ALERT! Order Confirmation Scam ALERT!

Published On December 5, 2014 | By Tom Huskerson | Alerts, Fraud, Scams, Hoaxes & Hacks
ID-100297156

Courtesy of Stuart Miles

Order confirmations scams are exploding all over the Internet this holiday season. Ask anybody that works for UPS, FedEx or the USPS and they will tell you this time of year is the busiest there is for them. And for many people this time of year is when you send or receive the most packages. And that is the sweet spot for this holiday scam.

Scammers are sending out phony order and delivery confirmation emails by the millions to people everyday. Many people, knowing they have sent or are expecting a package, do something they would not normally do. They let their guard down and click on that link or the attachment. They may never discover, or find out too late, that they have given up control of their computer or their identities. The links or attachments install malware on the victim’s computer capable of stealing passwords for email or banking websites. Or the malware turns their computer into a zombie on somebody’s bot net. If you are really unlucky you could end up with a CryptoLocker malware.

Seasonal scams like this one return year after year because the method of tricking you is so successful. Crooks are catching people off-guard during the holidays because so many packages are being sent and received. And they use exact email replicas of delivery services and reliable shopping websites like Amazon.com, Wal-Mart.com and Target.com. People are so intensely focused on making sure their orders arrive before Christmas that they forget the Cardinal rule of the Internet; trust no one. Most confirmation emails do not require you to click on anything to get the tracking number. It is right there in the email where you can see it.

Malcovery, a company that tracks email-based malware attacks, reported these phony “order confirmation” scams began around Thanksgiving. The emails use booby-trapped links and attached files to infect Windows PCs with the malware that powers the Asprox spam botnet. Apple computers seem unaffected.

The Asprox malware is a Trojan that steals email user names and other passwords from infected machines.  This type of malware runs in the background and you may not be aware of what your computer is doing. It also can infect your friends computer and perpetuate even more Asprox malware attacks. If you are infected Asprox can also use your computer to attack other websites.

Malcovery.com points out that the Asprox spam uses some tricky subject lines such as “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.”

Be alert to these tricks. Should you receive an email from an online or brick and mortar store you do business with and it has a legitimate looking logo and it references an order, DO NOT CLICK ON THE LINK OR ATTACHMENT! Instead, open up another web browser window and visit the merchant site using the web address you are familar with.  Sign in with your own user name and password and check the status of your order. All that information should be there including order issues, your order number, tracking number and expected date of delivery date and who is delivering the package and other information specific to your transaction.  Remember trust no one! Use your own information to research your order. If there is a problem you will discover it.  And remind all your friends and relatives of this scam. Remember; friends don’t let friends play the fool online!

Here are few more tips to spot and fight order confirmation scams;

  • Print a copy of your order confirmation. Highlight all the relevant information and compare it to any email you get.
  • The scam email may be fairly generic not using your name or any information that is familiar to you.  Examine it carefully.
  • Hover you cursor over any links and examine the web address that appears. Make sure it is taking you where you want to go. BE CAREFUL NOT TO CLICK ON THE LINK!
  • Examine any attachment and look for “.exe”, or a double extension like “exe.pdf.” That could be a dangerous crypto malware.
  • Don’t trust any email just because it has a familiar logo or trademark.
  • Keep good records! What to did you buy and from whom? Who did you send it to? Call the person and let them know its coming, the tracking number and who is delivering it. And ask them to let you know what to expect with the same details.
  • Never click on links or attachments. Use your own information to research a problem with your order.
  • Never pay for delivery of something you did not order or were not expecting.
  • Never give personal information over the phone to someone who calls claming to have some thing to deliver to you.
  • Its the Internet; trust no one.

Now you know

See FedEx Fraudulent Email Alert

See UPS Fraudulent Email Alert

 

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. He attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has returned to focus on writing both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle. Most recently Tom has launched the blog African American Cyber Report. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *