A strange e-mail ended up in my Inbox today that on the face of things looked legit, but upon closer examination raised red flags. It claimed to be a notice regarding a 'rewards program' package with all of the appropriate looking graphics and details right down to a order confirmation number. This in itself is not unusual as, depending upon where you purchase things on the Internet, a follow up message from the shipping company can occur. Nor is it all that unusual for me to recieve packages, either on behalf of my own company or for CEBUG, with little prior notice. Here are the things that raised red flags for this message:
- An attached zip file supposedly containing a text document describing my order.
- A phony tracking number cited (checked on shipping company's site).
- The fact the message was sent to an older, though still active e-mail address.
On their own, none of these - other than the attached zip file - was all that alarming. That zip file was the biggie, as - in my experience - companies normally provide order confirmation details (and invoices) in the form of e-mail messages. On rare occasions a PDF file may have been involved, but NEVER a zip file!
In any case, it was enough for me to place a call to the shipping company involved to ask about the message. As it turns out, it was indeed a bogus message and I have since forwarded it on to their fraud division in hopes they can track it to its source.
So here's our standard warnings again, in regard to unsolicited e-mails; even for those that appear to be normal but unexpected. ALWAYS scrutinize such messages carefully before taking whatever action someone is encouraging you to do (open a zip file or click on a link inside the message). Use the search tools on Snopes (large database of Urban Legend and Phony e-mails) to check something out. Or, ask someone - such as I did with this shipping company - about the message. Go to the supposed source, in other words, and not make use of any provided links within the message.