EDIT: see update post below. This was actually Sears.
I am confused by this one, so I thought I would run it by the people here.
Earlier tonight my wife placed an order on sears.com. The product was sold by/shipped by sears, not a marketplace member. She paid with a Capital One visa.
She received the first order confirmation email at 8:20pm, a few minutes after placing the order.
At 9:03, she received another email stating the following:
said by email@example.com :
Dear (wife's name)
Thank you for your recent order on Sears.com. To ensure your order is completed properly, additional processing time is needed. You may be contacted to obtain further information. Once your order has been processed you will receive an email confirming your order.
We sincerely apologize for any inconvenience this may cause.
Senior Vice President, e-Commerce
Then at 9:46pm she received the following:
said by firstname.lastname@example.org :
Subject:Sears.com Contact Request Order # (the actual order number)
Dear Sears Online Customer:
Thank you for your recent order at sears.com. We truly appreciate your business!
To ensure both the accuracy and security of your personal information we are holding your order in review pending phone contact with you. We attempted to reach you at the telephone numbers provided on your order, but were unsuccessful.
In order to receive next day delivery, please contact us by 2:00 p.m. central time today at 1-888-396-5299 to discuss your purchase.
Calling us as soon as possible will prevent any unnecessary delays in your shipment.
Additionally, if we do not hear from you by 2:00 p.m. today, your order will be held for three days while we wait to hear from you. If you have not contacted us within that time, we may have to cancel the order with no charges applied to your credit card.
Again, we appreciate your business and look forward to hearing from you soon!
2012 Sears Brands LLC, 3333 Beverly Road, Hoffman Estates, IL 60179
She was on the phone with them when I got home, so I didn't know what was going on until after the fact. The rep presented her with multiple choice questions about what year she was born, what cities she had lived in, a cell phone number from 6 years ago,(which is also the number they claim to have called, not the valid number listed on the order) what kind of car she drives, where we own property, and her current AND past employer. In each case she was to pick from a list of 4 options presented by the rep, and in each case one of the options was accurate. So they pulled this information from somewhere. Within 5 minutes of hanging up, she received another email identical to the first order confirmation.
After she hung up and told me what he had asked, I checked the call log on our phone. (its VoIP) There had been no call from Sears, or anyone else all night. Then I looked at the emails, and noticed the 1st, 2nd, and 4th emails (which all seem legit) all came from email@example.com by way of omptrans.value.sears.com, while the one asking her to call came from firstname.lastname@example.org through smtp.ch4.shld.net (which I have since learned is a sears domain)
I instantly thought something was wrong, so I checked the card, pulled her credit report, and called the 800 number listed on the sears.com website. The rep I talked to couldn't find anything on the order to indicate anyone had called about it, nor could he confirm that the number she dialed belongs to Sears. (though, he did seem like quite an idiot) He pointed out that Sears shouldn't be asking the things they did. By the time he finished jerking me around, it was a little after 10pm - the closing time for their fraud department, so he couldn't transfer me to anyone there. A google search of the number returns mixed results, with some people claiming it is Sears, and others claiming it is a phishing number.
What gets me is the info the rep obviously had. If it was a scammer, they would have had to be hacked into the sears order database, because the questionable email had the right order number, and the rep she spoke with confirmed what she had ordered. But if a scammer had all of that, and all of her information, why bother with the call at all?
If it was really Sears, how did they get her info? We subscribe to a credit monitoring service that alerts us of new inquiries within seconds, and there is no alert. Her credit report as of tonight shows no new inquiries. She has never applied for credit with sears, has never ordered from sears.com until tonight, hasn't used that particular card at a sears store, and we have never had anything delivered from them. And she certainly didn't give them her SSN.
So even if I get Sears to confirm it was their rep she talked to, the whole thing still seems fishy to me.