Earlier this evening, I received an email from a website called buywestcoastcure.com about an order I had apparently placed (screenshot below). They appear to sell cannabis/vape products. I’d never heard of nor visited this site. It said that the payment method was Bitcoin, and that a follow up email would be sent with a bitcoin address for the payment to be sent to. I normally would have just ignored it, but it contained an alarming amount of my real personal information including my home address as the shipping/billing address, and my real cell phone number. Less than a minute later, I got a second email saying that my account had been created and included a temporary new account password.
I could see that it’s totally possible that my email address, home address and phone number could all have been part of a data breach of a different website, but I’m wondering what the motive would be for someone to either (a) Place an order with a legit site using my information, or (b) Email me about a fake order from a fake site with my real information?
I found their website separately (I didn’t follow any links from the emails), and it appears to be a real online store. Additionally, the temporary password worked to allow me to see the order details. I was never asked to enter any of my personal information (password, alternate email, etc.), So it doesn’t seem like a normal phishing scam..
Is there any possible vulnerabilities that I need to be worried about, or do I just ignore the whole thing?
The content was posted by jr2195 on 2020-08-28 10:55:51 via reddit