Rob here with Patriot Privacy and the Self-Reliance Institute.
I don’t know about you, but at this time of year I feel more rushed than usual.
I’m anxious to get as much accomplished as possible before celebrating the holidays with family and friends.
So while it’s the best time of year in many ways, it can be a bit stressful.
Scam artists know we’re all a bit rushed right now and they also know that the holidays mean the busiest time of year for ecommerce. They know that more people than ever before are ordering gifts online.
So, they’ve combined those two facts and created the Order Confirmation Scam.
Here’s a bit of what cybersecurity guru Brian Krebs has to say about how the Order Confirmation Scam works.
“If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.
“Seasonal scams like these are a perennial scourge of the holidays, mainly because the methods they employ are reliably successful. Crooks understand that it’s easier to catch would-be victims off-guard during the holidays. This goes even for people who generally know better than to click on links and attachments in emails that spoof trusted brands and retailers, because this is a time of year when many people are intensely focused on making sure their online orders arrive before Dec. 25.”
In Krebs’ warning, “Be Wary of Order Confirmation Emails,” he includes replicas of Order Confirmation Scam emails purporting to be from Costco, Target, Home Depot and Walmart. It’s worth taking a look at those to get a concrete idea of how realistic they can appear. Krebs goes on to state:
“According to Malcovery, a company that closely tracks email-based malware attacks, these phony “order confirmation” spam campaigns began around Thanksgiving, and use both booby-trapped links and attached files in a bid to infect recipients’ Windows PCs with the malware that powers the Asprox spam botnet.
“Asprox is a nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email…and perpetuates additional Asprox malware attacks. Asprox also deploys a scanning module that forces hacked PCs to scan websites for vulnerabilities that can be used to hack the sites and foist malware on visitors to that site. …
“Malcovery notes that the Asprox spam emails use a variety of subject lines, including “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.””
So, what should you do?
It’s fairly straight-forward.
“If you receive an email from a recognized brand that references an issue with an online or in-store order and you think it might be legitimate, do not click the embedded links or attachment. Instead, open up a Web browser and visit the merchant site in question. Generally speaking, legitimate communications about order issues will reference an order number and/or some other data points specific to the transaction — information that can be used to look up the order status at the merchant’s Web site.”
Please share this information with your friends and family. I’d like to get this warning out to as many folks as possible. By sharing it with your loved ones we can spread the word and keep folks protected from this scam.
I hate scam artists. And I really hate scam artists that try to take advantage of Christmas or any other holiday!
If you have thoughts or questions, email me at [email protected]
Be safe, secure and free!
Rob Douglas – Former Washington DC Private Detective and Certified Identity Theft Risk Management Specialist
Freedom Writers Publishing
1815 Central Park Dr. #358
Steamboat Springs, CO 80487