Last CyberheistNews issue, we warned that Black Friday and Cyber Monday were behind us, and that criminal hackers have a "scam calendar" which focuses on major shopping events exactly like this. Here are actual examples of these online e-commerce order or package shipment phishing attack scams that have come in over the last week. The first one is a spoofed Home Depot bogus order that they want you to click on.
The second one is a Wal-Mart bogus order confirmation which downloads the Asprox botnet malware to the PC. If you hover over the link, you see that the URL goes to a hacked site and not to Wal-Mart. Asprox is a nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email.
Next, here is one that takes Target as the retailer that has sent you a package and asks you pretty please with sugar to click on the link for "full order information"... If you click, your PC turns into a botnet zombie.
Last, here is the Aprox one that uses Costco as the vehicle to entice you into clicking on the order details.
If you expect packages and get emailed order confirmations... Think Before You Click! Go to the website of that retailer and enter your order number to check on the package. Do not use a link in an email. This is just one of the many things you learn in Kevin Mitnick Security Awareness Training.
(Thanks to Malcovery for the images, and Hat Tip to Brian Krebs.)