So would you have clicked?
On February 18th, my sister bought a docking station… and the email looked like this…..
Today I got an email… an email about a Dell purchase…but…… I didn’t make a purchase. Hmmmm. … so what happens if I click on the order number to see what the status of this order that I sure don’t remember placing is?
The headers of the email read:
from 188.8.131.52 (kreta013.myserver.t-online.de [184.108.40.206]) by flpi133.sbcis.sbc.com (8.13.8 inb/8.13.8) with SMTP id l2MJs8gi005410; Thu, 22 Mar 2007 12:54:23 -0700
from dzafy82.Dell.com (dzafy82.Dell.com [220.127.116.11]) by with SMTP id ; Thu, 22 Mar 2007 15:46:08 -0300
So…. would you have clicked?
As Sandi pointed out ..the actual “click here to confirm order” link “But, the order link leads to a page that downloads *.pdf.exe – virustotal is screaming about that download – it’s rbot – so yes, it is fake.”