(Boston) — Shoppers’ email inboxes have just started being flooded with a timely and potentially dangerous scam. Cybercrooks are sending out authentic-looking purchase confirmation emails that appear to be from Walmart, Target, and Costco, among others, to lure unsuspecting shoppers to their fake websites.
Upon clicking the link for more information about their supposed order, consumers are taken to a foreign website where a malware-infested .zip file is automatically downloaded to their computer.
“This is the perfect crime at the perfect time,” commented Consumer World founder Edgar Dworsky. “Shoppers are busy placing orders between Black Friday and Cyber Monday, so they would naturally expect to find these confirmations in their inbox. And even if they didn’t place an order with the particular retailer, they may believe that a mistake may have taken place and want to see the details.”
The subject line of the suspect emails typically says “Thank you for buying from (retailer name).”
Consumers who click the link in these emails are taken to various foreign websites hosted at these domains: alchem-asia.com (Walmart email), test.vcalink.be (Target email), and bwanatembosafaricamp.com (Costco email).
Consumer World recommends that shoppers hover their mouse over any link in a purchase confirmation email and note the exact website they will be taken to before they actually click it. The website address should be displayed either in a bubble above the link or in the status line of the email program.
Here are sample purchase confirmation emails that are made to appear to be from Target and Costco, claiming that the customer’s order is ready for pickup: