This is the first time I’ve seen this design in a phish attempt. Instead of trying to get you to “verify” your “account” or various other notifications that try to get you to click on the link so the spammers can fake you into revealing your credit card and other sensitive information, this spam acts as if you’ve already purchased something. This is clever. Because most of us share credit cards with spouses, children, etc., it is reasonable to see unfamiliar businesses on our statements. Instead of trying to contact our family member to inquire about the charge, it seems easier just to click on the link, or download the attached “receipt.”
Obviously, don’t download any strange attachments!
Here are 3 new habits to adopt to keep up with this kind of clever phishing:
1. Realize that generic receipts like this one, without your credit card number, without the time and date of the transaction, no amount of transaction, no branding, etc., are not real email receipts. Real email receipts come within seconds of a purchase and have a LOT more detail that this piece of crap.
2. SEARCH!!! If you can’t figure out, just by looking at an email, that it is a phishing attempt but you suspect it, just run the “company” name into a Google or other search engine. I found a gabillion search results on “Bobijou” that all indicated that this was a spam email, along with dire warnings against downloading the attachment. Always search. People like me post stuff like this all the time.
3. Get multiple email accounts. One thing that is a dead giveaway to me is that these phishing emails come to my purplecar.net account. I NEVER, EVER use that account for my purchases. I have a few separate email accounts, including one that I keep quite private to use almost exclusively for buying stuff online. I never publish it so the spam bots can’t find it. The purplecar.net one is published on this site and it is a spam magnet. Yahoo, Google, Hotmail, all offer outstanding email services for free. Get a few of these and use different passwords for each. Use one for signing up for coupons, newsletters, etc., one for email from friends, and another for shopping (preferably you have a paid-for account on Comcast or Verizon or somewhere that you can use for shopping).
Here’s the phishing attempt, full text, no attachment:
Thank you for ordering from Bobijou Inc.
This message is to inform you that your order has been received and is currently being processed.
Your order reference is 592800.
You will need this in all correspondence.
This receipt is NOT proof of purchase.
We will send a printed invoice by mail to your billing address.
You have chosen to pay by credit card.
Your card will be charged for the amount of 122.00 USD and „Bobijou Inc.‰ will appear next to the charge on your statement.
You will receive a separate email confirming your order has been despatched.
Your purchase and delivery information appears below in attached file.
Thanks again for shopping at Bobijou Inc.