Is this OK or should we be suspicious?

[Bugsy]

My wife has just received the following email from a company she has recently made a purchase from. The money has left her account but the goods have yet to arrive. Or am I being over-careful?

 

Dear Wendy,

Thank you for your order through **************.com.

As part of a routine security check that we carry out we would be grateful if you could email by return your billing address and the last three digits on the back of your credit card, where the signature strip is. Please DO NOT send your complete credit card number via e-mail.

Being asked for the security code is similar to being asked for your signature when purchasing in a shop and helps verify that the billing details are correct and that payment can be received.

The charge has to be confirmed by us before payment can be transacted, to do this we require the security code to ensure the transaction has been verified.

Please note that sending the security code by e-mail is totally safe as long as the credit card number itself is kept secure.

Thank you again for your assistance. Your order will be processed once your billing address and security numbers have been verified.



Yours Sincerely,
Joy
Customer Services

[Clair]

I am always asked to quote the 3-digit security nimber for my internet or phone purchases.

However, this is done at the time of order via a https:// (=secure) web page when ordering on the net.

[Catalpa]

You could phone Joy instead. Alternatively, phone your credit card co and see what they advise in this specific circumstance with XXX company.

[AnOther]

Don't do it, definately sounds like a phishing attempt to me.

If your payment has gone through they have no valid reason to request this information.

It maybe someone who works at or has contacts at xxx.com and who has already got hold of all the other numbers and needs the security code and your address to complete the set and start spending on your card.

I would phone the company but only speak to whoever is in charge. It might be that you could play along and catch whoever it is.

Alternatively send a copy of the mail to the company concerned, if it's genuine someone will get back to you.

Why not let us know who the company is, it's hardly advertising !

[Hoddy]

I wouldn't trust anyone who signed a letter 'sincerely' when it should be 'faithfully' especially if they used a capital letter for it.

Hoddy

[mint]

Hoddy

Hardly any of the younger generation nowadays pay attention to such niceties.  Alas!

[woolybanana]

You mean "I remain your most humble and obedient servant"

Flatulent nonsense all of it.

[Catalpa]

[quote user="Hoddy"]I wouldn't trust anyone who signed a letter 'sincerely' when it should be 'faithfully' especially if they used a capital letter for it.

Hoddy[/quote]

While agreeing with (someone earlier... Sweet17? [8-)]) who said many people nowadays have no idea about faithfully vs sincerely / etc, I'd have said that as it was Dear Wendy and signed Joy then sincerely was more appropriate than faithfully. I thought the formality of a Dear Sir (or Madam(e)[:P]) required a faithfully.

But all this is (sadly) close to irrelevant in the Age Of The Internet and email. And as for the instant and over-frequent use of first names...[+o(]

[Cat]

Anything that contains the words "routine security check" rings alarm bells for me.

Does your wife still have the confirmation email she received when she ordered the goods?  She should ring the customer services number on the original email, and ask if they ever send this type of request.

It sounds very like a phishing attempt to me.

 

[Bugsy]

Thanks everyone, for confirming my thoughts. I'll be ringing them today.

Gary.

[Panda]

Would agree with all those who have posted, there is no valid reason to ask for the 3 digit number, it is only used a tthe point of auth payment and that has been done.  I would call the company as if there has been a leak of your details likely there will be many others.

[sid]

[quote user="Bugbear"]

Thanks everyone, for confirming my thoughts. I'll be ringing them today.

Gary.

[/quote]

Please let us know what the outcome is, Gary!

Sid

[AnOther]

Not going to tell us who the company is BB ?

If it's a "plain brown wrapper" job we'll understand [;-)]

[Bugsy]

Strawberrynet.com..................................................[;-)]

[AnOther]

Certainly looks kosher enough.

A tip, applicable to a lot of commercial sites.

To report something like this try sending a mail to [email protected]  this will usually go some responsible person and will get you attention.

As a test I sent a blank mail to [email protected] from an normally dormant email A/C I have and it hasn't been bounced so it must be a valid address.

If abuse@ doesn't work try other obvious words like fraud@ or security@ etc.

[Bugsy]

Thanks Ernie.

They are a large company and seem quite above board. It was just the email request for the security code (that my wife had already given when making the purchase) that rang the warning bell. We are now in phone contact and will hopefully achieve a good outcome.

Thanks to all for the input.

[Cat]

It did sound like a phishing attempt though.  Large company or not, phishing attempts work because those that send the emails, and purport to be representing the company, gain the confidence of the target.

I forgot to say that I researched the company that you used, and it seems as if it is quite common for the site you mention to request this type of check by email.  You were right to be suspicious though, it is an unusual tactic.

 

[Deimos]

Just to show my ignorance I always thought that you used Yours faithfully when you started Dear Sir or Dear Madam.  Yours sincerely when you start with Dear <person's name>.  Have I been getting it wrong all these years ?

Ian

[Russethouse]

That's two of us Deimos.

[Cat]

I was taught it that way too.  That I could only be "sincere" if I knew the name of the person I was writing to.  If not I should simply be "faithful" (in faith of/have faith in, as I would not know them personally). 

[Russethouse]

http://www.speakspeak.com/html/d2h_resources_letter_writing_phrases.htm

Looks as if we are safe............[:)]

[Cat]

And the BBC and Oxford Dictionary agree with us [;-)]

http://www.askoxford.com/betterwriting/letterwriting/?view=uk

http://www.bbc.co.uk/scotland/education/bitesize/standard/english/lit_form/letter_rev3.shtml

[Russethouse]

Thats a relief - I make enough faux pas without adding that to the list...

[Bugsy]

Just to update those interested Mrs B, after phoning them direct, cancelled the order and has had her payment refunded. I think we may have uncovered an employee trying a bit of phishing, but they won't admit that, of course.

Anyway what did her brother want with that exotic aftershave anyway......[:D][:D]

[AnOther]

Thanks for the feedback BB, glad it's worked out OK for you (if not for your brother in law !)