Beware This Particularly Nasty Online Holiday Scam

Advertising Disclosure: When you buy something by clicking links on our site, we may earn a small commission, but it never affects the products or services we recommend.

Image Not Available

If your online holiday shopping has left your inbox flooded with order confirmation emails, beware: There’s a chance a bogus confirmation email is lurking there in an attempt to steal your personal information.

That’s according to Brian Krebs of Krebs on Security, who is warning consumers to be on the lookout for these phony emails hitting their inbox this holiday season. The emails ask you to confirm orders or delivery.

“Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities,” Krebs said.

The emails look legit, appearing to come from retailers such as Home Depot, Target, Costco and Walmart, and contain a link that you are asked to click on. If you make the mistake of clicking on it, you’re in trouble. According to

You’ll be redirected to a foreign site that will automatically download a .ZIP file filled with malware designed to hack your computer and steal things like your credit card numbers, your banking information, and your sensitive personal data. Sometimes this malware will be disguised as an attachment that the email text will implore you to open.

Krebs said the subject lines of the bogus order confirmation emails vary, but include “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” and “Thank you for your order.”

If you receive an order confirmation email that you think is legitimate, don’t click on any links embedded in the email or attached to it. Krebs recommends opening your Web browser and visiting the retailer’s site.

“Generally speaking, legitimate communications about order issues will reference an order number and/or some other data points specific to the transaction, information that can be used to look up the order status at the merchant’s website,” Krebs said.

Have any phony order confirmation emails shown up in your inbox? Share your thoughts below or on our Facebook page.

Now, watch this video as MoneyTalks founder Stacy Johnson demonstrates another holiday scam: fake charities. Instead of the Salvation Army, he’s actually collecting for “Sal’s Vacation Army.”

Get smarter with your money!

Want the best money-news and tips to help you make more and spend less? Then sign up for the free Money Talks Newsletter to receive daily updates of personal finance news and advice, delivered straight to your inbox. Sign up for our free newsletter today.