Be Aware of Phishing Emails Disguised as Shopping Order Confirmations

You are probably aware of the many types of emails that end up in your inbox, including some that are considered spam, or worse, contain malware. You might get emails from other businesses claiming they found the secret to success, “spam” emails that are supposedly advertising the next best thing in your industry, and yes, emails that seem to come from a reputable source, but are nothing more than phishing emails.

These emails will use the logos and names of well-known stores and businesses, asking you to log-in and give your payment information. The latest string of phishing emails may appear come from major retailers, such as Walmart and Target, claiming that you need to give your username and password after an order confirmation.

What the Emails Look Like

These phishing emails, like so many others of their kind, don’t look like anything perhaps, but what they claim to be at first glance. They will come from a supposed reputable business, usually a big retailer, like Target, Amazon, Walmart, or Costco. In the subject line, they keep it simple by saying “Order Confirmation” or another phrase that would not cause you to question it.

In the body of the email, they claim that you recently finished an order, but that you need to log back in to correct a mistake or fill in other information. Instead of going to the retail site, though, these links re-route to sites that look legitimate, but actually attempt to steal your login and password once you submit your information. With this information, these phishing hackers have the potential to find out customer records, names and addresses, phone numbers, bank account and credit card information, and payroll information.

Who is at Risk

Everyone with an email is potentially at risk, but certain groups of people are targeted more frequently. Consumers who regularly shop at these retailers are the first group to be targeted. They might not know better or the email could come from a store they use often, so they will get curious and click the link.

As a business owner, you might see emails from retailers where you buy office supplies or business printing services. You are just as much a victim as a regular consumer.

Not only that, your customers and clients are also at risk. They might be claiming to be a business you run, and your customers click the link thinking it is your business sending it to them. They have just fallen victim to a scam.

How to Avoid Phishing Attacks

The very best way to avoid a phishing attack is to never click on a link in an email. Most legitimate emails won’t even include links that send you straight to entering confidential or private information. Instead, they will tell you to visit their website and log-in. Make sure you don’t follow links in an email, and you ask your customers not to do this either. If an email is requesting information, open a new tab and go to their website directly.

Employees who work from home or remotely might need to be more careful with phishing emails. If an employee in your office is using their own laptop for work, and they check their email, they are putting not just themselves at risk, but your entire company.

To help mitigate your risk of the repercussions of phishing emails, be sure that you are protected with cyber liability insurance.