Warning: Fake Order Confirmation Phishing Email from Staples.com – Links in Email Leads to Malware

Fake Order Confirmation Phishing Email from Staples.com

I received a fake phishing bogus email reportedly coming from Staples.

I called the REAL staples number from their website www.staples.com and received this message. “An unknown source has sent numerous false order confirmation to staples customers and marketing recipients. If you have received an unexpected order confirmation, reportedly from Staples, it is likely invalid. If the order number in the confirmation does not start with the numbers: 92, 97, 94 or 31 it is definitely fake. In this case, no order has been placed. Please do NOT click on any links in the email. You may just delete it.”

Do not click on any of the links or call the number from the email. They are just trying to get you to call and they will most likely ask you for your information and credit card number. DO NOT FALL FOR IT! DELETE THE EMAIL MESSAGE and ignore it!

Update: Later in the day, I found out these links will take you to a site that This fake Staples spam leads to malware on a site called tootle.us.  

The link in the email goes to a legitimate (but hacked site) and then attempt to load one of the following three scripts:
[donotclick]algmediation.org/inventory/symphony.js
[donotclick]apptechgroups.net/katharine/bluejacket.js
[donotclick]ctwebdesignshop.com/marquetry/bucket.js

Source: http://blog.dynamoo.com/2013/10/fake-staples-spam-leads-to-malware-on.html

Below is an screenshot of the email I received.

 

fakestaplesemail

FakeStaplesemail2

 

Both comments and pings are currently closed.

Comments are closed.

%d bloggers like this: