I received two texts Monday morning.
6:34am: “Wayfair: You are unsubscribed from all SMS alerts.”
6:32am: “Thank you for placing your order with Wayfair. Reply Y to confirm your order. If you did not place this order, reply N.”
I was puzzled.
Did I sleepwalk and shop for furniture in the middle of the night?
I opened my email and saw a flood of messages. There were at least three dozen email list confirmations, coming from Alliance Française Bristol, United Churches of Langley, BPI Asset Manager, among others. Some were in Polish and Romanian.
I scrolled to the bottom and saw the two messages that started it all:
6:33am: Thank you for your order!
6:20am: New Device Sign-in
Now I understood what had happened. An ambitious fraudster woke up at six in the morning, logged into my account, and shopped for 13 minutes. He—or she—picked an “80-Quart Antique Patio Cooler” worth $200. Once he placed the order, he disabled text alerts on my account (he should have done this first). He then signed me up for multiple mailing lists to overwhelm my inbox and cover up the order confirmation.
The invoice had a woman’s name and a delivery address near Sacramento, California. An online search indicates a 75-year-old woman lives at the said address.
Did she commit the fraud? Possible, but unlikely; that would be too obvious. If it was her grandson, would he be so reckless to use her grandmother’s real name and address? Could it be one of the woman’s neighbors?
Also, was the plan to use the patio cooler for a barbecue this weekend, resell it on eBay, or something else?
Moreover, how many times has the fraudster pulled this trick? Where did he get my login? Does he do this for fun, a side income, or a living?
I have many more questions.