The security experts at Mimecast have uncovered a new phishing attack that attempts to scare you into clicking before you think.

It starts with what appears to be a confirmation email for an order. Obviously, it’s an order you didn’t make.

phishing-order.jpg

There’s the option to click to see details.  Many people might panic when they see it and immediately click. This is the type of panic response that crooks count on.

show-details

With fake order confirmation emails like these, clicking could download malware or ransomware or redirect you to a malicious site. In this case, users are redirected to a malicious site that asks for your banking information in order to refund the purchase. Of course, they aren’t using that information to refund money.

Email phishing attacks like this are the most common way to steal information and launch malware attacks. Remember, think before you act.