Got an e-receipt today from PetSmart for about $20 for a credit card purchase. The purchase is in a state I don’t live in, and the last 4 numbers on the card don’t match any of mine.
Ran a free credit report, and the only cards shown are ones I have. On-line checks of the accounts don’t show the transaction in the purchase history (7 days ago, I don’t look at this email account much).
The email address isn’t one I use for much. A couple of old yahoo mailing lists, and Paypal, but not day-to-day.
The receipt looks pretty legit, but I can’t tie it into any of my accounts, and I can’t figure out what a scam may be. Could it just be a typo at the buyer’s end, and is an innocent mistake? Or are nefarious deeds afoot?
I got one from a store called Francesca’s the other day. Apparently it was just someone mistakenly putting in my email address instead of hers. No scam.
Does the message contain any links? (don’t click them) - hover over them and see where they point.
If they point anywhere other than the domain they purport to come from (I’m unclear whether this is the retailer or your bank), then it’s a scam, designed to direct you to a site that will steal your credentials, or hijack your machine, or something like that.
If the links genuinely point to the domain they purport to come from, then it’s probably just an error.
Links and embedded images are disabled in incoming emails. If I turn them back on and it’s something bad, is there a risk of something autorunning, or do I still need to click on something?
There is a small risk. A class of vulnerabilities called “drive-by” can take advantage of faulty memory management in applications or the operating system by crafting data to violate memory bounds and restrictions to drop the bad guys’ code into your memory and then execute it without your permission. This crafted data was often in the guise of images loaded as part of an HTML document, such as those in the email.
I think all known memory-bound violation drive-bys are patched in major OSs, but that just leaves all unknown ones. Still, I haven’t seen any descriptions of such exploits in the wild in some time, so it seems to be a theoretical risk to me ATM. Still, I wouldn’t do it. There’s nothing to be gained (you can figure out where the images are hosted without loading them) and a non-negligible risk, IMHO.
I get these sometimes in my gmail account and I think it is due to you having so many gmail addresses based on the one you set up. For example, if your gmail address is boblog3@gmail.com, you also have all combinations of the same thing with periods inserted. For example:
Does it show a phone number of the business that you can call to ask about it?
If it has date and time, or a transaction number, and a phone number, you should be able to call them up and give that information, and they should be able to find their records of the transaction.
The greatest risk is that by allowing images, you could confirm to a spammer that your account is real (if they include a linked image with a uniquely-coded URI, their server can detect when your mail client downloads the image - and your email address becomes more valuable to spammers.
It’s interesting to try to discover what this might be, but at this point, if it’s not showing on any of your bank or card statements, I’d just delete the message and move on.
When you opt for an e-receipts it has no way to know that the email address you entered is actually owned/controlled by you. It’d be easy enough to mistype on those small credit card reader screens.
You’ll probably get some junk email from petsmart now, since most places automatically opt you in for marketing emails when you request an e-receipt. If you want, you could forward the email to petsmart with a note saying ‘this isn’t me’.
This would be my guess as to what happened in the OP’s case. It happens to me all the time. My gmail account is firstname.lastname@gmail.com, and I frequently get emails which obviously result from the fact that someone else with the same name signed up for a website with his email address as firstnamelastname@gmail.com.
That happens to me as well. Except that the Gmail help pages said you can’t register firstnamelastname@gmail.com if someone already is registered as firstname.lastname@gmail.com. (The page said that Gmail ignores periods in email addresses.) So I don’t know why this guy thinks he has the email address.
With ANY question like this, I immediately call the credit card company. The people at Chase Visa are extremely helpful and on the ball. I wouldn’t try to find the answer online. My 2 cents.
But what credit card company does Patch call? The first 6 digits are the BIN which tells you who issued it; however, he only has the last 4 digits.
I’d lean towards it probably being email address was typoed.
I got a relatively early invite to the gmail beta, and brilliantly took advantage by taking a short, simple user name.
Did I say ‘brilliantly’? Well, it seemed like it at the time. Now this sort of thing happens to me all the damn time.
I gave up trying to correct it, just use gmail’s filtering & sorting to let me focus on my actual e-mails. Currently, it looks like I’m getting notices on Sierra’s USAA insurance account, Steven’s GeniusX membership, and Scott’s dental appointments. Oh, and Stephanie seems to still be sending me documents from her work e-mail to review at home. How does she not notice this isn’t working? She’s probably bitching at Google every time they don’t turn up. :smack: