Cyber criminals have come up with a new way to trick holiday shoppers who are buying gifts online this year.
Consumer advocates say millions of phony purchase confirmation emails are landing in people's inboxes.
They instruct recipients to click on an embedded link, which downloads malware that can seize control of computers, or hack into personal information.
Top news of the day
"Anytime you get an email a day later confirming, clearly it's a huge red alert that there could be a problem," said Rigoberto Reyes, chief of investigations for the Los Angeles Department of Consumer Affairs.
These fake confirmation requests are more sophisticated than typical inbox spam. The emails bear logos and fonts that look exactly like ones you might get from a major retailer.
Advocates say even people who usually know better than to click on a link embedded in an email are falling for this trick, because they're so focused on completing their holiday shopping.
To protect yourself, your best bet is never to click on a link sent your way, even if it looks legitimate. Instead, to check your order status, visit the vendor's website, or pick up the phone and call.
Reyes has one more red flag to look out for.
"Usually what you'll see on the bottom right corner of the page is a little lock that indicates that you're dealing with a secure website."
If there's no lock, it's a safe bet that the email is not legitimate.