Today, due to a bug in their website which put my order through
without my credit card info (d'oh!) I got this unfriendly and
suspicious email from lego:
My first thought was this was a Phishing scam email. Why? Well,
the subject was somewhat strange, the message was plain text, but
in HTML format, it didn't contain any actual information about my
order, and it told me to take some action or else dire consequences
in the next 24 hours. That, and it ended with "Warm regards" like
so many other phishing emails.
It had a support phone number in it, though, which was a new
one. I wasn't about to call that number, though. So, I went to the
Lego site and checked my order status. Sure enough, it said
"Customer service". I then dug up the customer service number from
their site, and yes, it was the same one as in the email.
How could Lego have communicated better?
Phishing scams aren't new. If you have a strong brand like Lego,
you need to make sure you're doing everything in your power to
ensure that your communications are taken seriously. The email
above is inexcusable, although I can almost imagine the quick bit
of app code that sent it out. We've all seen code like that; it
probably even has the SMTP server hard-coded.
So, first of all, Lego, fix the bug in your website that lost my
CC info but still put the order through. (I explained to them that
during the order process, I had removed an old credit card and
added a new one, so that path is the likely cause).
I explained this site bug to the CS rep. I hope she actually
noted it and reported it as a bug as opposed to the BS most CS reps
give you when they say they'll "note it on your account". Those
notes go into some mysterious bit bucket because I've never had
another CS rep tell me they saw the note (even when asked) on a
follow-up call. She did ask me for browser details, so it sounds
like Lego might actually have a reporting process. That said, the
browser details should have already been available to her, but I'll
cut a little slack here.
Second, your email needs to be more "official". What do I mean
by "official"? Does it need a Lego logo? Not necessarily, but it
should look like the other Lego Shop at Home emails. Here's an
example of one (potentially sensitive info blocked out):
At the least, the service email should have looked something
like this one.
The second thing to do would be to include some specifics about
my order. At least an order number, better yet, a link to the
online order status for my specific order. You need to make me
realize that you have access to my order info and so it most likely
is from you folks and not from some random botnet in <insert
country here>.
Third, tell me what the problem is. As written, it sounds like I
kicked off a fraud alert. That wasn't it at all. I'm a VIP member
with a boatload of points and truckloads of Lego products at home.
A little respect, please!
Finally. Sheesh. Don't tell me if I fail to get on the phone for
my internet order, you're going to cancel in 24
hours. 24 hours? Really? That's just crap. Transplant patients
are given more time than that.
My order started on the internet, make an effort to let me
finish it that way. Either provide an online chat, or let me
resolve it as much as possible over email. Don't send the message
from a "donotreply" address. I placed the order on the internet
because I found that the most convenient way (I hate talking on the
phone almost as much as I hate waiting on the phone). Waiting for
20 minutes on hold to fix your mistake is not how I wanted to spend
my morning, despite it giving me blog rant fodder :)
