dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
17078
share rss forum feed


Camelot One
Premium,MVM
join:2001-11-21
Greenwood, IN
kudos:2

1 edit

Sears.com order verification - very strange

EDIT: see update post below. This was actually Sears.

Original post:
I am confused by this one, so I thought I would run it by the people here.
Earlier tonight my wife placed an order on sears.com. The product was sold by/shipped by sears, not a marketplace member. She paid with a Capital One visa.
She received the first order confirmation email at 8:20pm, a few minutes after placing the order.
At 9:03, she received another email stating the following:

said by sears@value.sears.com :

Dear (wife's name)
Thank you for your recent order on Sears.com. To ensure your order is completed properly, additional processing time is needed. You may be contacted to obtain further information. Once your order has been processed you will receive an email confirming your order.
We sincerely apologize for any inconvenience this may cause.

Best Regards,

Imran Jooma
Senior Vice President, e-Commerce
Imran@customerservice.sears.com

Then at 9:46pm she received the following:
said by no-reply@sears.com :

Subject:Sears.com Contact Request Order # (the actual order number)
Dear Sears Online Customer:

Thank you for your recent order at sears.com. We truly appreciate your business!

To ensure both the accuracy and security of your personal information we are holding your order in review pending phone contact with you. We attempted to reach you at the telephone numbers provided on your order, but were unsuccessful.

In order to receive next day delivery, please contact us by 2:00 p.m. central time today at 1-888-396-5299 to discuss your purchase.

Calling us as soon as possible will prevent any unnecessary delays in your shipment.

Additionally, if we do not hear from you by 2:00 p.m. today, your order will be held for three days while we wait to hear from you. If you have not contacted us within that time, we may have to cancel the order with no charges applied to your credit card.

Again, we appreciate your business and look forward to hearing from you soon!

2012 Sears Brands LLC, 3333 Beverly Road, Hoffman Estates, IL 60179

She was on the phone with them when I got home, so I didn't know what was going on until after the fact. The rep presented her with multiple choice questions about what year she was born, what cities she had lived in, a cell phone number from 6 years ago,(which is also the number they claim to have called, not the valid number listed on the order) what kind of car she drives, where we own property, and her current AND past employer. In each case she was to pick from a list of 4 options presented by the rep, and in each case one of the options was accurate. So they pulled this information from somewhere. Within 5 minutes of hanging up, she received another email identical to the first order confirmation.

After she hung up and told me what he had asked, I checked the call log on our phone. (its VoIP) There had been no call from Sears, or anyone else all night. Then I looked at the emails, and noticed the 1st, 2nd, and 4th emails (which all seem legit) all came from sears@value.sears.com by way of omptrans.value.sears.com, while the one asking her to call came from no-reply@sears.com through smtp.ch4.shld.net (which I have since learned is a sears domain)

I instantly thought something was wrong, so I checked the card, pulled her credit report, and called the 800 number listed on the sears.com website. The rep I talked to couldn't find anything on the order to indicate anyone had called about it, nor could he confirm that the number she dialed belongs to Sears. (though, he did seem like quite an idiot) He pointed out that Sears shouldn't be asking the things they did. By the time he finished jerking me around, it was a little after 10pm - the closing time for their fraud department, so he couldn't transfer me to anyone there. A google search of the number returns mixed results, with some people claiming it is Sears, and others claiming it is a phishing number.

What gets me is the info the rep obviously had. If it was a scammer, they would have had to be hacked into the sears order database, because the questionable email had the right order number, and the rep she spoke with confirmed what she had ordered. But if a scammer had all of that, and all of her information, why bother with the call at all?

If it was really Sears, how did they get her info? We subscribe to a credit monitoring service that alerts us of new inquiries within seconds, and there is no alert. Her credit report as of tonight shows no new inquiries. She has never applied for credit with sears, has never ordered from sears.com until tonight, hasn't used that particular card at a sears store, and we have never had anything delivered from them. And she certainly didn't give them her SSN.

So even if I get Sears to confirm it was their rep she talked to, the whole thing still seems fishy to me.


bitemeboy

join:2005-04-06
Otego, NY

said by Camelot One:

If it was really Sears, how did they get her info?

I won't address your Sears situation since Americans seem to have a boundless, antagonistic attitude towards common sense.

Every and all aspects of your financial life are inputted and recorded by the credit reporting companies.

That information can be retrieved by anyone deemed appropriate by said credit reporting companies.
--
The monkey took...One look at Jim... And threw the peanuts...Back at him
..............................................Burma Shave...............................................


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 edit
reply to Camelot One

said by Camelot One:

So even if I get Sears to confirm it was their rep she talked to, the whole thing still seems fishy to me.

It sounds as if you would have done the same thing as I would have, which is to tell Sears where they could shove your order.
As bitemeboy See Profile pointed out, that information is widely available, but seldom used in that manner.
It's commonly used to verify the information supplied on an online order form.
Enough 'correct' info e.g., address, phone number etc... matching up & the order is a go, not enough data matching up it goes to enhanced scrutiny which is probably what happened.
The good news is that your wife's info has been updated so future purchases with Sears should go without incident (is that really good news? That's the real question)
I'm not at all familiar with Sears but it may have been their CC processor that called. Their usually the keeper of that info, but Sears is large enough that I honestly can't say if it were them or the processor that called but it does appear as a 'legit' call.

