Be cautious of the 'order confirmation' email. It could be a malware attack
You've no doubt been doing a bit of online shopping in preparation for the holidays, so getting an order confirmation email聽from a store like Target, Home Depot, Walmart or Costco聽most likely聽wont set off any alarm bells for you.聽聽After all,聽you聽probably think you know how to聽spot an email scam from a mile away:聽there are the misspelled appeals for cash, the promises of future riches and, of course, the desperate signatures of unjustly usurped Nigerian princes. But those seemingly innocent order confirmations may be just as sinister as the grammatically incorrect ramblings of your Nigerian pen-pal.
As noted in a recent post on聽, phishing聽scams, where cyber-criminals craft fake but authentic-looking emails from trusted companies in order to steal your personal information, are becoming increasingly common--especially during the holiday season. Here's how it works: You get an email with the聽subject line "Thank you for聽shopping at聽Target!" You click on it, and the body of the email looks something like this: 聽
This probably strikes you as a little odd-- maybe you聽don't remember buying anything from Target, or maybe you did order something, but didn't opt for in-store pickup. Either way, you're gonna be tempted to click on that link to get to the bottom of this, and if you do, you'll be playing right into the hands of the scammers. See, that link won't lead you to Target.com. Instead, you'll be redirected to a foreign site that will automatically download a .ZIP聽file filled with malware designed to hack your computer and steal things like your credit card numbers, your banking information, and your sensitive personal data. Sometimes this malware聽will be disguised as an attachment聽which the email text will implore you to open, but no matter how it's presented, you should NEVER click on it!
Luckily,聽it's easy to spot a phishing scam once you know what to look for.
If you're a frequent online shopper, you'll know that you聽usually receive an order confirmation immediately after you make a purchase online. If you're getting emails with subject lines like "Order Confirmation" "Acknowledgment of Order" "Order Status" or "Thank You for Your Order"聽and you haven't bought something within the last 15 minutes, it's safe to say they're not legit. Also,聽look out for misspellings, poor grammar and weird send-offs.聽For example, the above email is riddled with red flags, like: "You may pick it in any store of Target.com closest to you within four days." It is highly improbable that a company like Target would ever聽include such a glaringly incorrect sentence in what is supposedly an auto-confirmation email. Scammers often purposely include typos, as聽people who don't notice them are more likely to fall for their tricks. If you get an email that looks like it's from a store you DID recently order from, make sure you聽double check the address of the sender.
If you get an email from Target but the sender's address is no-reply@youngblood.net, it's a scam. Also,聽take care to聽hover over all the links in the body of the email. If they seem to be directing you somewhere other than the official store website, don't risk it.聽Most retailers let you check your order status and history on their store pages, so go there first if you get a fishy (or phishy) looking email. Finally, phishing scams don't only happen during the holidays. Here are聽a few things to look out for if you want to聽stay聽safe from scammers year-round:
