Skip to main content

Beware free iPad messages

  • June 26, 2026
  • 76 replies
  • 758 views

Show first post

76 replies

gleeok
Forum|alt.badge.img
  • Contributor I
  • June 27, 2026

Hi, I received one, too. Mine came from Аdministrator_Emmett, who does not appear to be banned.

 


Stanley_4
  • Grand Maestro
  • June 27, 2026

Not sure any Sonos folks are working the weekend shift here.


buzz
  • June 27, 2026

If you click on the three dots in the lower right corner of a post, there is a “Report” link.

 


gleeok
Forum|alt.badge.img
  • Contributor I
  • June 27, 2026

I don’t see those dots for private messages, just public posts.


buzz
  • June 27, 2026

 


Airgetlam
  • June 28, 2026

Agreed, those three dots don’t appear on the PMs, only on forum (public) posts.


  • Lyricist II
  • June 28, 2026

Same here


  • Lyricist I
  • June 28, 2026

Anyone actually clicked the link? I clicked it and redirected me to that Present Now and then I stopped did not interact or enter anything. I closed my browser, deleted all time history etc - on Chrome Mobile on Android Samsung. I ran 4 AV scans and it's come back ok and looked at my downloads and does not seem to have anything recent. Any further risk here does anyone know?

 

The accounts have got smarter because no longer using Administrator prefix, just the profile image uses Administrator image.

 


Airgetlam
  • June 28, 2026

I was unaware you could embed links in PMs…but then I’d never tried. 


  • Contributor I
  • June 28, 2026

I just received a message from a new account with no posts, Administrator_Jason, offering a free iPad. 

The message contains a link that looks like it is from Sonos.com but it is to presentnow.com. This has all the red flags of a scam. 
 

Just a warning to be careful about what you click on, even here. 
 

Mark

 

I received a similar message. 99.9% sure its a scam.


  • Lyricist I
  • June 28, 2026

I’ve received a similar phishing message from "CozyMomentsZ” - so they are definitely not limiting themselves to an administrator prefix.

In my humble opinion, Sonos should:

  • Lock new user registrations and private messages until countermeasures are in place.
  • Immediately do a sweep of all of these messages that were already sent, removing them, banning accounts, and alerting recipients. A lot of users are at risk of still falling for this scam.
  • Implement a feature that limits the ability to message other users from new accounts.
  • Rate-limit PMs per account in general: caps per minute/hour/day, tighter limits for new or low-reputation accounts.

  • Detect duplicate/near-duplicate message bodies sent to many recipients (fuzzy hashing, shingling) and block fan-out.

  • Implement a feature that shows the recipient exactly what url they will be redirected to. The messages claims to refer users to a sonos website but, evidently, the actual url of the link points to a different domain.

  • Implement a Report feature for private messages and moderators that go with it.


  • Lyricist I
  • June 28, 2026

Another spam account: JoyfulRide


Forum|alt.badge.img+18
  • Local Superstar
  • June 28, 2026

  • Lyricist II
  • June 28, 2026

I’ve received a similar phishing message from "CozyMomentsZ” - so they are definitely not limiting themselves to an administrator prefix.

In my humble opinion, Sonos should:

  • Lock new user registrations and private messages until countermeasures are in place.
  • Immediately do a sweep of all of these messages that were already sent, removing them, banning accounts, and alerting recipients. A lot of users are at risk of still falling for this scam.
  • Implement a feature that limits the ability to message other users from new accounts.
  • Rate-limit PMs per account in general: caps per minute/hour/day, tighter limits for new or low-reputation accounts.

  • Detect duplicate/near-duplicate message bodies sent to many recipients (fuzzy hashing, shingling) and block fan-out.

  • Implement a feature that shows the recipient exactly what url they will be redirected to. The messages claims to refer users to a sonos website but, evidently, the actual url of the link points to a different domain.

  • Implement a Report feature for private messages and moderators that go with it.

That seems very sensible given how many there are. Id probably also lock any accounts that have been recently created and block the IP addresses used to create the accounts. 


jgatie
  • June 28, 2026

I’ve received a similar phishing message from "CozyMomentsZ” - so they are definitely not limiting themselves to an administrator prefix.

In my humble opinion, Sonos should:

  • Lock new user registrations and private messages until countermeasures are in place.
  • Immediately do a sweep of all of these messages that were already sent, removing them, banning accounts, and alerting recipients. A lot of users are at risk of still falling for this scam.
  • Implement a feature that limits the ability to message other users from new accounts.
  • Rate-limit PMs per account in general: caps per minute/hour/day, tighter limits for new or low-reputation accounts.

  • Detect duplicate/near-duplicate message bodies sent to many recipients (fuzzy hashing, shingling) and block fan-out.

  • Implement a feature that shows the recipient exactly what url they will be redirected to. The messages claims to refer users to a sonos website but, evidently, the actual url of the link points to a different domain.

  • Implement a Report feature for private messages and moderators that go with it.

 

You are expecting Gainsight to be able to implement one of these, never mind all of them?  I'll be back later with my reply, I'm pretty sure I broke a rib laughing, and need to get to the ER.

Seriously, Gainsight hasn't been able to prevent new accounts from posting links on the public forum, never mind the stuff on your (very reasonable) list.  This place is routinely taken over by Spam that can be (and is) easily prevented/moderated on forum software maintained and moderated by amateurs, never mind the official support site for a billion dollar company.  


buzz
  • June 28, 2026

The active moderators are SONOS employees mostly working UK business hours. I believe there may be an active EU moderator. Once a scammer figures out the schedule, they pretty much have free reign. 


Stanley_4
  • Grand Maestro
  • June 28, 2026

Makes spamming Sonos a nice weekend side gig to your Monday to Friday job.

The default display option to hide the true link destination behind user selected text is also a great aid to the spammers.

Click-n-learn.com (a harmless destination but it doesn't have to be)


  • Lyricist I
  • June 28, 2026

Forum|alt.badge.img
  • Trending Lyricist I
  • June 29, 2026

I got one form Аdministrаtоr-Axton going to present-now.club

and their “Address” is IT Building No.3, NESCO IT Park, NESCO Complex, Western Express Highway, Goregaon (East), Mumbai 400 063

According to goddaddy

Sonos shooud do more to protect their community

I received my email from Sonos’s own outbound email system.

Just so poor from Sonos.


Airgetlam
  • June 29, 2026

You’d receive an email from Sonos on any PM on the forum, unless you go in and turn that off. 


Forum|alt.badge.img
  • Trending Lyricist I
  • June 29, 2026

good to know
so its turned on by default?

and then scammer use the forum to scam

great

 


Airgetlam
  • June 29, 2026

It makes sense, from a community perspective, to notify a user that they’ve received a PM. It only becomes an issue when that PM is sent by a scammer.  And, it’s an option, but yes, it’s on by default. 


Forum|alt.badge.img
  • Trending Lyricist I
  • June 29, 2026

what do sonos do to actively protect the community from scammers ontheri own forum?


Corry P
Forum|alt.badge.img+19
  • Sonos Staff
  • June 29, 2026

Please be aware that some related threads have been combined into this one.


  • Contributor I
  • June 29, 2026

I’ve also received one of these and will report it to ​@Jamie A privately.

Also surprised there is no way to directly report a PM. This is essential for effective running of a forum like this