What's your biggest current challenge? Have your say in Community Polls along the right column.

Re: Suss Confirmation Request | EMAIL SCAM 2024

Solved

Suss Confirmation Request | EMAIL SCAM 2024

ApplePie2025
Tourist
4 1 3


I'm posting this here since I couldn't respond to @scuba_beeee's post about the scam from Pinfairs.

 

Today, I received a response to a suss email confirmation request, prompting me to research email scams, particularly using the term "Google easy-exchange." In my search, I found @scuba_beeee's discussion on Pinfairs from May 2024, and I really appreciate discovering that thread.

 

HERE's WHY... In my case, both emails we received were identical to what was posted by @scuba_beeee , but they came from an identity named Amy Brown with an email from teamoku dot com. In my reply to her first email, I requested additional information to help with our investigation.

 

I asked for:

  • Full name, address, and phone number
  • Order number (if available) and the amount
  • Date and time of the purchase
  • Payment type and the last four digits of the card used for the transaction

However, she ignored my request and sent a second email that was identical to the one described in the Pinfairs scam. I hope this information assists someone in the future, just as their experience helped me!

 

-------------------------------------------------


------ 1st Email ------
Hi, I'm emailing because I recently placed an order on your e-commerce site but never received a confirmation email.

 

I witnessed the confirmation notice after placing the order, and the payment has been withdrawn from my account, but there's nothing in my spam folder. I'm a bit stressed since I haven't received any further information.

 

Could you please confirm if my order went through and reissue the confirmation email?

Thanks for your promptness. Looking forward to hearing from you immediately.

 

------ 2nd Email ------
Hello, I hope this message finds you well. I am writing to follow up on my previous email regarding the missing order confirmation letter for my recent purchase. Despite waiting for several days, I have yet to receive any confirmation of my order.

 

To assist in resolving this issue, I have attached a copy of my bank statement to this email. It shows a payment made to your store on October 4th.


I kindly request that you verify this payment and provide me with the confirmation letter for my order as soon as possible. If there are any additional details or steps required from my side, please let me know at your earliest convenience.

 

Thank you for your prompt attention to this matter. I look forward to your swift response.

 

Shared with Google easy-exchange: [Redacted]

 

------------------------------

Accepted Solution (1)
ApplePie2025
Tourist
4 1 3

This is an accepted solution.

Absolutely! Glad to hear that your post had an impact on getting pinfairs taken down. I appreciate your additional reddit info too. 

 

I read this post under the Patricia Larson link which is helpful to know. So I'll leave it here:

 

chownrootroot commented on post

 

This is a fun scam. While the tempting thing is to say “oh well the scam is to get refunded money for a non-existent order”, anyone with sense operating the website would look into their order system and say “nope, nothing here, no way you can possibly be refunded without an actual transaction.“

Instead, upon a reply of “got nothin’“, the scammer would then say “oh well I have a PDF file of my bank statement right here with the transaction, please look again”. Oh nothing bad can happen just looking at a PDF file, right? Well…The PDF will be delivered in a password-protected zip file. They provide the password in the same email of course (defeating the purpose of password-protecting the file anyway). This prompts you to use a Windows PC. And you unzip the file, do a simple double click on the PDF, and……well you’ve just been scammed. The file is actually executable and it runs code to steal your browser cache, which is a way to duplicate your logins on their computer and websites can’t tell the difference. Note that it’s not a login, it’s post-login, they don’t need to login anything, thus bypassing 2-factor and passwords.

And what do they do with this? Well with your website management system, they will look at orders coming in, they will contact customers (unbeknownst to you) and say they need to pay again because there was a glitch, send credit card payment or Bitcoin to blah blah blah, and they scam your customers. They delete the messages if they had to use the site itself to contact customers, and then it happens basically without a trace.

But you don’t sell things, they probably thought you sell things or you were about to setup the website to sell things.

Similar methods are going around with Airbnb hosts, with other small businesses, with freaking real estate firms (that one they tell you to change the routing information and you wire money to the wrong account and then you lose it forever, and you thought you were talking to the real estate company and you’re just trying to buy a house). Oh and it’s used in the “Elon is giving you crypto! Just send him crypto and he doubles it and sends it back!” YouTube scams.

View solution in original post

Replies 9 (9)

scuba_beeee
Shopify Partner
12 0 73

Thanks for sharing your experience! It's like whack-a-mole, take one down, another 10 pops up. All we can do is post about it to make it "googlable" so others can find the post and know its a scam. 

