So would you have clicked?

On February 18th, my sister bought a docking station… and the email looked like this….. 



 Today I got an email… an email about a Dell purchase…but…… I didn’t make a purchase.  Hmmmm. … so what happens if I click on the order number to see what the status of this order that I sure don’t remember placing is? 



The headers of the email read:
Received:
from 80.154.33.13 (kreta013.myserver.t-online.de [80.154.33.13]) by flpi133.sbcis.sbc.com (8.13.8 inb/8.13.8) with SMTP id l2MJs8gi005410; Thu, 22 Mar 2007 12:54:23 -0700
Received:
from dzafy82.Dell.com (dzafy82.Dell.com [128.235.17.2]) by with SMTP id ; Thu, 22 Mar 2007 15:46:08 -0300


So…. would you have clicked?


As Sandi  pointed out ..the actual “click here to confirm order” link But, the order link leads to a page that downloads *.pdf.exe – virustotal is screaming about that download – it’s rbot – so yes, it is fake.”

3 Thoughts on “So would you have clicked?

  1. Dell have just blogged about this issue here.

    http://direct2dell.com/one2one/archive/2007/03/23/9351.aspx

    Thanks for letting the community know in the first instance.

    Colin

  2. You’re asking the wrong question. The answer is that I would have hovered the link and I would know right away if i should click. I use eBay a lot, and I have to do this every day for ebay phishes.

  3. let’s see:
    1. you get an email that you didn’t expect
    2. the email makes reference to an order you never placed
    3. the email includes a link you didn’t preview
    4. you “discovered” a virus that resulted from this link

    What part of this seems questionable to you?
    The very basic rule is “don’t click links in emails you don’t trust”. The fact that you questionded the email (you never ordered such a machine) tells me that you “just decided to see”.

    In this case, you get what you asked for.

Post Navigation