Scam of the day – August 5, 2016 – Amazon phishing scam

Using Amazon as a hook for a phishing scam is not surprising since so many people shop through Amazon.  Reproduced below is an Amazon themed email phishing scam that is presently circulating.  DO NOT CLICK ON THE LINK.  As with so many phishing scams, this one appears legitimate as it lures you into clicking on a link in order to provide information purportedly to process your refund. However, the real purpose of the phony email is to persuade you to either provide information that will be used to make you a victim of identity theft or to click on the link which can download keystroke logging malware that will lead to your becoming a victim of identity theft or to download ransomware that will encrypt all of the data on your computer which the hacker will threaten to destroy if you do not pay a ransom.

TIPS
There are a number of indications that phishing emails, such as this, are not legitimate.  Sometimes the address from which it is sent has nothing to do with the company, which is an indication that the email was sent through a botnet of computers hacked into for the purposes of sending out large numbers of such phishing emails while hiding the real source of the email.  However, even if the address of the sender looks correct, it still can be a phishing email.  Grammar and spelling also apparently are not great strengths of many scammers.  Often such messages will contain such errors as in this one the misspelling of the word “system” as “sytem.”  In any event, even if you think when you get such an email that it might be legitimate, the risk of identity theft or ransomware is too great to trust it. Instead, call the company at a telephone number that you know is accurate to confirm whether or not the email is legitimate.  Finally, make sure that you have up to date security software on all of your devices, recognizing, however, that such security software will not protect you from the latest strains of malware.

Scam of the day – July 12, 2015 – New Amazon email scam

Copied below is an email currently being circulated that is a good example of a social engineering phishing email designed to either get you to provide personal information or to click on a link that will download keystroke logging malware on your computer that will result in your data being stolen and used to make you a victim of identity theft.  The email appears to be an email from Amazon indicating that there is a problem with your account.  In order to remedy the problem, you are prompted to click on a link and either provide the requested personal information or just by clicking on the link you may unwittingly download the keystroke logging malware.  This type of phishing email is so effective because it looks so legitimate.  It also has a higher chance of being effective merely because so many people who receive it will indeed be Amazon customers.

Here is a copy of the email:  DO NOT CLICK ON THE LINK.

Amazon

Confirm your Amazon account.

Hello ,

We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?.
To ensure that your service is not interrupted, please update your billing information today.

Or contact Amazon Member Services Team. We’re available 24 hours a day, 7 days a week.
If you have recently updated your billing information, please disregard this message as we are processing the changes you have made.

f you need further assistance with your order.

Sincerely,
Amazon

This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page.

Copyright Å  2014 amzon, Inc. All rights reserved. amzon is located at 2211 N. First St., San Jose, CA 95131.

TIPS

There are a number of telltale signs that this is a scam.  First and foremost, the email address from which it was sent has no relation to Amazon.  Also, the salutation does not refer to the person receiving the email by name.  Finally, there are some misspellings and typographical errors in the email.  However, the quality of this phishing email certainly is good, which is why it is so dangerous.  The key to avoiding becoming a victim of this type of social engineering phishing scam is to follow my motto, “trust me, you can’t trust anyone.”  Never click on a link or provide personal information unless you have absolutely confirmed that the email or text message received by you is legitimate.  In this case, if you had any thought that the email might be legitimate, you should contact Amazon directly at an email address or telephone number that you know is accurate.  Don’t respond to phone numbers or email addresses contained in the email itself.

Scam of the day – December 11, 2014 – Phony shipping phishing scam

Phony shipping phishing scam.  Try saying that fast three times.  Most likely you will trip on your words, but that is nowhere near much of a problem when compared to what happens to you if you fall for this scam.  The holiday season is a time when people are ordering gifts from many retailers.  It is common for companies to send an email confirmation when you order something online.  Scammers are taking advantage of this practice to send vast amounts of phony shipping notices and confirmation from what appear to be legitimate companies, such as Amazon with which so many of us do business.  However in these phishing emails, in which the scammer poses as a legitimate company, you are prompted to click on a link or download an attachment under various guises, such as confirming the order.  These links and attachments are filled with malware that will enable the scammer to steal all of your personal information from your computer and use it to make you a victim of identity theft.

Here is a copy of a phony phishing notice purportedly from Amazon.

bogusemail.jpg

TIPS

Legitimate companies will not have attachments or links for you to click on in any real confirmation of your order.  If you receive an email that informs you of a problem with your order or anything else that appears to require action on your part, never click on any links or download any attachments that may appear in such emails.  Rather, contact the real company through its website or a telephone number that you know is accurate.  Don’t use the telephone number contained in the email and don’t click through the email to purportedly go to the website.  Taking these simple steps can save you a lot of grief.