Today I received a couple of emails in Chinese from e.digikey.com, both identical except for the TO: address. For reference: I only ever order on digikey.com.au (Australia, English):
Via Gtranslate:
Digi-Key Customer Excellence Program
As an important customer, we hope to give you thousands of products at exclusive discounts through the Digi-Key Customer Excellence Program.
You will get:
Full discount
Future exclusive services, such as payment on credit
No other actions are required! Shop now and enjoy the experience!
These emails were addressed to me using a digikey-dervied datasource, specifically an order I made on 2019-01-14 and and order I made on 2021-01-28. I use a unique email address for every purchase I make (I own my domain and I have it setup so anythingyouwant12345678@mywebsite.com gets to me) so I know if anyone sells or loses my email address to a spammer. Each address I make up contains a long random number and I note it in a file along with the date & URL it was submitted to.
The real question is: are these legit emails from Digikey or phising scams using Digikey's data?
I rang Digikey this morning and was told very directly to "delete them", that they have been getting lots of calls this morning about it and e.digikey.com is not a legitimate sender from them. They say they already have their IT looking into it and thankyou for calling them about it.
At this point I don't think they're
necessarily phising emails from digikey-sourced data, I think it could be a sales guy at the Chinese digikey office using their dataset. All of the links in the email go to c.digikey.com; but there is still a chance I'm missing something, I have not read its full source, so don't take this as security advice. Treat it as phishing until further notice from Digikey.