Page 1 of 1

Requests for “order confirmation

Posted: Wed Dec 18, 2024 6:37 am
by tasnimsanika1
The infrastructure that runs Internet email hasn’t changed much in the last 30 years. Yes, we’ve layered on some things like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) but at its core, the protocol is still the same. That’s the problem. Email was designed in a simpler time. A time when the Internet was a trusted resource and no one thought twice about the fact that it’s easy to modify the headers of an email to make it look like your boss is getting an email from the President of the United States congratulating you on all your great work. I’m not saying that’s happened or that I was a part of it… but hypothetically, it’s possible.

So if email can't be trusted, what can we do? Well, first, these days email is much more trustworthy. It's much easier to spot emails that are sent by someone but claim to be from the president, thanks to things like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).

However, even with these new technologies, email scams are still rampant. As we head into the holiday season , let’s pause for a moment and look at some things you can do to make sure you don’t fall for the latest scam. (Which isn’t sending emails to unsuspecting bosses…)

Email scams you should be aware of
Let's take a look at some of the many ways bad people try to do bad things to you through email. This first group of scams falls into the category of phishing scams. A phishing scam is basically an email designed to trick you into thinking it's from someone it's not and convince you to click on a link embedded in the email.

Fake “account verification” requests
These may appear to come from your bank, Netflix, Twitter, or one of those sites you don't admit to having an account on. No matter where they come from, they all have the same basic message.

“Your account has been blocked for a REASON. To unblock your account before we completely delete it, please click this link.”

Here's a hint, no trusted system sends these random emails. If you get one and you're not actually interacting with this organization, then it's almost certainly a phishing scam.

When in doubt, pull out the paperwork you have for this organization, find a phone number, and call them. Ask if there is a problem with your account. When they say no, thank them, wish them a nice day, hang up, mark the email as spam, and move on with your life.

Unexpected “billing error” notifications
Did you know that it's possible for bad people to find out things about you without you telling them? It's relatively easy to find out where a website is hosted. When bad people find out information like this, they like to use it to their advantage and to your detriment. Such is the “Billing Error” notice.

For example, if you're a SiteGround customer and you receive an email from SiteGround notifying you that there's been a billing error and you now owe $XXXXX more, stop. Don't click on any links in the email. Instead, go to SiteGround's support page and start a chat session with one of their support people. They can tell you whether there's a problem with your account or not.

Here is an example of a phishing email asking a SiteGround customer to update their billing information in order to renew their domain:


Please note that this fake email does not contain the recipient's name, and original emails from SiteGround should include the name you used to register your account.

Next, note that this email has grammatical and spelling errors. These are red flags of a scam email along with poor formatting.

Finally, the signature is not the one used by the SiteGround team.

Once you confirm that there is in fact no billing error, thank the kind support person, wish them a wonderful day, log out, mark the email as spam, and move on with your life.


An oldie but a goodie, and one that pops up a lot these days as e-commerce israel whatsapp number data has exploded, is the “Order Confirmation” email. These are most effective when they come from companies you’ve never dealt with. They usually involve large sums of money, too. The idea here is to alarm you so much that you’ll obviously click on the link to “Unconfirm” the order.

If the email appears to be from a company you don't do business with, ignore it. Mark it as spam and move on with your life.

If it looks like it's from a company you do or have done business with, contact them directly outside of email. Talk to the sales or accounting department and see if someone has placed an order on your behalf. When you find the answer is no… well, you know the drill.

The “Click and Collect” scam
Thanks to the recent pandemic, “Click and Collect” has become a common way to shop. You buy something online from a nearby retailer. You drive to their store and tell them you’re there, they bring the item to your car. Sometimes, they even put it in your trunk so you don’t have to meet them face to face.

Image

Nowhere in the Click and Collect workflow is there an email that says “Click here if you haven’t ordered this.” Treat these the same as order confirmation requests. If you don’t deal with the company, it’s a scam. If you deal with the company but haven’t placed an order, it’s a scam. If you have any concerns, contact the company directly, not by replying to the dubious email.