I received an Email today that I can guarantee you was bogus.
Here is what the Email said:
From: Costco Shipping Manager
Subject: Express Delivery Failure
Unfortunately the delivery of your order COS-(numbers inserted here) was cancelled since the specified address of the recipient was not correct. You are recommended to complete this form and send it back with your reply to us.
Please do this within the period of one week – if we dont get your timely reply you will be paid your money back less 21% since your order was booked for Christmas.
The “order number” starting with “COS” had a link to a “dot NL” URL which is in the Netherlands.
Most of these Phishing attacks and computer viruses comes from European countries such as the Netherlands.
Russia especially is a common source for many viruses. Krebs on Security says credit cards/numbers from the Target hacking attack (affecting up to 40 million customer credit and debit cards in late November to early December), are probably being sold by a guy who operates online stores in Russia that sell stolen card data.
I don’t even do business with Costco, and the Email address (my Email address) the above Email was sent to isn’t given out to anyone who would be sending me a Christmas present
If you get an Email like this you should DELETE IT, and never click on any links no matter how curious you may be as to who may have sent you a Christmas present, or what it might be.
Phishing Emails such as this can appear to be from a legitimate store, bank, financial institution or some other source.
If I clicked on the link in the Email I received, I can guarantee you I would either have put a virus on my computer, and/or been led to some page that looks like it’s the Costco website, with a form asking me to put in some personal information.
Emails appearing to come from your bank may ask you to click on a link which leads to a website appearing to be you bank’s website, and when you enter Login information, this is stolen and your bank account is emptied.
If you get an Email like this and think there’s a chance it may be real, you should contact the store or bank directly by phone and ask what’s going on.
However, if you’ve never done business with this particular store or bank, I wouldn’t bother contacting them at all – just delete the Email.
It has been estimated that around $500 million has been lost due to phishing attacks, and up to 5% of people respond to these bogus Emails.
It has always been illegal to send unsolicited Emails, but only occasionally do large spam operators get sentenced to jail. One example is a couple in Virginia that had sent more than 10,000 spam messages an hour in 2004 and were sentenced to nine years in jail.
Opinions may vary on this, but my advice is to not to put a block on the Email addresses these Phishing Emails are coming from. Many of these crooks are sending hundreds or even thousands of these solicitation Emails randomly, and they don’t know who’s actually receiving them.
If you block an Email address it sends a message back that the Email was blocked and from what address. This lets them know someone received the Email. These spammers have unlimited Email addresses. So they will then send Email from another address – if you block that one, they will send from another and on and on. At this point you’ll probably find that the number of unsolicited Emails will start to multiply. So my advice is simply to delete all these Emails.
Many web based Email accounts such as Yahoo come with a spam folder, so “spam” Emails automatically go in there. You don’t even have to look at them and they are automatically deleted after 30 days.
Or if you want to delete them earlier, you can just click at the top of the list and delete your entire Spam folder at once.
In a few more days I’ll be publishing a post with my recommended anti-virus software, but even the best anti-virus program may not be able to stop a virus if you click on an Email link, so don’t do it.