Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is this receipt for software I didn't order valid?

Question:

Is this a new form of attack? I just received the email which purports to
let me download a software upgrade which I haven't ordered. The reply address
is ******.ch. I will obviously not be clicking on any of the links in the mail,
but I have no idea if there is anything else I should do with it.

The question included the text of email that looked like a receipt from an
online software purchase or Windows Vista Ultimate, with download
instructions.

Your instincts are right not to click on any of those links.

It's not a new form of attack; it's actually a fairly old one.

And what do to? That's easy.

Become a Patron of Ask Leo! and go ad-free!

I'll start with the "what to do" part: delete the email and get on with your
life. If you like, you might click on a "This is Spam" button or link to delete
it so that spam filters can better learn that this is email that should be
discarded.

Even with three layers of spam filtering in place I delete a hand full of
these types of "offers" each morning. Most are more blatant, claiming "free
software", or "[some expensive software package] is ready to download now".
Some, like yours, are attempts to copy some company's valid download
instructions to trick you into visiting the bogus site, very much like
phishing.

"... the fact that your email address might be in the
message body does not legitimize the message."

It's all bogus.

Here are some clues:

  • The email never mentions you by name. If you're not mentioned by name or
    with something else other than your email address that clearly and
    correctly identifies you; the mail could be sent to anyone. In fact that's a
    great test; could two completely different people read that same mail and both
    think it was for them? If so, it's highly suspect.

  • You're only identified by your email address. Of course they have that -
    that's how the email was sent. They may have collected it from a spamming list
    or some other nefarious means, but the fact that your email address might be in
    the message body does not legitimize the message.

  • It offers something for nothing. Even if it's cloaked to look like an honest
    mistake, email that boils down to getting you something for nothing should
    never be trusted.

  • It has an offer that's "too good to be true", or downright illegal. Email
    that purports to offer you OEM software for dirt cheap prices, or other types
    of items at prices that are simply too good to be true are in fact too good to
    be true. 99 times out of 100 it's a scam, a phishing attempt or a virus.

  • The web address you're redirected to, or the email address you would contact
    or reply to, is in eastern Europe, Africa, Far East or South America. That
    sounds really harsh, because I'm sure that there are legitimate businesses in
    all of those regions. Unfortunately the majority of email scams and spam now
    originate outside of the United States in third world countries, or countries
    where the government or legal infrastructure just isn't set up to deal with
    it.

  • The web or email address "doesn't make sense" in context. In your case the
    web address was a ".ch" address, which it turns out is Switzerland. Circuit
    City (the U.S. retailer from whom the software was supposedly purchased) it not
    likely to send you to Switzerland to download your software.

Like I said, your instincts were good. This email is almost certainly bogus.
Its purpose was likely not to get you software, but rather either of two
things:

  • Phishing: had you clicked, you might have been prompted for
    some more information, this time about yourself. Perhaps even a new credit card
    number. Had you provided it, you would have just given it to a phisher.

  • Malware: have you clicked your computer, if not properly
    secured, might well have become infected with spyware, viruses or other
    malware.

So, good on you for recognizing the risk.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “Is this receipt for software I didn't order valid?”

  1. As for the “OEM software” scam, you can also read their FAQ, which will tell you all you need to know it’s pirated software.

    Here’s one from a recent scam e-mail.

    […] We offer the software for downloading only, it means that you do not receive a fancy package, a printed manual and license that actually aggregate the largest part of the retail price. […]

    Note the “you will not receive a … license” part.

    Reply
  2. your web site is vary helpful,i just resently got taken through a site caled drive cleaner.com
    luckaly they havent used my credit/bank card yet,
    any coments wiuld be helpfull

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.