I just received an email purporting to confirm an order that I never placed at online retailer ShopBop.com. In fact, the order doesn’t exist and the email doesn’t come from the retailer. Although it looks perfectly genuine (see picture), if you click on the URL to view the order details, it takes you to a site that downloads and runs a malware file on your machine. This is because the domain in the clickable link is not the genuine shopbop.com but a cleverly disguised lookalike name.
A quick search on Twitter reveals that several other people have received this today. It demonstrates how clever phishing fraud is becoming these days. Your first reaction is to furiously gasp, ‘I didn’t order that!’ and click on the link to see exactly what is going on. I was just about to do just that when I realized that something didn’t add up. So I hovered over the order details URL and saw that the domain it linked to was subtly different. Although it might have been legitimate, a quick check of the domain in my browser showed that it was trying to download an executable zip file to my PC.
This is a fresh fraud with no easy-to-find information coming up (at the time of writing) from a Google search, which illustrates the value of Twitter for getting up-to-the-minute information about new threats and events. Most of all, though, it demonstrates why you must always have your wits about you in the online world. Interestingly, though, it looks as though the URL it links to is already getting shut down by malware prevention tools (for example, Shopbop.com’s customer service email address rejected my email trying to advise them of the scam, presumably because of the link it contained). That in turn demonstrates the power of cloud-based malware prevention today.
Source: Software as Services Blog RSS | ZDNet | 1 Mar 2012 | 6:12 am