Petronella Blog Archive

Visit our New Blog

Beware Order Confirmation Emails

Blog Post

Did you receive an order confirmation email for something you did not buy? It's not a mistake; it's a trap. Do not click any links or open any attachments in that email.

While these scams are common throughout the year, people tend to see them more this time of year, when people are doing more shopping, especially since many people are shopping online now.

The way this scam works is that an email is spoofed, that is, it's made to look like it's from someone it's not.  Major retailers such as Amazon, Target and Walmart are some of the more commonly spoofed companies.  The email includes logos, letterheads and content to look like an actual order confirmation email.  These emails will contain links to bad websites or attached files.  These links or files then infect the recipient's computer with malware or viruses.

A common virus right now is Asprox, a Trojan virus that collects email login credentials and uses those accounts to replicate more malware attacks.  It also turns infected computers into scanners that look for vulnerable websites it can infect and spread the malware even more.

The easiest way to avoid this vicious attack is to make sure you don't click links or open attachments from any order confirmation emails.  Of course, if you know you didn't order anything form the spoofed retailer, you should automatically assume the email is spam and get rid of it immediately, but if you're not sure there are a few ways to maintain your safety.

First, most order confirmation emails don't include attachments, so you should never click an attachment.  Secondly, many email browsers will let you hover your cursor over a link to read the URL.  If the URL does not match the retailer, do not click it.  If you're still not sure, you can always go directly to the website the order confirmation purports to be from and check the information from there.