By Steven Cooley, Customer Impact Editor

One of the most common questions new shoppers ask us is if our company is legitimate.  While mystery shopping is a legitimate business, many scammers out there prey on people looking to make money, and do so while telling their unsuspecting victims that they’re going to be mystery shopping.  Here are some tips to help prevent you from being scammed, and to assist you in identifying legitimate opportunities.

You should be suspicious of a shop offer if any of the following are true:

1.) Email addresses that look legitimate, but are not.

  • Scammers may use an email address that looks like it comes from the correct company, but with minor misspellings or changes. For example, if a scammer claims to be from Facebook, their email address might be misspelled as admin@facacom or
  • Note: If the scammer is clever, the email may also show something that is not an email address in the “From” section, so the email may just say “From: John Smith” or “From:”
  • To Avoid This – Hover over the sender’s name/address in your email client and look at it carefully for misspellings.

2.) Links that look legitimate, but are not.Fraud

  • Scammers may email you and request that you click a link in order to resolve an issue, but these will often lead you to a fake version of the website that sends them your personal information instead of just logging you in.
  • To Avoid This – Hover your mouse over the link without clicking it, and examine the URL. The same tactics used to make fake looking email addresses are used here, so you should check for all the same tricks.  When in doubt, don’t click the link, and just go directly to the company’s website in your web browser.

3.) Emails that demand action, or sound urgent

  • Scammers like to push you into acting hastily by making the email sound urgent. Their hope is that you’ll be worried about the time constraint, and not notice any red flags that mark the email as a scam.
  • To Avoid This – Be wary of urgent demands or threats. A fake email might say something like, “If you don’t respond within 3 days, your account will be closed.”   Most legitimate contact email from banks or companies will not push you into acting without thinking.

4.) Email subjects that don’t make sense

  • Scammers may attempt to make the email look real by making you think they’re replying to something you already sent, or that they’re from a real company. If the email’s subject is “RE: Vegas Vacation” and you never sent an email with the subject of “Vegas Vacation,” it might be spam.  The same goes for receiving an email with the subject “Your Acme Bank Account,” if you don’t have an account with Acme Bank.
  • To Avoid This – If the email looks fishy based on the subject alone, don’t open it at all. Scammers can include things in the body of the email that let them know when you’ve opened it.  If you do, they know your email address is working.  This can make you a potential target for further attacks.

5.) Emails with misspellings and typos

  • One popular scam technique is to include lots of typos and errors in the body of the email. This may seem counterintuitive, but it actually helps the scammer in two ways.
  • It may bypass spam filters you have set up. Spam filters look for key words (“Free million dollar car!”), so misspelling these words (“fr33 mi11ion do11ar c4r!”) might let the email sneak through.
  • If the scammer gets a response from a poorly worded or spelled email, they know they are on to an “easy” target, and will focus additional efforts on scamming that person.
  • To Avoid This – Be wary of emails that are poorly written, or contain typos. Legitimate companies are generally pretty good about proofreading emails, so if you notice something like “account” repeatedly misspelled as “acount,” it is likely a spam email.

6.) Emails that request personal information

  • Most phishing emails will request personal information from you in some way. They will ask you to send your password, PIN, or other sensitive information.
  • To Avoid This – Email is not guaranteed to be secure, ever. You should be aware that anything you send over email might be read by more than your intended recipient.   Never send any sort of sensitive personal information by email.  Legitimate companies will never ask you for this type of information by email.
    • Additionally there are certain pieces of information that you should NEVER share – No legitimate company will ever need your password or PIN number. These are always personal and should be secret.

7.) Emails that make wild claimsEmails

  • Some scammers will attempt to entice you with exciting news, that you won a prize of some kind, or that you’ve been nominated for an award.
  • To Avoid This – Just remember, if it sounds too good to be true, it probably is.

8.) Job offers that don’t make good business sense

  • Sometimes a scammer will send you a job offer that sounds incredible, but doesn’t make sense for the business. For example, one popular scam involves the company sending out fake cashier’s checks for large sums of money.  They then ask you to cash the check and send part of the money to a specific address, and part of the money is yours to keep.

The scam is that the checks are not valid.  Your bank might go ahead and cash them, but the checks will later bounce.  In the end, you’ll have lost whatever money you sent back to the scammer.

  • To Avoid This – Think about what is being asked of you from a business perspective. In this example, it doesn’t make a whole lot of sense for the “company” to send you such a large check, because they have no way to guarantee you’ll complete the work.


If you’re ever uncertain about an email’s legitimacy,

  1. Visit that company’s website directly. Avoid clicking any links in the email.  If the issue is legitimate, you’ll find mention of it on their website or in your account information once you’ve logged in.
  2. Contact someone at that company directly. If you get an email that looks like it’s from a Acme Bank, but you think the email looks fishy, call Acme Bank and ask if the email is legitimate.  Make sure you use the number from their website, and not any number from the fishy email!
  3. Only download email attachments if you know what they are and are certain the email is legitimate.

If you ever receive contact from someone using the Customer Impact name and are unsure if it is legitimate, please do not hesitate to pick up the phone and call us! We want to help you avoid these scams whenever possible and are here to answer any questions you have.