Edit to add:
If anyone believes this is an effective ID theft deterrent, think again.
It will only trip up the neophyte while often causing more harm than it prevents because of the 'workaround' that ID thieves use to beat this system.
The workaround is to use a person's ID/CC data to order a full report on the ID they are abusing from services such as »www.intelius.com/ where the answer to those types of questions will be available.
So when a company such as Sears is going to be the target for a fraudulent purchase the ID thief will order up a record of the victim (did I mention using the victims name & CC data) to be prepared for the enhanced security check.
So now the victim has another fraudulent charge plus their life history is now in the hands of an ID thief.


Camelot One
Premium,MVM
join:2001-11-21
Greenwood, IN
kudos:2

This morning I was able to confirm that everything is legit, at least in as far as it was Sears she was talking to. Last night the rep couldn't confirm that the phone number belonged to Sears, but when I called this morning and asked for the fraud prevention department, the rep gave me that exact number.

The person I talked to in the fraud department confirmed they were the ones my wife talked to last night. He said they pull that information from multiple databases and that the information is not stored in any Sears database. He pointed out that the same department handles in-store credit card application processing, which might explain how and why they defaulted to gathering such detailed information. He gave me the impression that the department is outsourced to another company. It's worth pointing out that throughout my call this morning, I had the rep rattling off the actual information they had, ie, her job title, what car she drives, etc. I had to provide nothing but my name and the order number to get him talking. My name is not on the order, and I was calling from a different phone number.

I order thousands of dollars worth of equipment online every week, and I have never been asked what kind of car I drive or where I own property. It's usually nothing more than making sure the name, address, and phone number on the order matches the credit card being charged. (and in this case everything matched) I've also never been able to get a rep to start spewing personal information without much more verification of my identity.

But then again, I don't order from slimy places like Sears.



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

said by Camelot One:

The person I talked to in the fraud department confirmed they were the ones my wife talked to last night. He said they pull that information from multiple databases and that the information is not stored in any Sears database.

Yes, why deal with PCI issues over the data when it is so easily & readily available on a seconds notice from elsewhere.
The difference between physical storage & access is nonexistent on a practical level.

said by Camelot One:

He pointed out that the same department handles in-store credit card application processing, which might explain how and why they defaulted to gathering such detailed information.

They accessed your wife's data because the system they use did exactly what it's intended to do, correctly (or incorrectly) identifying your wife's order as potentially fraudulent.

said by Camelot One:

He gave me the impression that the department is outsourced to another company.

That's really neither here nor there, but it would make sense on many levels if it were outsourced if even to a subsidiary.

said by Camelot One:

It's worth pointing out that throughout my call this morning, I had the rep rattling off the actual information they had, ie, her job title, what car she drives, etc. I had to provide nothing but my name and the order number to get him talking. My name is not on the order, and I was calling from a different phone number.

That may have been a diversion from policy but I'd put that in the favorable column.
Too often companies will hide behind policy rules to avoid answering questions.
That was probably about someone sensing your concern over the matter & not amplifying it with 'policy rules'.
said by Camelot One:

I order thousands of dollars worth of equipment online every week, and I have never been asked what kind of car I drive or where I own property.

Yes, the more you use your ID for online purchases the easier it is to verify correct info.
said by Camelot One:

It's usually nothing more than making sure the name, address, and phone number on the order matches the credit card being charged.

Those are big items for sure but other factors come into play.
Your IP being out of your normal range is one of the more common items that can flag an order.
said by Camelot One:

I've also never been able to get a rep to start spewing personal information without much more verification of my identity.

Again, I'd be grateful for that given the circumstances but only if I could handle the truth, LOL
Glad the incident was legit, but of course that depends on the definition of 'legit'.


Camelot One
Premium,MVM
join:2001-11-21
Greenwood, IN
kudos:2
reply to Camelot One

Just to update this: what triggered the fraud flag was that she paid extra ($37 more) for overnight shipping, having not ordered from them before. The combination of those two factors automatically triggers their fraud flag.

Not that doing so means it is shipped via overnight service mind you, which has the wife more than a little pissed today. Her order was shipped via 5 day UPS ground. A very unapologetic rep explained that "overnight shipping" with Sears is just an order processing time upgrade, when you pay for "overnight", they do their best to get the order shipped the following day. Despite obviously misleading terms, and a very unhappy customer, they offered no credit or even an apology.

This is great news for me, because it means I don't have to fight with her about not ordering from such a shitty company again.



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable

1 edit

said by Camelot One:

Just to update this: what triggered the fraud flag was that she paid extra ($37 more) for overnight shipping, having not ordered from them before. The combination of those two factors automatically triggers their fraud flag.

You've got to be one determined SOB to get that info from them. LOL
ID thief's are prone to selecting express shipping options for 2 reasons.
1. To get the item shipped before the fraud is detected.
2. It's not their money anyway.

said by Camelot One:

A very unapologetic rep explained that "overnight shipping" with Sears is just an order processing time upgrade, ...
This is great news for me, because it means I don't have to fight with her about not ordering from such a shitty company again.

This thread was correctly posted to the SCAM and Phishbusters forum.
That is clearly misleading terminology used for one purpose only.
For Sears to scam their online customers.


Camelot One
Premium,MVM
join:2001-11-21
Greenwood, IN
kudos:2

Unbelievable. Her order arrived today, and they sent the wrong item. Can't return it to the store, she has to ship it back at her expense. Once they get it, they'll credit the item price. Shipping is non-refundable. (even though it was ground on an overnight order)
--
Intel i7-2600k /ASRock P67 Extreme4 /4x 4Gb G.Skill /2x Intel 510 series 250Gb SSD /3x WD20EADS 2TB /2x PNY GTX 260 /Silverstone 850W /Custom water cooler /Antec Twelve-Hundred