Is this a new form of attack? I just received the email which purports to
let me download a software upgrade which I haven’t ordered. The reply address
is ******.ch. I will obviously not be clicking on any of the links in the mail,
but I have no idea if there is anything else I should do with it.
The question included the text of email that looked like a receipt from an
online software purchase or Windows Vista Ultimate, with download
Your instincts are right not to click on any of those links.
It’s not a new form of attack; it’s actually a fairly old one.
And what do to? That’s easy.
Become a Patron of Ask Leo! and go ad-free!
I’ll start with the “what to do” part: delete the email and get on with your
life. If you like, you might click on a “This is Spam” button or link to delete
it so that spam filters can better learn that this is email that should be
Even with three layers of spam filtering in place I delete a hand full of
these types of “offers” each morning. Most are more blatant, claiming “free
software”, or “[some expensive software package] is ready to download now”.
Some, like yours, are attempts to copy some company’s valid download
instructions to trick you into visiting the bogus site, very much like
message body does not legitimize the message.”
It’s all bogus.
Here are some clues:
The email never mentions you by name. If you’re not mentioned by name or
with something else other than your email address that clearly and
correctly identifies you; the mail could be sent to anyone. In fact that’s a
great test; could two completely different people read that same mail and both
think it was for them? If so, it’s highly suspect.
You’re only identified by your email address. Of course they have that –
that’s how the email was sent. They may have collected it from a spamming list
or some other nefarious means, but the fact that your email address might be in
the message body does not legitimize the message.
It offers something for nothing. Even if it’s cloaked to look like an honest
mistake, email that boils down to getting you something for nothing should
never be trusted.
It has an offer that’s “too good to be true”, or downright illegal. Email
that purports to offer you OEM software for dirt cheap prices, or other types
of items at prices that are simply too good to be true are in fact too good to
be true. 99 times out of 100 it’s a scam, a phishing attempt or a virus.
The web address you’re redirected to, or the email address you would contact
or reply to, is in eastern Europe, Africa, Far East or South America. That
sounds really harsh, because I’m sure that there are legitimate businesses in
all of those regions. Unfortunately the majority of email scams and spam now
originate outside of the United States in third world countries, or countries
where the government or legal infrastructure just isn’t set up to deal with
The web or email address “doesn’t make sense” in context. In your case the
web address was a “.ch” address, which it turns out is Switzerland. Circuit
City (the U.S. retailer from whom the software was supposedly purchased) it not
likely to send you to Switzerland to download your software.
Like I said, your instincts were good. This email is almost certainly bogus.
Its purpose was likely not to get you software, but rather either of two
Phishing: had you clicked, you might have been prompted for
some more information, this time about yourself. Perhaps even a new credit card
number. Had you provided it, you would have just given it to a phisher.
Malware: have you clicked your computer, if not properly
secured, might well have become infected with spyware, viruses or other
So, good on you for recognizing the risk.