Did you get the fake Amazon order confirmation email? If so, I hope you didn’t check your order! There’s a new trend of phishing emails spreading banking Trojans left, right, and center. Read on to learn more.
Fake Amazon Order Confirmation – New Set of Trojan Attacks
The Fake Amazon Order Confirmation – The Full Story
Security researchers at EdgeWave discovered that a new phishing campaign has made its way into our inboxes, just in time for the Holiday season. Online shoppers are being tricked into downloading and installing a Trojan keylogger onto their devices. The Trojan then hides in the background, logging your keystrokes and stealing vital banking information.
Interestingly enough, while the subject line of the fake email is very convincing, the actual email address isn’t. However, since many people check the subject and ignore the email, the scam seems to be working.
First, you’ll receive an email from an address that looks like this:
With a subject line like this:
“Amazon Order #15401238066-002647”
The email itself looks exactly like a genuine Amazon order confirmation. In the email, you’ll find the estimated delivery date, the shipping speed, and the payment summary. You will not find any description on the items you’ve “purchased”. You will be prompted, however, to check the order details.
Once you’ve clicked on the button, you’ll download a word document titled something like order_details.doc. Once you open the document and click on “enable editing”, you trigger the Trojan, called Emotet, to launch.
Tips on Staying Safe from Phishing Scams While Online Shopping
This phishing scam is a very convincing one, which makes it incredibly dangerous. While there are things you can do to spot a phishing scam in your email, there are also measures you can take to protect yourself from the malware they deliver. The holidays are usually a time when many people turn to online shopping, so the risk of jeopardizing your banking details increases. Here are a few things you can do to stay safe while online shopping:
Check the Email Address
The first thing you should look out for is email addresses. If you get an email from a source or for a reason you don’t know, check the address. More often than not, a suspicious address will be easy to spot. It could be anything from a very unprofessional address to an unfamiliar domain name.
If you find anything suspicious, delete the email. Do not click on any links found in that email.
Check the Source Site
Let’s assume you received an email similar to the fake Amazon order confirmation email. In that case, the easiest way to find out it’s a scam is to log into your Amazon account off of Amazon’s official website. Instead of clicking on the infected link to see your order details, log into your actual account. Since this is a scam, you’ll find that the upcoming order doesn’t actually exist.
Problem solved, you’ve satisfied your curiosity without compromising your privacy.
Always Shop with a VPN
Finally, always wrap up your online shopping or e-banking while using a VPN. In fact, you should turn your VPN on each time you connect to the internet.
Let me explain.
Short for Virtual Private Network, a VPN will both encrypt your data and re-route your traffic through its own secure servers. This way, it creates a tunnel where all of your internet traffic goes through. Because the servers are completely private, no external party will be able to intercept it. In other words, a VPN will stop the Trojan from being able to report your information back to the hacker.
This will give you ample time to securely run a malware scan and quarantine/remove the Trojan. It’ll also make sure that no one can spy on you, monitor your activity, or steal your data.
To top it all off, using a VPN while you’re shopping online can even land you some sweet discounts you didn’t know you could get.
Best VPN for Shopping Online
Our VPN expert, Charles, has already written a very detailed review on the VPNs that make online shopping an absolute joy. In case you don’t feel like reading another article, here’s his top pick:
Charles found that ExpressVPN works best when shopping online. Everything from its military-grade encryption to its massive server count helps users find the ideal shopping prices in the most secure environment. You can even test it out for 30 days without making a real commitment by benefiting from its 30-day money-back guarantee.
In case you don’t find ExpressVPN to be the provider for you, there are other great options you can choose from:
Fake Amazon Order Confirmation – Final Thoughts
The holiday season is always iffy online, especially since bad actors like to benefit from the times where most people would be logging in their banking information. For that reason, it’s very important you pay extra attention to your online shopping habits. Make sure you follow our tips and try to stay as vigilant as you can, especially when it comes to phishing emails.