The Incident at A.C. Moore

Yesterday, I needed to take care of some errands.  And one of those errands involved returning some framing materials to the local A.C. Moore hobby shop in Latham.  No big crisis – I bought too many products for my project, and I wanted to return the unused portions and put that money back on my credit card.

I arrived at A.C. Moore.  The place had a few shoppers, but it wasn’t very busy.

As I returned my materials and presented my receipt to prove i purchased the items at A.C. Moore … this happened.

“Thank you, Mr. Miller, your purchase has been returned to your credit card,” the cashier said to me.

Another A.C. Moore employee asked the cashier, “Are you going to call that person?”

“Yes,” she said, “just as soon as I finish these returns this gentleman brought in.  Such a strange phone call.”

“What’s going on?”  I asked.

“Oh nothing, Some customer called here with a strange request.”

Strange request.  Maybe they’re working on a scrapbooking project and are in search of some unique product.

“It was strange.  She called our store, and said she had received a rewards receipt in her e-mail, and she couldn’t open it.”


“She wasn’t even enrolled in our rewards program, and she hadn’t shopped at A.C. Moore.  So she was wondering why she received a receipt.”

Yeah, you’re sensing it, aren’t you?  Red flags.  More red flags than in a Moscow parade.

“Hi, you may want to check with your manager,” I said, “but this sounds suspicious.  It sounds like the customer may have been sent a phishing e-mail to try to get her password or credit card info, or – and I shudder to think – it may have had a clickable link that could install malware or ransomware on her computer.”

“Oh dear,” the cashier replied.

“Yes, definitely talk with your manager about this, but from what you just said … that e-mail doesn’t sound legitimate.”

“Thank you,” she said to me.  “i’ll check with my manager about this.”

Now this may have been just my independent opinion, based on accidentally overhearing snippets of employee conversations … but I’ve dealt with hackers and cybertrolls before, and I know that they use deception and misdirection to “phish” information from customers … you know, credit card info, password logins, mother’s maiden name…

And maybe I was wrong.  Perhaps this customer just couldn’t open their e-mail because of a hundred different ancillary possibilities.

But be that as it may …

If I was right … maybe I saved someone from malware or ransomware or some other destructive issue.

I guess I’ll never know.

Kinda hope I got it right, though…