 

They took pinfairs .com down shortly after my forum post, so put them on blast! A google search for teamoku came up with 2 reddit posts about their scam site. 

 

https://www.reddit.com/r/woocommerce/comments/1e8fr1o/scam_email_from_teamokucom/

https://www.reddit.com/r/Scams/comments/1ekawy0/patricia_larson_teamokucom_scam_emails/ 

ApplePie2025
Tourist
4 1 3

This is an accepted solution.

Absolutely! Glad to hear that your post had an impact on getting pinfairs taken down. I appreciate your additional reddit info too. 

 

I read this post under the Patricia Larson link which is helpful to know. So I'll leave it here:

 

chownrootroot commented on post

 

This is a fun scam. While the tempting thing is to say “oh well the scam is to get refunded money for a non-existent order”, anyone with sense operating the website would look into their order system and say “nope, nothing here, no way you can possibly be refunded without an actual transaction.“

Instead, upon a reply of “got nothin’“, the scammer would then say “oh well I have a PDF file of my bank statement right here with the transaction, please look again”. Oh nothing bad can happen just looking at a PDF file, right? Well…The PDF will be delivered in a password-protected zip file. They provide the password in the same email of course (defeating the purpose of password-protecting the file anyway). This prompts you to use a Windows PC. And you unzip the file, do a simple double click on the PDF, and……well you’ve just been scammed. The file is actually executable and it runs code to steal your browser cache, which is a way to duplicate your logins on their computer and websites can’t tell the difference. Note that it’s not a login, it’s post-login, they don’t need to login anything, thus bypassing 2-factor and passwords.

And what do they do with this? Well with your website management system, they will look at orders coming in, they will contact customers (unbeknownst to you) and say they need to pay again because there was a glitch, send credit card payment or Bitcoin to blah blah blah, and they scam your customers. They delete the messages if they had to use the site itself to contact customers, and then it happens basically without a trace.

But you don’t sell things, they probably thought you sell things or you were about to setup the website to sell things.

Similar methods are going around with Airbnb hosts, with other small businesses, with freaking real estate firms (that one they tell you to change the routing information and you wire money to the wrong account and then you lose it forever, and you thought you were talking to the real estate company and you’re just trying to buy a house). Oh and it’s used in the “Elon is giving you crypto! Just send him crypto and he doubles it and sends it back!” YouTube scams.

CelloOctet
Visitor
1 0 0

Thank you! We received the exact two emails mentioned above, also from a Amy Brown at Teamoku. I did not trust it, so started to google it and found this post, glad to read here that it is indeed a scam.

CosmicTree
Visitor
1 0 0

Same scam, same messages word for word,  also Amy Brown at Teamoku. We appreciate the heads up 🙂

ApplePie2025
Tourist
4 1 3

Glad to help!

ApplePie2025
Tourist
4 1 3

You're very welcome! Trusting your instincts was the right call... glad I could helped.

Sausage27
Visitor
1 0 0

I've had the same email, word for word!

SCAM!! Ignore at all costs.

"

Hello,

I hope this message finds you well. I am writing to follow up on my previous email regarding the missing order confirmation letter for my recent purchase. Despite waiting for several days, I have yet to receive any confirmation of my order.

To assist in resolving this issue, I have attached a copy of my bank statement to this email. It shows a payment made to your store on November 1st.

I kindly request that you verify this payment and provide me with the confirmation letter for my order as soon as possible. If there are any additional details or steps required from my side, please let me know at your earliest convenience.

Thank you for your prompt attention to this matter. I look forward to your swift response.

Best regards,

Amy Brown"

DELETE IT!!

 

 

TheLimerickGirl
Visitor
1 0 0

hi, I have received the same email with the same issue. I never get caught by scams, but this seemed so personal I thought it was genuine. I foolishly clicked on the link she had sent as proof the purchase had been charged to her bank. has she now gained access to my computer! 😱 any suggestions what I should do? many thanks, Charlie

scuba_beeee
Shopify Partner
12 0 73

What happened after you clicked on the link? Did it download a file, and if so, did you open the file? Most (but not all) of virus files have to be executed to cause damage.

 

You should run virus and malware deep scans. Some programs I use are Malwarebytes (free to manually run) along with an anti-virus programs like Bitdefender, AVG, Avast, Avira (all free). Make sure to update the database on those programs before running the deep scan.

 

(I don't work in IT, just have some basic knowledge.)