Malware Email From Laptop Computer
Home Malware ‘Thank You For Purchasing’ Emails Contain Malware

‘Thank You For Purchasing’ Emails Contain Malware

by Brett M. Christensen

Online crooks often use fake “order notification’ emails as a means of distributing malware.

Typically,  such emails thank you for purchasing and claim that your order is being processed. They do not name the company that supposedly sent the notifications. Nor do they say what product or service was supposedly purchased.

However, they do include an order total amounting to several thousand dollars along with an order number, order date and customer email address.

They suggest that people check the attached file to find out more information about the purchase.

The emails are formatted fairly professionally and may appear to be genuine at first glance.

Details such as subject lines, order totals, and attachment names may vary in different versions of the emails.

Some have the subject line ‘Urgent Notice’. Others may have the subject line ‘Important Notification’.

However, the emails are certainly not genuine order notifications and the order details included are not valid.

The criminals responsible for the emails hope that at least a few recipients – panicked into believing that a large purchase has been made in their names – will open the attachment without due caution.

However, the attached .zip file harbours malware. If you unzip the attachment and then click the file inside, the malware may be installed on your computer.

The behaviour of the malware may vary based on the specific goals of the criminals who send it. The malware may collect sensitive information from the infected computer and relay it to scammers. It may also download further malware, and join the computer to a botnet.

Fake order receipt emails are a very common means of distributing malware. Be wary of any unsolicited email that claims to contain information regarding a purchase you know nothing about. If you receive such an email do not click any links or open any attachments that it contains.

Examples

Subject: Important Notification B041557794

Thank you for purchasing with us today! Your order is on process at present.

Order Total: 3592 AU Dollars

Please check the word file provided below to view more information about your order.

BILLING DETAILS

Order Number: ODI723430099
Order Date: 12.17 Mar 02, 2015
Customer Email: [removed]

Attachment name: Payment details W880742251.zip

Thank You For Purchase Malware Emails - 1

 

Subject: Urgent Notice P414296231

Thanks for purchasing with our company today! Your order is currently processing.

Order Total: 5155 AU Dollars

Kindly check the invoice given below to view more information about this issue.

BILLING INFO

Order Number: DXX889907299
Purchase Date: 6.46 Monday, Mar 2 2015
Purchaser Email: [removed]

Attachment name: Payment details S411028064.zip

Thank You For Purchase Malware Emails - 2



Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer