Mouser Scam Emails

[johnwmclean]

Been getting these lately:

Dear Customer,
 
Thank you for ordering from Mouser Electronics.  Unfortunately, we are unable to obtain an authorization for your purchase from your credit card company.  The most common reasons for unauthorized purchases are an invalid credit card number, an expired credit card date, or purchase has been declined as it exceeds the credit limit.
 
Please contact us 852-37564755 to verify your credit card information or to provide an alternative payment method (such as another credit card or to let me know if you’d like to wire the funds in advance) so that we may continue processing your order.  You may contact us by replying to this email or by calling me on the phone number below.   If we do not receive a resolution within 3 business days we will, unfortunately, have to cancel your purchase.
 
We look forward to your response, and thank you again for ordering from Mouser Electronics, Inc.  Thank you for your time, patience, and prompt attention in this matter.
 
 
Best Regards,
 
Sharon Lam

Customer Accounts Representative
Mouser Electronics (Hong Kong) Limited
A TTI Company
 
Unit 702-703, 7/F
Lu Plaza, 2 Wing Yip Street
Kwun Tong, Kowloon
Tel: 852-3756 4770 Main / 852-3756 4755 Direct
Fax: 852-3756 4799


Every day Mouser adds more new products than any other distributor. Find the newest products for your design at Mouser.com/new.

 

The subject title even includes a recent order number of mine.

I know most folks around here are savy, but to the uninitiated beware.

[Craig Sawyers]

I shudder to think how they datamined the order number.  Either Mouser has a massive leak, or what else?

[wink]

If you don't get your next  Mouser order - it wuz legit......

[shellylh]

1 hour ago, Craig Sawyers said:

I shudder to think how they datamined the order number.  Either Mouser has a massive leak, or what else?

Couldn't they just get it from an email?  Emails are not exactly secure. 

[Craig Sawyers]

You have to be pretty determined to eavesdrop on emails in transit - Snowden blew the whistle on government-sponsored programmes to do this, but it is hard to do so.

With Mouser, transactions are done via https, where public-key encryption is used to secure sensitive data.

The likely routes are:

1. A member of staff at Mouser selling information

2. A hack of Mouser's computer system

3. A trojan on the local machine sending sensitive information to hackers

4. An unsecured port on the local machine that is open.

3 is unlikely because up to date virus software - which we all have, right?  Port security can be checked by going to https://www.grc.com/intro.htm and running shields up to probe to first 1024 ports.

[ironbut]

Whenever I get an iffy email like that I always do a search to see if it is wide spread.

You can usually find out what the vendor is doing about it from the search.

Then I contact the vendor through their support addy on their web site.

BTW, it's always possible that something on Your Computer sent them the order number.

Edited March 7, 2016 by ironbut

[dsavitsk]

I received an email recently from a "vendor" whose products I had purchased from Mouser. They were aware of the item and the quantity. While the from and return to email addresses all appear sort of legit (it is a 3rd party company that manufacturers subcontract to for tech support), it came to an email of mine that while publicly available and tied to my name, has never been used at Mouser. My guess is Mouser sold a bunch of data.

[sorenb]

4 minutes ago, dsavitsk said:

it came to an email of mine that while publicly available and tied to my name, has never been used at Mouser. My guess is Mouser sold a bunch of data.

meaning that Mouser sold your Mouser-data to a third party, and the third party lookup your other email and used that ??

[dsavitsk]

That's the best explanation I can come up with.

[sorenb]

16 minutes ago, dsavitsk said:

That's the best explanation I can come up with.

I think it's because of your display of the Emperor II on your web site ... if you had used the ES-175 it would never have happend ;o)

[b0bb]

 

10 hours ago, johnwmclean said:

Been getting these lately:

.

.

.

The subject title even includes a recent order number of mine.

I know most folks around here are savy, but to the uninitiated beware.

Email messages contain a transport header (SMTP header) that shows the routing history of the message, check to see if your email client can extract it.

This is put on by the transmitting email server and not the sender, the good ones carry an authenticated header and the receiving email server can verify this as authentic.

The other giveaway of a scam message is embedded HTML links, if there are HTML links check to see where it is pointing to. (Do not click them)

On the surface the message looks legit, the phone number given is part of Mouser HK's PBX (852 3756 4700)

 

Someone there might have just messed up, probably worth a followup if the SMTP header shows it coming from Mouser.