Fact Check

Newegg Phishing Alert

Is a scam being spread via Newegg.com order confirmations?

Published Apr 9, 2012


Phishing bait:   Newegg.com order confirmations.


Example:   [Collected via e-mail, April 2012]

Dear Customer,

Thank you for shopping at Newegg.com.

We are happy to inform you that your order (Sales Order Number: 21916626)
has been successfully charged to your credit card for 2,399,99 USD and
order verification is now complete.

Please CLICK HERE to see your INVOICE.

If you have any questions, please use our Live Chat function or visit our
Contact Us Page.

Once You Know, You Newegg.

Your Newegg.com Customer Service Team


Origins:   In April 2012, Internet users began receiving messages like the one reproduced above that purported to be confirmations of recent purchases from electronics retailer Newegg.com. Such messages included instructions for the recipients to follow a hyperlink or open an attachment containing what appeared to be a document (in text, PDF, or Microsoft Word format) in order to download and print their invoices. These messages were intended to lure recipients, concerned about receiving confirmations for purchases they didn't remember making, into attempting to view the referenced invoice information — a process which would lead them not to viewing a document but into launching a malicious executable file.

Newegg has posted a warning about this scheme on its site, advising that:

You may have recently received fraudulent correspondence disguised as an official communication from Newegg. This kind of fake communication is part of a phishing scam, which is designed to “fish” for information by luring unsuspecting recipients into divulging or verifying personal details, like bank accounts, addresses, names and more. Phishing scam artists can send fraudulent communication to millions of people at a time. If you have received phishing communication from someone pretending to be Newegg, this does not mean that Newegg's data security has been breached. Newegg protects your information with sophisticated security measures, and the recent phishing scam did not compromise our data security.

Last updated:   9 April 2012

David Mikkelson founded the site now known as snopes.com back in 1994.