Using Amazon as a hook for a phishing scam is not surprising since so many people shop through Amazon. Reproduced below is an Amazon themed email phishing scam that is presently circulating. DO NOT CLICK ON THE LINK. As with so many phishing scams, this one appears legitimate as it lures you into clicking on a link in order to provide information purportedly to process your refund. However, the real purpose of the phony email is to persuade you to either provide information that will be used to make you a victim of identity theft or to click on the link which can download keystroke logging malware that will lead to your becoming a victim of identity theft or to download ransomware that will encrypt all of the data on your computer which the hacker will threaten to destroy if you do not pay a ransom.
There are a number of indications that phishing emails, such as this, are not legitimate. Sometimes the address from which it is sent has nothing to do with the company, which is an indication that the email was sent through a botnet of computers hacked into for the purposes of sending out large numbers of such phishing emails while hiding the real source of the email. However, even if the address of the sender looks correct, it still can be a phishing email. Grammar and spelling also apparently are not great strengths of many scammers. Often such messages will contain such errors as in this one the misspelling of the word “system” as “sytem.” In any event, even if you think when you get such an email that it might be legitimate, the risk of identity theft or ransomware is too great to trust it. Instead, call the company at a telephone number that you know is accurate to confirm whether or not the email is legitimate. Finally, make sure that you have up to date security software on all of your devices, recognizing, however, that such security software will not protect you from the latest strains of malware.