It’s a happy holiday season… until you get an email saying there’s a package waiting for you when you know you didn’t order anything. But it’s the holidays! Maybe someone sent you a surprise? Here’s a quick look at how you can tell a message is bogus:
The first clue that this is Phishing (say “fishing”) is in the “From” line. Why would Costco be sending out an email from some other company’s email account? It pays to look closely here. Sometimes the hackers fake an email that is similar to the real one (like “orders@costcoo.com” – see the extra “o”?)
Clue #2 and #3 are grammatical. The first one should be “…recipient coincides with yours.” The second one – well, no one in America would use that phrasing.
Clue #4 is that the message is vague. There is no purchase ID#, no indicator of the content of the order, not a single identifier of anything.
If you were to click on any of the links in this message, you would be taken to a fake Costco site, asked to fill in personal info, and within minutes of clicking “enter” or “next” or whatever button they have created, your bank account would be emptied or your credit card used for who knows what.
Have Happy Holidays – pay attention to every detail of the emails you receive, and never, ever click through without checking into it completely. In the example above, if I had indeed ordered something from Costco (and this message wasn’t so blatantly a scam) I would have phoned Costco to check it out, not click through on a message that was so vague.
Most large retailers have a Fraud Department, where you can report Phishing attempts like this. Click Here to see Costco’s Fraud page.