Mother received an invoice email from a real third-party vendor (WowMobile) which have small local kiosks in malls and sell phone stuff for big telecom companies (Canada).

The @ domain appears real ([email protected])

This person used my mom's email (pwned on 10 different data leaks btw) to send himself 44 iPhone 17 screen protectors.

He did NOT use my mom's credit card.

He did NOT use her name or anything else, just her email.

No WowMobile account was created using my mom's email.

The address where this was sent (purolator, still on the way, I checked the tracking) is at a fucking DEMOLISHED house in a real neighborhood (wtf does he expert Purolator to do)

I called the phone number of the supposed recipient of these screen protectors (yes, probably a mistake on my part, fuck it) and the number is NOT in service.

I called the company's phone number at the bottom of the email, they apparently have been open for 4 days (the order happened 3 days ago, 1 day after they opened) and are confused AF about this AND are dealing with more cases of fraud.

If this was an online order ([email protected]) why are they giving me the number of a local store? Did this guy go in store and just order something and every order is sent through "[email protected]" ?

Why use my mom's email as a throwaway if he would not need a confirmation code? Why not just enter [email protected] (if you need a "real" random email) or [email protected] (if it doesn't matter if you need something real or not)?

Theories:

he will email her back and tell her he received "her" screen protectors, he wants to send it to her back, so please give me your address (extra datapoint to attach to the leaked email, no cash though, so why?)

2)

he will email her back with a fake WowMobile email (onlineorders@wowmobi*I*e.com - this is an *i* in all caps *I* to look like an L)
or something weaker like
([email protected])
to offer a "refund" for the accidental order, so give me your credit card to process this.

What are your thoughts?