While not the usual work at home scam I like to post here, I found this bit of spam interesting. What a way to get people to click the link and download malware! Fortunately, I know better.

Pizza order confirmation email scam and malware

Here’s the email:

You??™ve just ordered pizza from our site

Pizza Pepperoni Lover’s with extras:
– Bacon Pieces
– Onions
– Green Peppers
– Extra Cheese
– Extra Sauce

Pizza Super Supreme with extras:
– Bacon Pieces
– Black Olives
– Extra Cheese
– Extra Sauce

Pizza Spicy Sicilian with extras:
– Bacon Pieces
– Pork
– Pepperoni
– Black Olives
– Pineapple
– Diced Tomatoes
– No Cheese
– Extra Sauce

Drinks
– Simply Orange x 6
– Carlsberg x 5
– Mirinda x 6
– Bacardi x 3
– White wine x 4
– Coca-Cola x 6

Total to pay: 138.09$

If you haven??™t made the order and it??™s a fraud case, please follow the link and cancel the order.
CANCEL ORDER NOW!

If you don??™t do that shortly, the order will be confirmed and delivered to you.

With best regards

What I notice right away is that this isn’t how pizza places confirm online orders. Some send an email, sure, but this one doesn’t look right. Most places will address you by name, for one thing. Also, odds are good the name of the pizza place won’t be familiar to you. They don’t necessarily use the big names (although some of these pizza email scams do); my email claimed to be from Pizza by BENIGNO, which sounds like a good name for a pizza place, but certainly isn’t around here. Not that it has to be a local place for an online scam, of course.

There’s also the odd way the total is written. Aren’t many pizza places in the United States that would put the dollar sign after the amount.

I’d also expect more links to the pizza place itself than just a “cancellation” link. Some places offer tracking, for example.

These emails often link to malware sites, which give you a whole new set of problems if you click through. The link itself should be a hint – odds are it won’t really look legit.

I have to admit, this is one of the better shots I’ve seen. I can see how someone would get concerned enough to click the link to cancel, ignoring the warning signs. If you’re in doubt on one of these emails, first look at where they’re sending you (probably not someplace you’d expect). This email had a link to a .lt domain, which is a great warning sign… that’s not the kind of domain I’d expect, and the full name had nothing to do with the “pizza place.” If you’re still not sure, and you know the name of the pizza place, contact them on your own, not through the link and talk to them. Odds are they’ll be able to reassure you that it’s not legitimate.