Received email about a $500 purchase that I never made. I know it’s some sort of scam, but I can’t figure out what they’re trying to get from me.

Earlier this evening, I received an email from a website called about an order I had apparently placed (screenshot below). They appear to sell cannabis/vape products. I’d never heard of nor visited this site. It said that the payment method was Bitcoin, and that a follow up email would be sent with a bitcoin address for the payment to be sent to. I normally would have just ignored it, but it contained an alarming amount of my real personal information including my home address as the shipping/billing address, and my real cell phone number. Less than a minute later, I got a second email saying that my account had been created and included a temporary new account password.

I could see that it’s totally possible that my email address, home address and phone number could all have been part of a data breach of a different website, but I’m wondering what the motive would be for someone to either (a) Place an order with a legit site using my information, or (b) Email me about a fake order from a fake site with my real information?

I found their website separately (I didn’t follow any links from the emails), and it appears to be a real online store. Additionally, the temporary password worked to allow me to see the order details. I was never asked to enter any of my personal information (password, alternate email, etc.), So it doesn’t seem like a normal phishing scam..

Is there any possible vulnerabilities that I need to be worried about, or do I just ignore the whole thing?

The content was posted by jr2195 on 2020-08-28 10:55:51 via reddit

Similar Posts


  1. Shield_Lyger says:

    Email addresses, home addresses and phone numbers are not privileged information. So the fact that someone else has that data about you doesn’t necessarily mean that there was a breach.

    The information above doesn’t mean that you’re any more vulnerable than anyone else. I’m presuming that it wasn’t your bitcoins that were being spent, or your credit card that was billed. (I’d check those, just to be sure.)

    My first guess would be that someone’s ordering from them who shouldn’t be, and that they’re going to try and intercept or divert the shipment. This seems like a lot of work, but I don’t know what rules the cannabis industry is supposed to follow. Maybe they have to verify shipping information somehow.

    In any event, I’d call the vendor, and tell them that you didn’t place the order. Let them sort it out.

  2. davoodm93 says:

    Beep Boop … I’m a bot from [SEFCOM Lab](

    I found this link in this post, and this URL seems **not legit**. This is just an AI prediction, which may be false positive. If you think my decision is **correct** please click [here](, otherwise if you think my decision is **wrong** click [here](

    Note that *by clicking on these links you are agreeing to this [Consent Form](*

    Learn more about the bot [here](

  3. I received the same order information as you did today for $470 with all my personal information. The order is pending awaiting bitcoin payment. Look into it and there was a phone number in Plano, TX which I called but was dead. The website showed an address in Los Angeles, CA.

    In July I received a lipstick order from Saks Fifth Ave paid with my Amex credit card shipped to my address. They tried to place a second order for $3500 but I was alerted by text for fraudulent charge. The last time I ordered from Saks was 3 yrs ago and that was shopping through the website called shoprunner which partner with Amex for free 2 days shipping and all my personal info are saved in there. Shoprunner was breached in Nov of 2019 so I assuming that lipstick order was from this shoprunner. But I don’t know if this incident is related to the shoprunner breach.

    Just curious if you found out anything.

Leave a Reply

Your email address will not be published. Required fields are marked *