Fake Order Confirmation Phishing Scams

Fake order confirmation phishing scams involve emails designed to look exactly like genuine purchase confirmations from well-known online retailers. The email presents a large, alarming order — often for electronics, gift cards, or expensive goods — that the recipient clearly did not place. The instinct to cancel or dispute the charge drives the recipient to click a link in the email, which leads to a credential-harvesting page, a fake customer support line, or both.

These scams operate on a well-understood psychological principle: people react more urgently to unexpected financial threats than to unexpected opportunities. The prospect of an unauthorised charge of hundreds of pounds or dollars forces immediate action. The scammer provides exactly one path to resolution — the malicious link or phone number — and that path is taken.

Variants of this scam are among the most consistently reported e-commerce phishing attempts, appearing in waves whenever a major retailer runs a sale or is in the news.

The scammer sends a bulk email campaign impersonating a major retailer — the email uses the retailer's branding, order confirmation template, and colour scheme, often copied directly from a genuine confirmation email. The order details include a substantial amount, a convincing order number, and a delivery address for the supposed shipment.

Two calls to action are typically included: a link to 'cancel your order' and a phone number for 'customer support'. The cancel link leads to a fake login page that captures the victim's retailer account credentials. Once obtained, the scammer uses them to access the real account, change payment details, make genuine purchases, or drain any stored gift card balance.

The phone number connects to a fraudulent call centre. Operators there claim to be processing the cancellation and, in the course of 'verification', request the caller's card number, security code, and billing address — sometimes walking the victim through a process that involves granting remote access to their computer, enabling further fraud.

The threat of an unexpected charge is a powerful motivator. The email is designed to look indistinguishable from a genuine order confirmation, removing the visual cues that might otherwise prompt scepticism. The recipient is in a reactive, anxious state that is not conducive to careful link inspection. The inclusion of a phone number adds apparent legitimacy — phone numbers feel more accountable than links. The scammer controls both escalation paths.

A person receives an email that appears to come from a major online retailer, showing a confirmed order for a laptop worth several hundred pounds, dispatching to an unfamiliar address. Alarmed, they click the 'cancel order' link in the email. The page they reach looks like the retailer's login page. They enter their email and password to cancel the order. The page thanks them and redirects to the real retailer. Later, they find the scammer has changed the password on their real account and redeemed stored gift card credit.

Order Confirmation — [retailer name] — Your order [number] has been placed. Total: [amount]. Delivery to [address]. If you did not place this order, click here to cancel immediately.

Order Alert: [amount] charge pending for [product]. To cancel, call our Customer Protection team at [fake number] within 24 hours.

Your [retailer] order is confirmed and will ship in 24 hours. Not you? Cancel here before dispatch: [link]

If you receive an order confirmation for a purchase you did not make, do not click any link in the email and do not call the number in the email. Instead, open your browser and navigate directly to the retailer's official website — type it manually. Log in to your account and check your order history. If there is no such order, the email is fake. If there is an unexplained order, use the contact details on the official website to raise a dispute.