Payment Accepted Emails – Don't Click
Emails, which purports to be a ‘payment accepted” notification from an online store, claims that your order has been processed and yet you never ordered the item. The email includes the supposed order number along with cost and delivery details for the purchase. The order numbers in the body of the email are clickable links.
Despite its appearance, however, the email is not a genuine order notification. Instead, it is a ruse designed to trick you into downloading malware.
The criminals who distribute the email hope that at least some recipients will mistakenly believe that their credit card has been used to make a fraudulent transaction online. Those thus tricked may click one of the links in the email in the hope of finding out more about the supposed order.
But, clicking any of the links in the email downloads a .zip file. The zip file harbours malicious software that, if opened, will install malware on your computer.
The exact nature of the malware may vary. It may be ransomware which will lock up your computer files and then demand that you pay a fee to online criminals to get an unlock code. Or, it may be designed to steal passwords and other sensitive financial and personal information from your computer.
Note that details, such as the order number, the name of the online store, and the supposed cost may vary in different incarnations of the message.
Hoax Slayer: Image: Nick Youngson
You Might Also Read:
Don't Underestimate The Impact Of Phishing: