Beware of new holiday shopping scam using fake order confirmations

This holiday season, hackers created an ingenious way of getting even the most tech and security savvy person to open their virus-laden email. Playing on our natural curiosity, they send emails seemingly from online stores many of us shop at such as Walmart, Target, Home Depot and Costco, confirming an online order. The email asks recipients to “click here” for more information on the order. Each email is properly branded and looks legit, luring email users to click, but their PC computer becomes infected with the malware that powers Asprox spam botnet.

Image from KrebsOnSecurity.com as part of the "Be Wary of ‘Order Confirmation’ Emails" report on 12/14/14.According to security blogger, Brian Krebs of KrebsOnSecurity.com, “Asprox is a nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email (such as the pharmaceutical spam detailed in my new book Spam Nation), and perpetuates additional Asprox malware attacks. Asprox also deploys a scanning module that forces hacked PCs to scan websites for vulnerabilities that can be used to hack the sites and foist malware on visitors to that site. For an exhaustive and fairly recent analysis of Asprox, see this writeup (PDF) from Trend Micro.”

Fox Business reports that Walmart will be updating its security page soon to warn consumers about the scam. “We encourage customers to exercise caution when receiving suspicious email and we recommend frequently updating the antivirus software on their computer,” the company’s spokesman Dan Toporek said. 

What Can You Do?

1.Always check the “reply to” email carefully for clues to its origin. Often, the origin address will reference a legitimate brand name, but it will often look like “Walmart.SomethingElse.com” instead of just “walmart.com.” If the reply email looks remotely suspicious, don’t open it.

2.Most legitimate sites will reference an order confirmation number in the email. If it does not, you should not proceed and should delete the email.

3.Don’t click on any of the links provided if you are suspicious. Instead, go to the legitimate website, login and search for your order history (if any) from there. If a phone number is supplied, try calling that – chances are the number will not work.

At Sinu, we want you to be safe and secure online, during the holidays and every day of the year. For more tips on how to protect you and your business online, also check out another recent blog, “7 Data Security Tips.”