Evelyn Kanter ecoXplorer

green living, smart spending

Home » Scam Alert: Confirm Your Order

Scam Alert: Confirm Your Order

Leave a Comment

More of us are ordering online these days, which gives scammers more opportunity to send phishing emails and texts to confirm an order, that an order has been delayed, to track an order, or confirm receipt of an order.

My inbox overflows daily with scam emails and texts like these. Does yours?

Of  course  it does.scam alert graphic_Evelyn Kanter ecoXplorer

The just-released 2024 FBI Internet Crime Report lists 859,532 complaints of suspected Internet crime and details reported losses exceeding $16 billion.

That’s a 33% increase in losses from 2023.

So here is how to recognize the spam scam emails and protect yourself.

Top tips –

  • ALWAYS check the sender’s email address to ensure it came from a company you know or a sender you know.
  • NEVER click on a link from a sender you do not recognize or think you recognize.

Scammers are experts at disguising themselves as a major corporation or other trustworthy entities to trick you into willingly providing information like website login credentials or, even worse, your credit card number.

Microsoft 365 simply does not email me to confirm my order from “hr.services.americas” at .pt, which is Portugal, as I received recently.

Microsoft 365 also does not send me an “auto-renewal notice” from @renewal0602-email.escalpade.be, which is Belgium, also I received recently, with a PDF to sign electronically to confirm.

Microsoft 365 also does not send me “confirm renewal details to avoid subscription suspension” from a Doris Jeanette in .my, which is Malaysia.

Yes, I do have Microsoft 365 – so my question is how did so many scammers gain access to the list of recent renewals? But that’s another article entirely.

McAfee does not send me an email “your invoice has been paid” from some guy whose email address starts with “sadhanapandy097” with a telephone number in the 808 area code to cancel or request a refund.

Starbucks does not send emails asking to confirm receipt of a customer loyalty gift set from @tpxmvolu.par.com.pk, which is Pakistan.

Hilton does not send me emails that I’ve won a special “2-PCS Luxury Pillow Set” from somebody @uksuperfold.co.uk.  So there are spammers in Great Britain, too!

State Farm does not send me emails asking if I have received my free Fire Safety Kit from somebody @nougzrqcptyb.goodmakertales.com.

Really?  What legitimate domain registration service would register something as obviously spammy and scammy as @nougzrqcptyb.goodmakertales.com?  But that’s another article entirely.

Omaha Steaks does not send emails asking if I’ve received my free steak preparation kit from somebody @eyectwib.indrivebotrd.lat, which could be from anybody anywhere in Latin America or the Caribbean. Anywhere.

Mastercard does not send emails to “confirm my email address” from somebody @ecahuh.email.tranzak.net, whoever and wherever that is.

What is phishing?

Here are some tips from our friends at the real McAfee  and from my own long history as a consumer advocate to prevent a scammer from taking over your computer with malware, stealing everything from your bank accounts, and more.

Phishing is a cybercrime that aims to steal your sensitive information by tricking you into providing information like website login credentials or, even worse, your credit card number.

Phishing also often directs you to pay on online systems like Venmo or Zelle  which do not have fraud protections like a bank or credit card payment.

hand holding cellphone_EvelynKanter
Photo: AARP

Identifying  a scam phishing email or text message

A phishing email or text  – also known as SMiShing, or smishing –  is a scam message made to look legitimate, and typically asks you to provide sensitive personal information in various ways.

Scammers work hard to make phishing messages closely resemble emails and texts sent by trusted companies., which is why you need to be cautious when you open these messages and click the links they contain.

But they often make simple – even stupid – mistakes that are easy to spot when you take a deep breath and wonder why somebody is asking you to confirm your Microsoft 365 order from six months ago.

It’s poorly written

Phishing messages often contain grammatical errors, spelling mistakes, and other blatant errors that major corporations would not make.

If you see multiple, glaring grammatical errors in an email or text that asks for your personal information, you likely are a target of a phishing scam.

Scammers also use slight changes in a company’s real name.

Look carefully at the company name, such as Macys instead of Macy’s, or American-Express with a dash that the real company does not use, or Amazn, with the ‘o’ missing.

The logo doesn’t look right

To enhance their credibility, phishing scammers often steal the logos of who they’re impersonating, but often don’t steal them properly.

The logo in a phishing email or text might have be the wrong size or color. the wrong aspect ratio or low-resolution.

If you have to squint to make out the logo in a message, chances are that it’s phishing.

The URL doesn’t match

Phishing always centers on links you’re supposed to click. Don’t do it, because the scam links are leading to trouble.

