The e-mails, which use the subject line "Payment Charged," state, "Dear Customer, Thank you for shopping at Newegg.com. We are happy to inform you that your order [number] has been successfully charged to your Mastercard and order verification is now complete. If you have any questions, please use our LiveChat function or visit our Contact Us Page. Once You Know, You Newegg. Your Newegg.com Customer Service Team."
Links in the e-mails direct victims to malicious URLs rather than to Newegg's Web site. "The final destination for end-users typically involve BlackHole exploit kit and Pony. ... This looks like a decently sized spam campaign, with many other URLs and redirects being deployed," writes ThreatTrack senior threat researcher Christopher Boyd. "It also appears the senders of these emails are using random 'Account Number' and 'Sales Order' numbers -- at the very least, they aren’t identical in every piece of spam going out."