Target 'Order Confirmation' Malware Email
OutlineOrder confirmation email purporting to be from Target claims that the company's online store has an order addressed to you. The message advises you to click a link to obtain full order information.
Brief AnalysisThe email is not from Target. The link in the message opens a compromised website that contains malware. The Target version is just one in a series of similar malware messages that have falsely claimed to be from well-known stores, including Walmart, Costco and Wallgreens. Despite a now outdated reference to Thanksgiving, the Target malware message is still being distributed.
- Fake Costco Order Notification Leads to Malware
- Fake Walmart 'Order Details' Email Opens Malware Website
- Fake Walgreens Order Email Opens Malware Website
As Thanksgiving nears we want to advise you that our online shop has an order addressed to you. You may pick it in any store of Target.com closest to you within four days.
Please, open the link for full order information.
'Target' Email Claims To Contain Order Information
The message suggests that you click a link to access details about the order.
Email is Not From Target - Link Opens Malware Website
If you use a non-Windows operating system, you may see a message claiming that the download is not compatible with your computer.
If you are using one of the targeted operating systems, the malicious file may start downloading automatically. Alternatively, a message on the website may instruct you to click a link to download the file.
Typically, the download will be a .zip file that hides a .exe file inside. Opening the .exe file will install the malware.
The malware payload used in these campaigns can vary. But, typically, the malware can steal personal information from your computer and relay it to online scammers. The malware in this version is designed to add your computer to the infamous Asprox Botnet.
Despite the now outdated reference to Thanksgiving, the Target malware email continues to hit inboxes.
One in a Series of Fake Order Emails That Link to Malware
Other versions list order or transaction details, but do not name any particular store. Again, links in the messages lead to malware websites. In some cases, the malware is contained in an attached file.
If you receive one of these bogus emails, do not click any links or open any attachments that they contain.
© Depositphotos.com/ equipoise
Last updated: December 19, 2014
First published: December 19, 2014
By Brett M. Christensen
DEC 14 Be Wary of ‘Order Confirmation’ Emails
Fake Costco Order Notification Leads to Malware
Fake Walmart 'Order Details' Email Opens Malware Website
Fake Walgreens Order Email Opens Malware Website
Payment Gateway 'Credit Card Transaction Result' Malware Email