Brandon's Blog

11/5/2023

You're So SHEIN

I want to change the names here to protect the guilty, so let's say this is the ballad of Bethilda Mack.

Bethilda has an email address that must be really close to my email address. She's an older lady, and maybe she fat-fingers things every now and then. Or perhaps forgets that she uses the purple website rather than the blue one. I don't know.

In any case, Bethilda signs up for things from time to time. She registered with an Oklahoma healthcare organization using my email. I get some emails every now and then when it's time for her to re-enroll.

This hasn't been a big deal in the past. I think one time I got something like a scholarship application reference request. For those bespoke items I will occasionally write back and inform them that Bethilda may occasionally live rent-free in my thoughts, but she doesn't monitor my email account. Our two ships pass in the night, and life goes on.

Until Bethilda started shopping for maxi dresses.

I got an email from SHEIN, which is a garbage clothes vendor. "Welcome, Bethilda Finkel!" I'm thinking, Bethilda seems familiar, but Finkel is new. Also, is my doppelregistrar Betty or Bethilda or Bonnie? I couldn't remember.

For my sins, I've bought a few disappointing things from SHEIN in the past, but with my burner email account. No relationship to the flagship email account that Bethilda occasionally intrudes upon. So, this is really random for it to come to the b.mack address.

I go into phish-alert mode and look at the domains on the header of the email. It's from sheinnotice.com. Sus, as the kids say.

So I pull up a DNS WHOIS on shein.com and do an A-B comparison with sheinnotice.com. They're both registered in China, no surprise there, but the registration info is wildly different. Different registrars, etc. China being the only common thread. I'm quite convinced that this is just a phishing deal and I report the email accordingly.

Then I get an email with the "thanks for setting up an account, here's your temporary password." And there's the b.mack email address as the account name with a random character password. Poor security practices, but also not your typical "Hi, I'm from USPS and your tax paperwork is late. Please send a Saltgrass Steakhouse gift card or President Obama will sue you" type of phishing. It's from sheinnotice.com, so I report phishing again.

Then the order confirmations pour in. Ms. Finkel managed to spend several hundred dollars at SHEIN, which is a feat akin to maxxing out the nameplate weight limit on the elevator on the way down from a cotton candy shop. The emails are strangely consistent for phishing, but they're also super janky. "Items in order: 0" followed by a list of nine maxi dresses, that type of thing. I think, we're in the burgeoning age of AI. The phishers have hooked up to ChatGPT. All good here.

Then I look down at the bottom of one of the multiple emails and see the ship-to address. It's to Ms. Finkel, on so-and-so-number Finkel Lane in a small town in Oklahoma. I chuckle. Checkmate, chatbot. Finkel Lane? What are the odds? I know a couple of people who live on a street named after their family, but c'mon. No way.

So I pull up the address in Google Maps. Double checkmate, HAL-9000. It's a valid address, but it's dead in the middle of a Native American cemetary complex. No street view, but no houses around either. Middle of nowhere, surrounded by tombs, in rural Oklahoma. Case closed, shut it down.

I check my credit cards to make sure everything is hunky-dory. No SHEIN charges. Good there.

Then I get the shipment-confirmed emails, which look even jankier but are consistent with the others. And there's the USPS tracking number. I grab the number and Google it, expecting to get nothing. I instead get a valid number lookup, with the shipment originating from SHEIN's Illinois DC. I can't see the destination address in the general lookup, but this is a real shipment with consistent timing and a credible fact pattern.

While I admittedly may have been holding onto grasped straws, I write this off as further sophistication in phishing and report the emails as suspicious. I check my credit cards again.

Then I get a DHL shipping notice for the second part of the order. I'm thinking, we're not in the Sudetenland here. Who's using DHL in America in the year of our Lord 2023? Turns out, SHEIN is using DHL, in this economy. It's another valid number.

I release my grasped straws in defeat. Bethilda may not be using my credit cards, but she's using my email... somehow managing to place a historically-significantly-large SHEIN order without confirming the email address, since she presumably can't access it. I pull up shein.com and log in using the b.mack address, go through the forgot-password flow, and I'm in. This is shein.com, not sheinnotice or shien.com or sheen.us or whatever, and there's the large bunch of maxi dresses from the confirmation emails.

I pull up the Goog and goog "Bethilda Mack Finkel," which I hadn't tried before. There's @bethildamack on Instagram, in her engagement photos with Mr. Finkel from 2021. She apparently found love in her sunset years, then married and shacked up with her (definitively white) beau surrounded by the angry, unresting spirits of multiple tribes of Native Americans. Then she ordered a shitload of maxi dresses with my frigging email address.

SHEIN showed my account as being (thank goodness) unconfirmed, and I put in a deletion request for the ill-fated account. Bethilda should be ripping poorly-sewn seams in her new dresses by the end of this week.