THRYLL.COM Scam?

Yesterday I received an e-mail inviting me to join THRYLL.COM promising “THRYLL.COM is a Members-Only community offering top apparel and gear from the most Extreme Action Sports brands at up to 70% off” and was a little worried.

It reminded me a lot of getting an e-mail from an unknown company called ShoppyBag where someone had tagged a photo of me and which required me to log in before seeing the photo, after which you entered your contact or email information and all of your friends were invited in the same way, and never actually being able to log in. So this is what I thought Thryll.com was at first glance. I created this blog entry to talk about the laundry list of things that Thryll.com was doing wrong which made me think they were sketchy.

So, below is the list of reasons that I had marked them off as a scam, however, the company does look to be actively engaged in remedying these problems (see their comments below – they e-mailed me with much of the same info) and I have to give them credit for trying to fix these things, even though they are not all fixed yet, they are working on it.

So I have not logged in and ordered anything from them, but I encourage people who have to post comments below talking about their experience.

So, here is the list of problems with Thryll.com that I found on 10-18-2011:

  • (fixed) Absolutely no information or contact information about the company without creating a membership and/or logging in
  • (fixed) Not a member of the BBB (they have posted a link to another service. BBB requires you to be in business for 1 year before becoming affiliated)
  • No reviews on sites such as bizrate.com
  • They send unsolicited e-mails (to lists they have probably purchased from sketchy third party companies or scraped from websites)
  • When sending e-mails they don’t use a accredited e-mail service such as Contact Contact which advocates anti-spam
  • (fixed) They don’t have or use SSL for¬†transferring¬†information such as usernames and passwords. All information is sent via plaintext across the internet: Picture 1.png
  • They use shared web hosting and their reverse DNS is not even set: Picture.png
  • Lack of followers / poor follower ratio on twitter: Picture 2.png
  • Poor data management. When you create an account you are signed up immediately. No confirmation e-mail required. Additionally you will be set up as a Male who’s birthday is 1/1/1970. This is poor programming / cutting corners. Also, does an e-commerce site really need your full birthday? I’m not giving that to a site where everything is transmitted in plaintext. Picture 3.png
  • No way of knowing why you were targeted: I originally¬†received an e-mail from Thryll without signing up for it. Apparently they use cloudsponge.com as a way to allow you to log into your email account so that they can e-mail all of your contacts an invitation to Thryll (offering a $10 credit). The problem is that the invitation e-mail doesn’t tell you who inivted you. And as previously they are not using a well-know e-mail service to do this and so that makes the unsubscribe link sketchy (you always wonder if that is actually a “this email is legitimate, please keep spamming me” link)
  • (fixed) No contact page, phone number, or company information on the website. If Thryll.com deals in e-commerce they need to be available to the end customer without a lot of trouble. If you have to log in to get to everything and you are having a password or hacked account issue (as you may have since the login is not SSL protected), that makes the phone number and contact information unavailable. An e-commerce company should be able to be contacted in more ways than just over social media. Imaging Amazon.com asking your grandma to tweet them if she needed assistance with an order.
Here’s what the initial e-mail looked like:

Picture.png

Also, all of the links take you to log in to the site. The contact link does not work – even though it says “contact”.

Related Posts:

  • No Related Posts
This entry was posted in Marketing and tagged , . Bookmark the permalink.

11 Responses to THRYLL.COM Scam?

  1. tienda videoconsolas says:

    It’s actually a cool and useful piece of info. I’m glad that you shared this useful information with us. Please keep us informed like this. Thank you for sharing.

  2. Adonis V. says:

    Thryll.com sucks! I purchased $10 worth of raffle tickets for a pair of bindings and was notified that I won. One month later, no bindings. I contacted support and was addressed by the founder. I was told that the bindings came into their facility damage and that they’ll send out a different pair – I was even given the several options. Another month passed by and still no bindings.

    I contacted the owner and was promised that she will “look” into it…several more correspondence and the same promises and the same outcome, rinse repeat…no product at my doorstep. Five months, and counting, later I still don’t have the promised deliver. Be warned, if you do business with these guys…

  3. W says:

    Glad that you’ve taken time to fix these. I’ve adjusted my post accordingly. Let me know when I should re-check the other ones.

