PanicStation.org
UK USA
uk Money & financial emergencies retailer called about an order • high-value order you didn’t place • unexpected order verification call • unauthorised online purchase • fake customer service call • order confirmation you didn’t make • card not present fraud • retail account takeover • delivery address changed • scam order cancellation request • asked for one-time passcode • payment card used without consent • suspicious merchant contact • phishing about an order • parcel sent in your name • unexpected purchase alert • “did you place this order” • high value transaction query

What to do if…
a retailer contacts you to confirm a high-value order you did not place

Short answer

Treat the contact as potentially fraudulent and don’t confirm any details. Verify the order by contacting the retailer using details you find independently, and if any payment may be involved, contact your bank/card provider immediately.

Do not do these things

  • Don’t click links, scan QR codes, or use phone numbers given in the message/voicemail.
  • Don’t “confirm” personal details (full name, address, date of birth) just because they already know some of them.
  • Don’t share one-time passcodes (OTPs), banking app approval prompts, or card security codes (CVV).
  • Don’t let anyone “help you cancel” by taking payment or asking you to install software.
  • Don’t assume it’s safe because the caller sounds professional or knows your order “number”.
  • Don’t ignore it if you see any matching transaction in your bank/card activity.

What to do now

  1. Pause and switch to verification mode. Say: “I’m not able to confirm anything on this call/message. I’ll contact you via your official customer service channel.”
  2. Check whether an order actually exists (without using their link).
    • Open the retailer’s app or type the retailer’s web address yourself.
    • Look at order history, saved delivery addresses, and saved payment methods.
    • If you can’t access the account, treat that as a warning sign and move to step 3.
  3. Contact the retailer using a number/address you find independently.
    • Use the contact details on the retailer’s official website/app, a paper receipt, or a previous genuine email (not the new message).
    • Ask them to cancel the order, remove any new delivery addresses, and note your account for suspected fraud.
    • Ask what information they can use to locate the order without you giving sensitive data.
  4. Check your bank/card activity right now.
    • Look for a matching pending or authorised transaction.
    • If you see anything you don’t recognise (or you’re unsure), call your bank/card provider using the number on the back of your card and tell them it may be fraud. Ask them to block/replace the card as needed and explain how they want you to dispute the payment.
  5. Lock down the most likely “entry points”.
    • Change the password on your email account first (email often controls password resets).
    • Then change the password on the retailer account and turn on two-step verification where available.
    • Check the retailer account for new addresses, new phone numbers, or new payment methods, and remove anything you don’t recognise.
  6. If shipping is involved, try to stop the parcel safely (if available).
    • If you can see tracking inside your own account (not from a link), ask the retailer (via verified channels) whether they can stop shipment, cancel delivery, or return to sender.
    • If a parcel arrives that you didn’t order, you can often refuse delivery. Don’t confront anyone you suspect is trying to collect it.
  7. Report the scam attempt (or any loss of money/details).
    • If you’re in England, Wales, or Northern Ireland, report cyber crime and fraud to Report Fraud (online) or by phone on 0300 123 2040.
    • If you’re in Scotland, report to Police Scotland by calling 101.
    • If it came via email, forward it to report@phishing.gov.uk. If it came by text, forward it to 7726 (free).
  8. Do a quick identity check if it feels “bigger than one order”.
    • Get your statutory credit report from Experian, Equifax, and TransUnion (they don’t all hold identical data).
    • If you’re worried your details are being used repeatedly, consider Cifas Protective Registration (it prompts extra identity checks by many organisations for a period of time).

What can wait

  • You don’t need to decide right now whether to pay for credit monitoring or buy an identity protection product.
  • You don’t need to contact multiple organisations at once; prioritise retailer verification and bank/card provider first.
  • You don’t need to make a police report unless there’s an immediate safety risk or you’re specifically advised to for your situation.
  • You don’t need to change every password today—focus on email + retailer + banking first.

Important reassurance

This situation is common, and retailers sometimes contact customers because they suspect fraud. You’re not being difficult by refusing to confirm details on an inbound call or message—verifying independently is the safest move and usually speeds up resolution.

Scope note

These are first steps to stop loss and reduce the chance of repeat attempts. If there are signs of broader identity misuse (new accounts, repeated orders, credit applications), you may want additional support after the immediate risk is contained.

Important note

This guide is general information, not legal or financial advice. If you believe money has been taken or your account security is compromised, your bank/card provider and the retailer are the right first points of contact.

Additional Resources
Support us