Email claims to confirm a Dell Online Store credit card order for a digital camera worth $865 AUD
Subject: Your order #34214223 has been accepted for the amount 865.00 AUD
Thank you for shopping with us.
Your order #34214223 Canon DF-E037 8.0 MP Digital Camera has been accepted for the amount 865.00 AUD.
Your card will be charged in that amount.
Thank you for your purchase.
You can check the order in your profile.
[Link to malicious website removed]
Dell Online Store.
In May 2007, people began reporting an unsolicited email purporting to be an order confirmation for a digital camera from the Dell Online Store. The message claims that the recipient’s credit card has been charged for a Canon DF-E037 8.0 MP Digital Camera at a cost of 865.00 AUD. A link in the email supposedly leads to a website where the recipient can check the order.
However, the claims in the message are untrue. Although the sender may appear to be a legitimate Dell email address, the address is bogus and the message does not originate from Dell. Instead, the email is intended to trick the recipient into downloading information stealing malware to his or her computer. The link in the email leads to a malicious website that installs a trojan that can then search for sensitive information such as bank account numbers stored on the infected computer.
Unsuspecting recipients will have a natural inclination to investigate what they perceive as an unauthorized charge to their credit card and may therefore click on the link in the mistaken belief that they will access more information about the supposed order. The hacker capitalizes on the likelihood that his potential victim will be panicked or angered by the supposed charge and may therefore be more inclined to click on the included link without due caution. Similar tactics are commonly used by scammers and hackers.
If you receive an email like the example shown above, do not click on any links in the message. In fact, be very caution of clicking on links in any unsolicited emails. If you receive an unsolicited message that appears to relate to a credit card purchase that you did not make, contact your credit card provider or the vendor directly rather than follow a link in the message.
Last updated: 18th May 2007
First published: 18th May 2007
By Brett M. Christensen