/ IT advice re: possible scam

Please Register as a New User in order to reply to this topic.
keith-ratcliffe on 17 Jul 2017

OK you IT people I am appealing for some advice please.
I received an email which appeared to confirm an order that I had placed with a company - it had my full name & address, an order number and a link to a website to confirm my purchase. As it did not refer to a product I had ordered I was suspicious. I suspected that a click on the link would ask me for account details etc. and request payment. My usual tactic is to hover over the email address and see if it looks bogus - this was the same as the visible address so I checked the website name through Google and it is a genuine website selling items that appear in the name ( I am not disclosing that for reasons of paranoia!). I dismissed it and moved on but then my wife mentioned that she had independently searched for something recently that did contain a key phrase that appeared in the website name but did not make any connection to the website that was contacting me.
Is it possible for someone to put together personal details and a search phrase to create a bogus order that would produce the scam email? More important what do I need to do to protect against future breaches?
I hope you can help.
Post edited at 00:10
Blue Straggler - on 17 Jul 2017
In reply to keith-ratcliffe:

Hi Keith. I am no IT expert etc and I don't have specific experience of the exact thing that you describe but I certainly see more and more of these. So far, simply ignoring them has worked.

I think basically these are just the old scams but more sophisticated with regard to e.g. the "hover over the incoming email address".
ByEek on 17 Jul 2017
In reply to Blue Straggler:

> I think basically these are just the old scams but more sophisticated with regard to e.g. the "hover over the incoming email address".

Again, no absolute expert, but there is a hover option in CSS, the script that controls how HTML looks so you could display a genuine website even if the hyper link is bogus.

Ignore. What company sends a follow up email to confirm a purchase?
gethin_allen on 17 Jul 2017
In reply to keith-ratcliffe:
The best way of avoiding email scams of you have any doubts, go directly to the web page of the company involved by typing the address into the browser (not following a link) and if possible log in to your customer area and see if there are any notes for you to respond to (eg. When you get spam telling you that there has been suspicious activity on your PayPal/apple account etc.) Or otherwise contact the company directly and ask them if they have emailed you.
Post edited at 09:03
captain paranoia - on 17 Jul 2017
In reply to ByEek:

> What company sends a follow up email to confirm a purchase?

Eh?

Every online retailer I've ever bought from sends an order confirmation email. And I expect them to.
Martin W on 17 Jul 2017
In reply to captain paranoia:
> Every online retailer I've ever bought from sends an order confirmation email. And I expect them to.

But the OP received an e-mail trying to trick him into clicking on "a link to a website to confirm my purchase". So not the same thing.

To the OP: rather than "hovering" (and risking being fooled in the way suggested by ByEek) take a look at the full header of the e-mail to see where it really originated from. If your e-mail reader won't show that information, use a different one.
Post edited at 14:46
Matt Vigg - on 17 Jul 2017
In reply to keith-ratcliffe:

Just delete it or move it to a folder if you want to keep a record of it, away from your other mails. You can register yourself here:

https://haveibeenpwned.com

The guy running this site is a security expert and tracks data breaches, if you register you'll get a notification if your email address has appeared in a known data breach. If you are registered on the site you had the email from consider changing your password on it anyway and tell the site owner (assuming it's a site you trust). If you're feeling paranoid and you've used the same password on other sites, change those or start using a password manager like lastpass.
ads.ukclimbing.com
captain paranoia - on 17 Jul 2017
In reply to Martin W:

I read this:

"I received an email which appeared to confirm an order that I had placed with a company"

which seemed to say the email was confirmation of the order from the retailer.

And replied to this:

"What company sends a follow up email to confirm a purchase?"

which reads the same to me.

"and a link to a website to confirm my purchase".

I also read that as meaning the same. But it could also be read as meaning 'please confirm your order'.

Confirm: tricky word which can apply to both parties of a transaction...
Post edited at 16:20
ByEek on 17 Jul 2017
In reply to captain paranoia:

> Eh?

> Every online retailer I've ever bought from sends an order confirmation email. And I expect them to.

Yes, but they don't ask you to click on a link to confirm it. At least that was my interpretation of this scam.
Climbing Pieman on 17 Jul 2017
In reply to ByEek:

> Yes, but they don't ask you to click on a link to confirm it. At least that was my interpretation of this scam.

But some give you only a link to see confirmation of an order they received. I can what Captain Paranoia is saying, and having dealt with at least one company that does not say in an email what you bought and sends a link instead (have to log in to view), it is open to interpretation of what the OP meant. Likely to be a scam if the OP meant an order had to be confirmed by the buyer.

Please Register as a New User in order to reply to this topic.