Recently, my wife and I, and several clients, received an email from Costco which stated the following:
Our online store Costco.com received an order and the personal data of the recipient coincide with yours.
You may get your order in the nearest Local Store.
Attention! Your order can be reserved within 4 days.
You may see order details here.
Happy Thanksgiving Day!
You would think that it wouldn’t need to be said, but I’m going to say it anyways, because people are still getting themselves infected. Don’t ever open an email from people or organizations that you do not know. Also, when you do receive an email from a person or business you know, take a second and actually look at it BEFORE opening. A lot of viruses come from our unknowing friends. This particular email is hoping to catch a Coscto customer unaware and infect them. I have seen the same type of email from FedEx, UPS, Chase and many, many others.
I bet you’re wondering just how to identify these fraudulent emails since they usually look EXACTLY like a valid email. That is a very good question! Let’s take a look.
Every email has a header. A header is the basic information that identifies where the email originated. You will usually see something like: firstname.lastname@example.org as the senders email address. This will sometimes give you the right information, but may not. So, are you ready for the trick that absolutely identifies the garbage email? It’s simple! When you look at the body of the email, and you see a “link” that may say something like “click here”, or in the case of the above example “You may see your order details here.”, all you have to do is hover your mouse over that link (DON’T CLICK IT) and it will show you where on the internet it will take you. For the example above, the “here” showed “http://trafiksurucu.com/…” (which I intentionally truncated). Did you notice the link points to some random website and NOT Costco, which should actually be costco.com.
Go ahead. Give it a try and see how easy it is to identify where that link is sending you. And when you identify that malicious link, just delete the offending email and move on to the next one.