Beware of Order Confirmation Phishing Scams:
Tips to Help You Stay Safe

Order confirmation phishing scams are a growing threat in the digital age. These scams prey on the ubiquity of online shopping, aiming to trick individuals into revealing sensitive information or installing malicious software. This month we are here to help you increase account holders' awareness of order confirmation phishing scams, providing guidance on how to identify and avoid falling victim to these scams.

Content for Your Use in Publication

Beware of Order Confirmation Phishing Scams: Tips to Help You Stay Safe 

Order confirmation phishing scams are a growing threat in the digital age. These scams prey on the ubiquity of online shopping, aiming to trick individuals into revealing sensitive information or installing malicious software. Here’s what you need to know to spot and avoid them.

What Are Order Confirmation Phishing Scams?

Order confirmation phishing scams typically involve fake emails, text messages, or phone calls claiming to be from well-known retailers or delivery services. These messages inform recipients of a purchase they did not make or of a problem with their order, prompting them to click a link, download an attachment, or provide personal information.

Common Examples of Order Confirmation Scams

Where these scams really catch victims is when they attempt to cancel the fake order. To cancel, you may be instructed to click a link or call a number. Either method ultimately leads to scammers trying to extract personal information under the guise of "confirming your identity."

They'll ask for your name, address, phone number, and, often, your credit card or banking details. If you hesitate or protest, they’ll insist that providing this information is essential to complete the cancellation. However, their real aim is to use your information to charge your credit card, drain your bank account, or steal your identity to open other accounts.

Don't be fooled. They want that information so they can actually charge your credit card, steal money from your bank account, or use your identity to open other accounts.

Many scams include an additional layer of deception. The scammers might ask you to download a file, often a Microsoft Word or Excel document, claiming you need to fill it out and send it back to cancel the order. These files almost always include malware.

When you open the file, you’ll likely see a notification at the top of the screen asking you to Enable Content.

If you're on the phone with the scammer, they’ll assure you this step is safe and necessary. It’s neither. Enabling the embedded content activates a malicious macro designed to steal your personal data, install ransomware, or grant the attacker access to your device.

Important: Never enable content on an Office file unless you are certain of its source and purpose. If you've downloaded one of these files, close it immediately and delete it. If you’ve already enabled active content, run a full antimalware scan on your computer to remove any malicious programs.


How to Recognize an Order Confirmation Scam

Urgent Language
 Scammers often use phrases like "immediate action required" or "your account will be charged" to create panic and pressure you into acting quickly.

Unknown Sender or Domain
 Look for subtle misspellings in the sender's email address (e.g., amaz0n.com instead of amazon.com). If the sender's information looks suspicious, proceed with caution.

Unexpected Orders
 If you haven’t made a recent purchase from the claimed retailer, treat the message with skepticism.

Unverified Links
 Hover over links without clicking to check where they lead. Scam links often redirect to unfamiliar or unrelated websites.


How to Avoid Falling Victim

Verify the Source
 Don’t click on a link or call a number shown on the suspicious email or text. Go to another browser window and do a search for the retailer and use the published phone number or other contact information. If the order confirmation is from a business where you have an account, log in to your account directly through the retailer’s official website or app to check for order details. Again, do not click on links in unsolicited messages.

Inspect Communication Carefully
 Legitimate businesses rarely request sensitive information like passwords or payment details via email or text. Look for typos, generic greetings, or inconsistent branding.

Use Security Tools
 Enable email filters and antivirus software to block phishing attempts. Multi-Factor Authentication (MFA) adds an extra layer of protection.

Report Suspicious Activity
 If you suspect a scam, report it to the retailer and relevant authorities. Forward phishing emails to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes Internet Service Providers (ISPs), security vendors, financial institutions, and law enforcement agencies), or use similar services in your region. You can also report phishing to the Federal Trade Commission (FTC) at FTC.gov/complaint.

For more information you can check out the FTC’s tips for online security at ftc.gov/onlinesecurity.

Order confirmation phishing scams can be unsettling, but with vigilance and the tips above, you can protect yourself and your data. Always remember: when in doubt, take a step back and verify before you act.

If you suspect you may have fallen victim to a scam like this, or you suspect identity theft for any other reason, we have you covered! With <EMBEDDED ACCOUNT>, you have access to Fully Managed Identity Theft Recovery Services. We can provide a professional Identity Theft Recovery Advocate to help you rescue your good name!

 



Social Media Content

Use the social media posts below to help increase account holder awareness surrounding order confirmation scams.


Post #1: Think twice before you click! Scammers often use fake “order confirmation” messages to trick you into sharing personal or payment information. If you see a suspicious link or message, don’t click on it!  Instead, verify directly with the retailer. #ScamAlert #PhishingScam #StaySafeOnline#YourProtectionPartner


Post #2: If you receive a notification of a delayed delivery, a payment issue, or claims of fraudulent charges on your account, be wary. Always log in to your accounts directly to check your status, and do NOT click on links sent to you from suspicious sources. #PhishingScams #YourProtectionPartner 


Post #3: If you see something, say something! If you suspect a scam, report it to the retailer being impersonated as well as the relevant authorities. #PhishingScams #YourProtectionPartner 


More from NXG

What's New? 

You can provide a Telehealth Plan that can give your account holders access to 24/7 video or phone visits with U.S.-based board-certified, licensed and credentialed doctors with zero copays. It can be there when your account holders need care for things like allergies, sinus infections, flu, strep throat, bronchitis, hypertension, rashes, acne and more. Therapists and counselors are also available to help work through many kinds of mental and behavioral health conditions, including depression, divorce, grief, loss and addictions. Plus, account holders can get discounts on prescriptions and lab work. Ask your NXG Account Manager for more information about how you can provide this valuable benefit to your account holders.



What's Hot?

Help your account holders optimize their drive with Fuel Rewards®. They can save up to 5¢/gal on every fill-up and there are even more savings when they link their debit or credit card. Account holders can save with participating retailers and restaurants, either in-store or online, through the Fuel Rewards® app. Talk to your NXG Account Manager today about how you can put your account holders in the driver's seat for fuel savings and more!