Cybercriminals exploit holiday shopping with fake order confirmations scam

Have you made any online purchases during this holiday shopping season? If so, I’m sure you’ve received some sort of confirmation email to let you know the order is in process, and perhaps an email notification to let you know your order has shipped. You may even have received an email alerting you to an issue with an order you’ve placed. That’s all part of the online shopping experience–and cybercriminals know it. That’s why there is a spike in fake order confirmation messages tied to malicious phishing campaigns.

I wrote about the phishing campaign tactics in this blog post:

During the holiday season it’s not unusual for both UPS and FedEx to show up at the Bradley household on an almost daily basis. We receive order confirmation and shipping notification emails for each delivery—and that’s just what cybercriminals are counting on. It’s just one of the many ways they exploit the holiday season to target more victims.

Brian Krebs, a respected authority on security and all-things-cybercrime, wrote a cautionary post earlier this week. “If you receive an email this holiday season asking you to ‘confirm’ an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.”

The trick with any phishing campaign is to make the message or website appear legitimate. Poorly designed scams are often easy to spot, but cybercriminals are getting much better at crafting believable fakes.

“Scammers have become incredibly good at making fraudulent emails look legitimate to the untrained eye,” agrees Craig Young, security researcher with Tripwire. “Attackers will commonly flood the web with spam mail claiming you have a package waiting to be picked up, an order awaiting confirmation, and a plethora of other emails designed to get users to click links.”

Read the full post at PCWorld: Beware this online shopping scam: Fake order confirmations.

Comments are closed.

Scroll to Top