  • Hover over the link in the email to display its URL. Oftentimes, phishing URLs contain misspellings, which is a common sign of phishing.
  • Hovering over the link will allow you to see a link preview, like that it’s from .pt in Portugal or .ng for Nigeria.
  • If the URL looks suspicious, do not click the link and  delete the message altogether.
  • Right-click the link, copy it, and paste the URL into a word processor. This will allow you to examine the link thoroughly for grammatical or spelling errors without being directed to the potentially malicious webpage.
  • Check the URL of a link on mobile devices by pressing and holding it with your finger.

If the URL you discover doesn’t match up with the entity that supposedly sent you the message, you probably received a phishing email.

FBI 2024 Internet Crime Report graphic_evelynkanter.com
Graphic: FBI

Types of phishing emails and texts

Phishing messages come in all shapes and sizes.  These are the most popular types used by scammers –

Account suspended scam

Some phishing emails appear to notify you that your bank temporarily suspended your account due to unusual activity, or your iCloud account is being closed for some problem.

If you receive an account suspension email from a bank that you haven’t opened an account with, delete it immediately, and don’t look back.

Suspended account phishing emails from banks you do business with, however, are harder to spot.

  • Use the tips we listed above to spot these phony emails.

Better still, make a personal appearance at your bank, with your phone to show the email, instead of opening any links within the email you received.

  • That’s what I did recently when I got a phony scam “overdraft” message from my bank.

Two-factor authentication scam

Two-factor authentication (2FA) has become common, so you’re probably used to receiving emails that ask you to confirm your login information with six-digit numerical codes.

Phishing scammers also know how standard 2FA has become, and they could take advantage of this service that’s supposed to protect your identity.

If you receive an email asking you to log in to an account to confirm your identity, use the criteria we listed above to verify the message’s authenticity.

Be especially wary if someone asks you to provide 2FA for an account you have not accessed for a while.

  • Use the tips we listed above to spot these phony emails.

Tax refund scam

We all know how important tax season is. That’s what phishing scammers are counting on when they send you phony IRS refund emails.

Be careful when an email informs you that you’ve received a windfall of cash and be especially dubious of emails that the IRS supposedly sent since this government agency only contacts taxpayers via snail mail.

Tax refund phishing scams can do serious harm since they usually ask for your social security number as well as your bank account information.

  • Use the tips we listed above to spot these phony emails.

Order confirmation scam

Sometimes, cybercriminals will try to tick you by sending emails with fake order confirmations.

These messages often contain “receipts” attached to the email or links claiming to contain more information on your order.

However, criminals often use these attachments and links to spread malware to the victim’s device.

  • Use the tips we listed above to spot these phony emails.

Phishing at work

Be wary of phishing when you’re using your work email as well.

One popular phishing scam involves emails designed to look like someone in the C-suite of your company sent them. They ask workers to wire funds to supposed clients, but this cash actually goes to scammers.

  • Use the tips we listed above to spot these phony emails.

Never click links in suspicious emails.  Never.

If you click a link you suspect a phishing scammer sent, the link will take you to a web page with a form where you can enter sensitive data such as your Social Security number, credit card information, or login credentials.

Do not enter any data and close the page immediately.

What to do  if you suspect you’ve been phished

If you accidentally enter data in a webpage linked to a suspicious email, perform a full malware scan on your device.

Once the scan is complete, backup all of your files and change your passwords.

Even if you only provided a phishing scammer with the data from one account, you may have also opened the door to other personal data, so it’s important to change all the passwords you use online in the wake of a suspected phishing attack.

Review – How to recognize a phishing email

Let’s wrap things up with some summarized tips on how to avoid phishing emails:

  • When in doubt, directly contact the organization that supposedly emailed you instead of opening links included in suspicious emails.
  • Examine suspicious emails carefully to check for telltale signs of phishing, such as poor grammar, grainy logos, or bogus links.
  • If you accidentally click a phishing link, don’t enter any data, and close the page.
  • If you think phishing scammers are targeting you, run a virus scan, backup your files, and change all your passwords.

ecoXplorer Evelyn Kanter on Dune 45 NamibiaecoXplorer Evelyn Kanter is a journalist with 25+ years of experience as a newspaper and magazine writer, radio & TV news producer & reporter, and author of guidebooks and smartphone apps – all focusing on travel, automotive, the environment and your rights as a consumer.

ecoXplorer Evelyn Kanter currently serves as Immediate Past President of the International Motor Press Assn. (IMPA).

ecoXplorer Evelyn Kanter also is a member of the North American Travel Journalists Assn. (NATJA) and the North American Snowsports Journalists Assn. (NASJA).

Contact me at evelyn@ecoxplorer.com.

Copyright (C) Evelyn Kanter

 

 

What do you think? We value your comments and love hearing from you.

© 2010-2025 ecoXplorer by Evelyn Kanter. All articles and photos are protected by US (C) Copyright laws. Any unauthorized copying is strictly prohibited. Plus, it’s just not nice.