2022-10-20: Fake order emails

Tags NCSAM2022

We're continuing the third week of National Cybersecurity Awareness Month.  For the previous posts (and other security articles we've posted) please see: www.newpaltz.edu/ncsam.

Today, I wanted to talk about one of the most common scams that we see.  These are the fake order scams.  These are scams typically targeting us as individuals, though they could come through a college email or a personal email account.
 

What are these scams?

All these are is an email to you confirming an order, subscription, or a bank transfer, but they are not for anything you actually ordered or subscribed to.

The messages will contain some information to make the message look authentic.  For example it may include:

  • fake account numbers, transaction ids, or similar numbers
  • a logo or other branding to make it look like it came from a legitimate company
  • a listing of what you supposedly ordered
     

How do the scams work?

The goal of these scams is to get recipients to believe that an actual order went out fraudulently, so you call them or click a link, to cancel the order.

If you call them

If you call the number, the person will claim they can help, and will ask you for information (under the guise of verifying your identity).  That information will most likely include a credit card number.

What happens next?  By giving out a credit card number with the goal of cancelling your order (that didn't actually exist), someone would be giving their credit card info to criminals who will most likely drain the account dry.

If you click a link in the email

There may be links in these emails.  They will bring you to login pages that look like the legitimate site they are impersonating (i.e. if the order says it was from Amazon, it will be a fake Amazon login page).  They will ask you to login, but by doing so you will give your username & password to the criminals who will then use it to make orders on your account (using payment info already stored on your account on the real site).

If you open an attachment

The attachments may look like invoices but could have malware (malicious software) or may ask you to login (providing the username, password, or other sensitive info like the other two categories).
 

How to recognize these emails

  • Do you recognize the company or sender at all? If not - you can almost always just ignore it.
  • Check the from address: The email domain (the part of the email address after the @ sign) is rarely the same as the real company.  They are often from gmail.com, icloud.com, yahoo.com, or other free email services.  They may be a misspelling of an address as well (i.e. something like Ammazon.com instead of Amazon.com).
  • Check (but don't click) the links: If there are links, you can hover over them (don't click on them!) and you can usually see the destination is not the real site.
  • Odd signs of international emails: There are often things that are normal in other countries but not normal here in the US.  Listing orders as 376.48 USD or United States Dollars instead of just saying $376.48 is a red flag unless you are legitimately dealing with a company outside the US.
  • Does the grammar or spelling look off?: Not all scams are poorly written, and not all legitimate emails are perfect.  I've probably made some mistakes in this email - but it could be a sign of something being wrong.  Automatic order notification emails, especially from major companies, are usually perfect with respect to spelling and grammar.


How to respond?

If you are certain that the email in question is bogus - you can ignore/delete.

If you're uncertain:

  • If it's a company you do business with - check your account on that site (not via links in the email!).  For example, if it's Amazon, go to amazon.com, login, and check your account.  If the orders in the email aren't listed on your account, the email is bogus and can be ignored.
  • If it's a company you don't do business with, check the supposed charges.  If they claim to have charged you some amount, check your bank/credit card statements.  See if those charges are actually listed.  If they are - call your financial institution to report fraudulent charges (via the number on the back of your card, not via any number in these emails!).  If they aren't listed - just ignore the email.

Under no circumstances should you:

  • click links in the email if you don't expect it
  • call phone numbers listed in the email
  • open attachments in the email

 

Thank you all for your caution!

 

Some examples of these are below:

 

Fake Norton order email

Screenshot of email purporting to be from Norton. The from address is a gmail address, and there's a phone number to call

 

Fake Geek Squad order email

There's no links here - just a phone number.  If you call the phone number in an attempt to 'cancel' the order (that doesn't actually exist) the criminals will ask for sensitive information to verify your order, such as: credit card numbers, bank account information, or passwords.  By trying to cancel a non-existent order, you'll be actually getting your account(s) compromised.

Fake order email, purporting to be from Geek Squad. The goal is to get recipients to call the number to cancel a supposed subscription, but when you do so, they'll ask for sensitive info.

 

Generic fake order email

Same as the Geek Squad email.  The goal is to get you to call the number, and give out sensitive information (under the guise of 'verifying your identity').  When you do so, they'll take the info you provided (credit card or bank account info, or passwords) to actually make fake orders on your behalf to steal your money.

Screenshot of a generic order email. It doens't say what you bought, doesn't even mention a company. Just charges, and a phone number. It originated from a GMail account

Details

Article ID: 147306
Created
Wed 10/19/22 4:14 PM
Modified
Thu 11/10/22 9:43 AM