Helping people with computers... one answer at a time.

One popular Internet scam is to make something look like an honest mistake that would let you download something expensive for free. Don't fall for it.

Is this a new form of attack? I just received the email which purports to let me download a software upgrade which I haven't ordered. The reply address is ******.ch. I will obviously not be clicking on any of the links in the mail, but I have no idea if there is anything else I should do with it.

The question included the text of email that looked like a receipt from an online software purchase or Windows Vista Ultimate, with download instructions.

Your instincts are right not to click on any of those links.

It's not a new form of attack; it's actually a fairly old one.

And what do to? That's easy.

I'll start with the "what to do" part: delete the email and get on with your life. If you like, you might click on a "This is Spam" button or link to delete it so that spam filters can better learn that this is email that should be discarded.

Even with three layers of spam filtering in place I delete a hand full of these types of "offers" each morning. Most are more blatant, claiming "free software", or "[some expensive software package] is ready to download now". Some, like yours, are attempts to copy some company's valid download instructions to trick you into visiting the bogus site, very much like phishing.

"... the fact that your email address might be in the message body does not legitimize the message."

It's all bogus.

Here are some clues:

  • The email never mentions you by name. If you're not mentioned by name or with something else other than your email address that clearly and correctly identifies you; the mail could be sent to anyone. In fact that's a great test; could two completely different people read that same mail and both think it was for them? If so, it's highly suspect.

  • You're only identified by your email address. Of course they have that - that's how the email was sent. They may have collected it from a spamming list or some other nefarious means, but the fact that your email address might be in the message body does not legitimize the message.

  • It offers something for nothing. Even if it's cloaked to look like an honest mistake, email that boils down to getting you something for nothing should never be trusted.

  • It has an offer that's "too good to be true", or downright illegal. Email that purports to offer you OEM software for dirt cheap prices, or other types of items at prices that are simply too good to be true are in fact too good to be true. 99 times out of 100 it's a scam, a phishing attempt or a virus.

  • The web address you're redirected to, or the email address you would contact or reply to, is in eastern Europe, Africa, Far East or South America. That sounds really harsh, because I'm sure that there are legitimate businesses in all of those regions. Unfortunately the majority of email scams and spam now originate outside of the United States in third world countries, or countries where the government or legal infrastructure just isn't set up to deal with it.

  • The web or email address "doesn't make sense" in context. In your case the web address was a ".ch" address, which it turns out is Switzerland. Circuit City (the U.S. retailer from whom the software was supposedly purchased) it not likely to send you to Switzerland to download your software.

Like I said, your instincts were good. This email is almost certainly bogus. Its purpose was likely not to get you software, but rather either of two things:

  • Phishing: had you clicked, you might have been prompted for some more information, this time about yourself. Perhaps even a new credit card number. Had you provided it, you would have just given it to a phisher.

  • Malware: have you clicked your computer, if not properly secured, might well have become infected with spyware, viruses or other malware.

So, good on you for recognizing the risk.

Article C2993 - April 13, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

April 16, 2007 10:20 AM

As for the "OEM software" scam, you can also read their FAQ, which will tell you all you need to know it's pirated software.

Here's one from a recent scam e-mail.

[...] We offer the software for downloading only, it means that you do not receive a fancy package, a printed manual and license that actually aggregate the largest part of the retail price. [...]

Note the "you will not receive a ... license" part.

walt goode
April 29, 2007 4:55 AM

your web site is vary helpful,i just resently got taken through a site caled drive
luckaly they havent used my credit/bank card yet,
any coments wiuld be helpfull

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.