  4. Items 1, 2, 3 and 5 have been addressed in under 24 hours! We do appreciate your comemnts and hope that you will reconsider the wording of your blog as we are a legitimate business. We work hard to protect our users’ personal information. We will never stop working to improve the website and our members’ experience. Shoot me a question at [email protected] if you’d like more info.

  5. W says:

    Let me know when I should check back for updates. I’d prioritize things in this way: 1) Install and use an SSL cert for login and secure data transmissions. 2) Add contact information to the site – easily accessible. Also post your dandb link on the site. 3) I hope you’re not storing passwords as plaintext in the database – I saw that your confirmation email send both the username and the password. That seems odd. 4) Should upgrade your email service or show how the one you are using helps fight spam and unsolicited emails. Also your invitation email needs to include information on who the invitation was from. 5) I’m not sure there is a good reason for you guys to collect a full birth date (month and day might be ok). This is sensitive information and not needed for credit card processing. I don’t remember the last time I had to enter that information for an e-commerce site.

  6. Will, thank you again for all of your detailed comments. My co-founder Jeanine and I, as well as our tech and design team, have been busy trying to incorporate your suggestions into our website as soon as possible. We’re working really hard to try to address all of your concerns. As you’d probably expect from a startup, we’ve had very little sleep leading up to launch!

    I wanted to reach out to you with my contact info in case you have any further questions. One of the things we really care about at THRYLL is member support. Our customer service line rings my cellphone. Directly. Having our members be able to pick up the phone and talk to a person is really important to us. So you can contact me through our toll-free number (855) 838-8330 extension 1 is member support – it rings me directly – or ring me under my name at extension 4. I am far from a technical wizard so I won’t be able to answer all of your technical questions right away, but I am very good at running things down and I would be very happy to work to find you answers.

    Also, please know that we are accreddited with Dun and Bradstreet and are pending review at BBB. The BBB requires you to be in business for over 1 year before they will approve your application so there’s nothing that a startup can do other than wait for a year. But if it helps, you can view our public D&B profile here: http://www.dandb.com/businessdirectory/thethryllllc-boston-ma-28780444.html

    Please feel free to contact me at your convenience and thank you again for your thoughts. We won’t sleep more than a few hours a night until we get it right!

  7. W says:

    Glad to see my feedback is having some impact and you all are making an effort. Please address the items mentioned above and once they are resolved I will take another look at Thryll. Until then I believe there are some very real issues and security concerns and intend to warn others about these items.

    The reason I have such a problem with your service is that it is very similar to how Shoppybag.com was set up – and that was a huge scam spam-bucket with no real content. Also the unsolicited e-mails and lack of company information or a contact page or phone number is what makes your site sketchy. If you deal in e-commerce you need to be available with contact information for your customers in a fashion other than just Twitter.

  8. Hi Will. My name is Mike Fantasia and I am a Co-Founder of THRYLL. I appreciate your willingness to voice your thoughts. We are already working hard to address your concerns. If you would like to contact me, please feel free to use my linkedin profile: http://www.linkedin.com/pub/michael-fantasia/3a/6/79. Best regards, Mike.

  9. Jeanine Heller says:

    Hello,

    I am the founder and apologize for any confusion you may have experienced while visiting the site. I can assure you we are a legit business. We are in the process of rolling out the website and tweaking it. I appreciate this message as it has brought to our attention issues we need to address with the site. Perhaps the D&B certificate is not appearing – I will look in to that now.

    I am more than happy to answer any questions you may have, but please do not claim us to be a “sketchy” business when we are far from that. Please feel free to email me with your concerns.

    Best

  10. W says:

    Harry: e-mail me a link to your twitter account or your linked-in profile to show me that you’re legit and then we’ll talk.

  11. Harry F says:

    Dude. I know the guy that started this business, been to their offices. They’re already shipping product b/c it’s blowing up. It’s totally legit.

Leave a Reply

Your email address will not be published. Required fields are marked *