Eleven months ago I bought a Lynskey GR300 frameset, or maybe I didn’t. I definitely received a receipt from them indicating that I paid, and two-three months later (sorry, it was a long time ago, hard to remember exactly), they shipped it to me. All good, right? Just another normal transaction with a company. The problem is that, yesterday, eleven months after the fact, their new accountant discovered that there was a problem and I still owe them for the frame.
Instead of sending any transaction details that would help me verify that 1) this wasn’t phishing 2) that the new accountant wasn’t wrong, they sent the email above. If the rep hadn’t also left a voice mail for me, I would have just assumed that Lynskey Performance, like a lot of companies got hacked or it was phishing.
The rep quickly followed up with this, but let’s be honest, there’s nothing in that screenshot that helps me verify either 1 or 2. In fact, anyone with a elementary understanding of Microsoft Paint could have made it, or changed it in a couple minutes. Like this…
The bizarre thing, or actually, the most bizarre thing about this experience (ignoring the fact that it took them eleven months to figure it out) is that they led with nothing but a payment link instead of detail.
We don’t live in a world where we can trust random email. We don’t live in a world where screenshots prove anything. Unfortunately, we live in a world where phishing attacks that look exactly like this are so commonplace that almost every employer provides training around how to recognize and ignore these kinds of emails. So even if I weren’t an IT professional with 20+ year of experience building web based apps, I would know better than blindly click “pay”. Also, no business is immune from hacking, it could have easily been exactly that with a little bit of why not screw Lynskey’s customers thrown in. To lead with the email above displays a level of naivete around all of these points that blows my mind. I have to wonder what the success rate is for that approach (assuming I’m not the only on impacted by new accountants findings); I sure hope it’s 0%.
Just to be 100% clear, I’m not trying to get out of paying Lynskey Performance for the titanium bicycle frame set if I owe them for it. Without a partial card number it’s going to be very difficult for me to verify anything on my end. I don’t have a PayPal account associated with email@example.com, so there’s no way for me to check with them. Eleven months is a long time ago, I have no idea which card I used, and despite it being a poor practice I don’t look over the statements that carefully. I have quite few credit cards (points FTW); some personal, some shared with my wife. Complicating the situation is that we also had a generous gift card which held the rebate from our solar installation around this time. Hopefully, we can run down the transaction details and I can verify what they are saying either way.
Even if they are 100% right here, it’s a strange way to run a company.