Jump to content

Strange email from squadron.com


Recommended Posts

Over the weekend squadron.com had a sale, so I ordered a couple of items.

Today I received an email saying that before they ship my order they want to verify my credit card details. Julie Schmidt in the accounting department wants me to email the first 12 digits of my credit card to her.

I assume this is a scam. Has anyone else has similar weird email's after ordering from squadron?

Link to post
Share on other sites

I know that certain digits on credit cards mean certain things such as type of card and area of issue and such so maybe your New Zealand card is confusing an American system. I wouldn't just send the info but would try to check it out further by contacting them (through their published E-mail, not reply to what you got)....

Edited by RCAFFAN
Link to post
Share on other sites

Personally, I'd call Squadron directly on the phone and tell them about the email. If its indeed legitimate you can give them the details over the phone and while they are on the line I'd tell them that in this day and age an email requesting such information is not going to go over well with customers. If its not a legitimate request then you've warned Squadron and saved yourself potential heartache.

My two cents.

:cheers:

Link to post
Share on other sites

It sounds like a potential scam - it's possible that someone has gained access to their email system and is attempting to phish credit card details - but, if it isn't, then you should contact them and advise that they're in breach of PCI DSS.

Link to post
Share on other sites

I placed an order under the same sale and paid by CC, I did not receive an email query from Squadron.

Post the header info in the email you received, we can look at it and probably tell if it was a scam.

Link to post
Share on other sites

Thanks for the replies. I have forwarded the email to Squadron, unfortunately I cannot call them.

If the issue is because I have a foreign credit card, it's strange I would have it with squadron and no other online retailer. If it's a problem I guess I will just cancel the order.

Link to post
Share on other sites

Often the card numbers are put on statements and order confirmations with the phrase "card number ending in ****", ie just the last four digits are stated. If someone has illicitly obtained this data they may be trying to get the other 12 digits to complete the card number.

Smells phishy to me.

Darius

Link to post
Share on other sites

Contact Squadron through their regular web site and ask them what is going on. DO NOT reply directly to that email you received, especially if it has a "hot link" in it. You never know where you are going to wind up if you click on a hot link.

Link to post
Share on other sites

I emailed them and received a reply. They advised it's a legit email.

Did you reply to the original email from 'Julie Schmidt', or send one to their main email address (customercare@mmd-squadron.com)? Even if it's legit, they're still in breach of PCI DSS (the security standards of the credit card industry) as all transmission of cardholder data across open, public networks (i.e. the internet, of which email is a part) must be encrypted. Requirement 4.2 states 'Never send unprotected PANs (i.e. credit card numbers) by end-user messaging technologies (for example, e-mail, instant messaging, SMS, chat, etc.).'

Unless you really, really want that order, I'd consider dropping it. Squadron clearly don't seem to know what they're doing when it comes to security.

Edited by vince14
Link to post
Share on other sites

I tend to agree with Vince. Legitimate request or not in this day and age of identity theft and credit card fraud there is no way that Squadron is going to endear themselves with modelers by sending out these emails and asking customers to divulge such info.

Hope it all works out.

:cheers:

Link to post
Share on other sites

Sorry I'm late, but this has SCAM all over it, I would delete it and run a system scan for any nefarious files that may have came with it. This may sound a bit like overkill, but better safe than....a lot of swearing and problems later. Never have I heard of anyone requesting any card info; if they have the first 12 numbers it simple to just have their system run the gauntlet of numbers from 0000 thru 9999 until they get a hit and look out for any one whose number is legit. I'm of the mindset there is never too much caution.

Link to post
Share on other sites

Having done few purchases with US online retailers from abroad using non-US cards I'd say that request for card number might be legit. For example, B&H and Adorama requested a scan of both sides of my card. However while using non-US card with Squadron I wasn't asked for any additonal information by them. Had a US shipping address though.

Link to post
Share on other sites

As a Kiwi too, there is no way I would go along with this. It's why I use PayPal to avoid having to share my card details with merchants all over the globe. If I can't do it that way I'll look elsewhere. It seems to me that Squadron should be able to verify your card thru the Nth American card offices unless its not one of the major credit card types.

Steve.

Link to post
Share on other sites

Canuck Models website can process credit card information from people all over the world so there should be no reason they can't. No modern processing system should have difficulty processing a 'big 3' (Visa, MC, Amex) card from New Zealand. If squadron's card processing system is so ancient that it can't do this, or requires a human to verify data, you probably shouldn't be using them anyway.

Link to post
Share on other sites

Did you reply to the original email from 'Julie Schmidt', or send one to their main email address (customercare@mmd-squadron.com)? Even if it's legit, they're still in breach of PCI DSS (the security standards of the credit card industry) as all transmission of cardholder data across open, public networks (i.e. the internet, of which email is a part) must be encrypted. Requirement 4.2 states 'Never send unprotected PANs (i.e. credit card numbers) by end-user messaging technologies (for example, e-mail, instant messaging, SMS, chat, etc.).'

Unless you really, really want that order, I'd consider dropping it. Squadron clearly don't seem to know what they're doing when it comes to security.

Canuck Models website can process credit card information from people all over the world so there should be no reason they can't. No modern processing system should have difficulty processing a 'big 3' (Visa, MC, Amex) card from New Zealand. If squadron's card processing system is so ancient that it can't do this, or requires a human to verify data, you probably shouldn't be using them anyway.

This. All of this.

To OP - Cancel your order, there are better retailers out there.

Link to post
Share on other sites

I've dealt with Squadron since the 80s and never had my CC questioned. I wonder if CC prefix #s are different outside the US? Are you sure your CC# was entered correctly?

Not defending Squadron per se but this seems like an isolated case rather than a consistent issue with an antiquated system.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...