Thursday, December 8, 2011

Breaking Scam Info: A Newly Discovered Staples Privacy Violation Scam

Yesterday I received an email from Staples to review a product that my mother purchased at Staples store while she was out of state.  The problem with this is that she doesn’t have a rewards card with the company nor has she ever given out her (actually mine) email address.  So, how did the company get my email address?

The purchase was made with a credit card, which I also have the same card number.  I did have a Staples Reward card (a gold member one) which I have not used in nearly 9 years and I also had an associate card which hasn’t been used in nearly 3 years.  It seems that Staples linked the provided charge card number to one of my former rewards cards, thus getting the email address I signed up with on either rewards cards.  This means that Staples stores the credit card information that is linked with rewards cards whether the customers want them to or not.  Not only is this unethical, but it is very ILLEGAL!  Another great Staples scam uncovered!!  Who says that this storing of credit card numbers is even secure?  I don’t believe it is if the linking for them was so easy to do.  This is all we need is Staples illegally storing credit card information without the knowledge of its customers.  Once again Staples EXCELLENT JOB!!  You are continuing my proof of just how bad you really are!

I also wish to thank Staples for telling me of my Christmas gift as well…they really are a Scrooge and dumb as well…

1 comment:

  1. I, too, have a Staples Rewards card. I've recently received two emails in the span of three days asking me to update my email subscription. Problem is that I don't have an email subscription or online account with Staples.

    When I looked up the IP address of the email, it sourced back to a company called Cheetahmail (also known as Experian Marketing Services). The email originated in New Jersey and tracked back to @b.e.staples.com. (I find this curious since my understanding is that Staples' email domain is @e.staples.com.)

    In any event, I phoned Staples and they confirmed that they do not have my email address in their database, which makes sense because I do not have an online account with them. It looks like Staples (if legit) or some third party (if a phishing scam) has contracted with Experian Marketing Services so that EMS can send email solicitations on the third parties' behalf.

    The second email I got within 48 hours of the first had a subject to the effect of "We've Been Trying to Reach You." Again, I was asked to click a link to update my email preferences. Everything else about the communication looks legit -- correct Staples phone number, physical address, no misspellings, etc., but the track back domain name and the IP address just don't sit right with me. I refuse to click on the hyperlink of any emails I did not sign up for.

    I forwarded the emails to Staples and heard nothing back. I don't suppose I ever will. I'm simply going to put the emails in my spam folder and move on.

    Thank you for posting this blog about Staples.

    ReplyDelete