Beware this fake ShopBop order email

Summary:I was nearly scammed into downloading malware today by a cleverly executed phishing email that just arrived in my inbox

I just received an email purporting to confirm an order that I never placed at online retailer In fact, the order doesn't exist and the email doesn't come from the retailer. Although it looks perfectly genuine (see picture), if you click on the URL to view the order details, it takes you to a site that downloads and runs a malware file on your machine.

This is because the domain in the clickable link is not the genuine but a cleverly disguised lookalike name.

A quick search on Twitter reveals that several other people have received this today. It demonstrates how clever phishing fraud is becoming these days. Your first reaction is to furiously gasp, 'I didn't order that!' and click on the link to see exactly what is going on. I was just about to do just that when I realized that something didn't add up. So I hovered over the order details URL and saw that the domain it linked to was subtly different. Although it might have been legitimate, a quick check of the domain in my browser showed that it was trying to download an executable zip file to my PC.

This is a fresh fraud with no easy-to-find information coming up (at the time of writing) from a Google search, which illustrates the value of Twitter for getting up-to-the-minute information about new threats and events. Most of all, though, it demonstrates why you must always have your wits about you in the online world. Interestingly, though, it looks as though the URL it links to is already getting shut down by malware prevention tools (for example,'s customer service email address rejected my email trying to advise them of the scam, presumably because of the link it contained). That in turn demonstrates the power of cloud-based malware prevention today.

Topics: Browser, Collaboration, E-Commerce


Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant. He founded pioneering website, and later Loosely Coupled, which covered enterprise adoption of web services and SOA. As CEO of strategic consulting group Procullux Ventures, he has developed an evaluation framework t... Full Bio

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.