An email arrives confirming your order for a lap top computer or other product or service. The email attachment provides further details of your order.
Hang on! You haven’t ordered a laptop. You click on the attachment to find out more information, fearing that somebody has stolen your credit card information to place the order.
And that’s exactly what the scammers are relying upon.
This is the latest version of a phishing scam. Savy consumers are no longer falling for the fake bank security alerts so scammers have come up with a new version.
The email claims to come from an overseas retailer, sometimes a well-known company.
Typically it states: “Thank you for your order. If you paid with a credit card, the charge on your statement will be from the name of our shop. This email is to confirm the receipt of your order.”
It will then supply details of the date, your order number, payment method, product and cost. Sometimes the goods cost thousands of dollars.
Typically it states that you should not reply to the email because it has been sent from an automated confirmation system. Instead it directs you to the attachment which provides more details of your order.
But the attachment contains a Trojan which may contain:
Spyware to capture your personal information such as passwords, user names and account numbers so they can access your account.
Worms or viruses that harvest email addresses from your address book or destroy your personal files.
You should always be wary of any unsolicited emails and should always ensure that your anti-virus software and firewalls are up-to-date.
If you are tempted to open one of these email attachments because you fear your credit card information has been stolen, consider this:
Why would the fraudster provide your email address when ordering goods on your credit card?
Financial institutions have sophisticated systems designed to identify unusual activity on your credit card.
If an unauthorised transaction does appear on your card, contact your bank and ask for a charge-back. If you have not authorised the transaction, you wont be held responsible.
It is unusual for an online trader to provide an attachment with their confirmation email.
If you have clicked on the attachment:
Install and/or upgrade your anti-virus and personal firewall software;
Update all virus definitions and run a full scan;
Confirm every connection your firewall allows;
If your system appears to have been compromised, fix it and then change the password on all your accounts, including banking, online trading, ISP and email accounts;
Keep a close eye on your credit card and banking accounts for unauthorised transactions.
Spam, or electronic junk email, is a Federal offence. If you have been a target of spam please contact the Australian Communications and Media Authority (ACMA) at www.spam.acma.gov.au . You can also download and install ACMA’s SpamMATTERS on your computer which allows you to simultaneously delete the spam and report it to ACMA with one click of your mouse.