Why You Should Beware of Order Confirmation Emails

Jul 29, 2021

Do you regularly purchase products or services online? Statistics show that over 2 billion people worldwide now shop online. Regardless of what product or service you purchase online, you’ll probably receive an order confirmation email for it. While most of these order confirmation emails are legitimate, though, some may have nefarious intentions behind them.

Order Confirmation Emails and Phishing

If you don’t recognize an order confirmation email — meaning you don’t recall purchasing products or services from the represented brand — it could be a phishing attempt. Order confirmation emails are commonly used for phishing. They’ll typically feature a link to a spoofed login page. In the email, the sender may ask you to log in to your account to verify your shipping or payment information.

Clicking the link, of course, will take you to the spoofed login page. The spoofed login page may look like that of the represented brand’s login page. When you enter your username and password, however, you won’t be given access to your account. Instead, you’ll send your login information to the hacker who’s behind the phishing email.

Order Confirmation Emails and Malware

In addition to phishing, order confirmation emails are often used to distribute malware. Hackers will harvest a large set of email addresses, after which they’ll mass-send a generic and fake order confirmation invoice to them. Attached to these order confirmation emails is file-based malware.

The malware may be disguised as an invoice. Rather than showing your order details in the email, the sender will ask you to download the invoice, which is attached to the email. The invoice is fake, however. And downloading it will infect your computer with malware.

How to Spot a Fake Order Confirmation Email

There are a few things you can do to tell if an order confirmation email is fake. Fake order confirmation emails are often sent from a generic address. They don’t feature an actual brand’s address. Some of them feature a webmail address, whereas others feature generic domain addresses. If you notice a webmail or generic sender address, the order confirmation email could be fake.

Fake order confirmation emails typically won’t feature your real name or other personal information. They are used in spamming campaigns. Hackers will collect a large list of email addresses, after which they’ll spam those addresses with the same email.

You can use antivirus software to identify fake order confirmation emails. If there’s malware attached to an order confirmation email, the antivirus software may notify you of it.

#emailorder #confirmation #beware