Subaru Legacy Forums

Subaru Legacy Forums (
-   RalliTEK Performance (
-   -   SPAM from IPD/Rallitek ("") tonight? Bogus purchase COD (

TSi+WRX 09-21-2010 08:06 PM

SPAM from IPD/Rallitek ("") tonight? Bogus purchase COD
Hey Guys,

Just thought y'all should know...

I got a bogus/fake shipping notice from "" tonight....

Here's the main bodytext:


Your order was received today and will be processed as soon as possible. Please scroll down to review the STATUS of individual items on your order. You will also receive a confirmation when your order has been COMPLETED. If you have any questions please call: 800-444-6473. You may reply to this email, but if you choose this option, please allow ONE FULL business day for a reply. Thanks for your order, The IPD & RalliTEK Staff Dedicated to improving vehicle fun, safety, & performance Order Number: 839953 Order Date: 9/21/10

[ Contact Info. Removed ]

SHIP TO PRODUCT NUMBER/ (SEE UNIT DESCRIPTION BELOW) QUANTITY PRICE STATUS 5R1010 1 2 35.29 WILL SHIP BRK ROTOR R 200/700 SOLID D102D 1 1 23.96 WILL SHIP BRK PADS R ATE 69-00 28590 1 1 4.48 WILL SHIP SHIM REAR BRAKE PAD (D102) ******* Start of Kit components ******* 4230061 1 4 0.00 WILL SHIP SINGLE SHIM BRAKE PAD 102 ******** End of Kit components ******** 272642 1 1 8.86 WILL SHIP HDWARE KIT CALPR R 200 78-93 Merchandise Net: 107.88 Tax Amt: 0.00 Shipping Amt: 53.50 Total Amt: 161.38 Payments: C.O.D. Amt: 161.38 Balance: 0.00

I was a customer of yours not too long of a while back, so apparently, whoever has access to your system has compromised at least the e-mail and shipping/billing address portion

FWIW, I checked my last order from you guys (April, 2010), and this spoof e-mail was configured properly, exactly as one of your online invoices would be configured.

I tried calling your IPD offices tonight, but it's already too late (the e-mail appeared in my inbox at 8:02 PM, EDT, which means that your offices just closed on the west side.

I also sent an e-mail regarding this to your "" actual address.

Thank you for your attention. :)


Who still uses COD? :lol:

TSi+WRX 09-22-2010 07:40 PM

Thanks for taking care of this one so quickly! :D

I'm glad it was just an "order entry mistake!" :)

Again, thanks. 09-29-2010 05:26 PM

I did some research on this and the reason is quite simple. It was an error on my part as I simply used a quick zip code search for a shipping quote for someone that lives in the same area. When I did this, your account showed first as your last name appears first in the database due to "A". After switching screens I found the order still "pending" and could not remember if it was in fact a legitimate order. This prompted the automated system to generate an email to you but there was no payment on it as we do not store credit cards for security reasons, this is why it was automatically flagged COD.

I apologize for any confusion and have will attempt to adopt different protocol in regards to shortcuts in the system. I hope this makes sense to you.


TSi+WRX 09-29-2010 07:30 PM

^ No problem at all, Ron. :) I still have plenty of faith in you guys - either you or someone on your staff (I can't remember off-hand :redface:) rectified the issue very first thing the next morning, even before I had thought of picking up the phone to follow-up. :)

Thanks again for your timely as well as professional response ! :)

NSFW 10-07-2010 02:29 AM

It could be worse... IA Performance's ISP got hacked a while back, and yesterday I got a 419 scam "from" them.

TSi+WRX 10-07-2010 08:22 AM

^ It happened to me, too, with a retailer in another hobby - a well known one with a very, very good reputation, like Rallitek/IPD.

In that case (TAD Gear), my credit-card actually showed fraudulent charges, but the bank caught it before any of them went through, and refunded the money in just hours.

I've shopped online since there was an online, so I don't really think too much about such instances. It really can happen to anyone.

Just have to have fail-safes and guards in-place.

In this case, I'm glad that IPD/Rallitek's database wasn't hacked or otherwise misused, and that it was a simple and honest mistake. :)

All times are GMT -6. The time now is 08:12 PM.