Cybercriminals exploit holiday shopping with fake order confirmations scam

Have you made any online purchases during this holiday shopping season? If so, I’m sure you’ve received some sort of confirmation email to let you know the order is in process, and perhaps an email notification to let you know your order has shipped. You may even have received an email alerting you to an issue with an order you’ve placed. That’s all part of the online shopping experience–and cybercriminals know it. That’s why there is a spike in fake order confirmation messages tied to malicious phishing campaigns.

I wrote about the phishing campaign tactics in this blog post:

During the holiday season it’s not unusual for both UPS and FedEx to show up at the Bradley household on an almost daily basis. We receive order confirmation and shipping notification emails for each delivery—and that’s just what cybercriminals are counting on. It’s just one of the many ways they exploit the holiday season to target more victims.

Brian Krebs, a respected authority on security and all-things-cybercrime, wrote a cautionary post earlier this week. “If you receive an email this holiday season asking you to ‘confirm’ an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.”

The trick with any phishing campaign is to make the message or website appear legitimate. Poorly designed scams are often easy to spot, but cybercriminals are getting much better at crafting believable fakes.

“Scammers have become incredibly good at making fraudulent emails look legitimate to the untrained eye,” agrees Craig Young, security researcher with Tripwire. “Attackers will commonly flood the web with spam mail claiming you have a package waiting to be picked up, an order awaiting confirmation, and a plethora of other emails designed to get users to click links.”

Read the full post at PCWorld: Beware this online shopping scam: Fake order confirmations.

Latest posts by Tony Bradley (see all)
Asprox botnetbonetBrian KrebsKrebs on Securitymalwareorder confirmationphishingshipping notification
Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.
Related Post
  1. Cybersecurity Priorities and Challenges for 2024

    As we cruise through 2024, cybersecurity remains a dynamic and challenging field, constantly evolving under…

  2. Key Insights from Coalition’s 2024 Cyber Claims Report

    Coalition's latest findings in their 2024 Cyber Claims Report shed critical light on the importance…

  3. Navigating the Rising Tide of Phishing and BEC Threats

    Phishing and Business Email Compromise (BEC) attacks are not just prevalent but are growing more…