOR comopany.
You seem bright.
Received my Exxonmobilrewardsplus.com card today. Tried twice to access the website to no avail. Called the phone number provided only to find out the website won’t be up and running until the 11th. Why TF couldn’t they put that info on the stupid envelope, insert with the card, or ON THE STICKER ON THE FRICKIN CARD?????? I know it’s not your problem, you didn’t come up with this crap, and you can’t do anything about it. But thanks for listening. Exxonmobil, be prepared for my phone call come July 11th.
Thanks as I thought I was going nuts. I typed it so many times and kept getting scam web-sites. I tried the 888 number to no avail. Amazing that Exxon would put out something as inept as this!
I had the same problem and couldn’t figure out what was wrong, until I read over the fine print paper that was also included with this new card.. It does say July 9th is the start date for this, just wish I would have found it before my 30+ minutes of racking my brain as to what I thought I was doing wrong…
Frustrated to say the least!!!
Thank you Exxon for wasting 20 minutes of my life i will never get back.
I am glad i decided to skip over reading the explanation , and go straight to comments.
Thank you everyone and have a blessed day. In the trash it go’s!!
written July 18?? Must be that old WordPress ‘time warp’ plugin.
The big number is the day.
When they announced that Plenti was ending, I called them to have my account removed to try to get out in front of the inevitable selling off of all the customer data the program had gathered. They said that it had been deleted, but I was apparently auto-enrolled in this new program anyway. Had to make another call to cancel a service I didn’t sign up for. Found this article while searching for info on how the hell to dial a plus sign so I could make that call.
The iPhone keyboard (for one, at least) shows that the zero key is associated with the plus sign. I’d never noticed that before, and I bet the vast majority of customers haven’t either. But it’s there, right under my nose.
What a confusing bunch of mess – all ended up in the trash…
I have the same problem with the website and as for the 888 number I couldn’t find what number the + sign was on the internet. However, using the old tried and true method of elimination I learned it was 0 (zero) unfortunately I started with number 1 (one) and went down the list. As the author of this article says I received several interesting offers.
This stinks I wasted 1 hour trying to register my card in the trash it will go
People in usa maybe you should ask yourself what is wrong in usa ?? Why so much fraud scams
Thanks for sharing Brian.
I tried but it didn’t happen. Goodbye.