Copied below is an email currently being circulated that is a good example of a social engineering phishing email designed to either get you to provide personal information or to click on a link that will download keystroke logging malware on your computer that will result in your data being stolen and used to make you a victim of identity theft. The email appears to be an email from Amazon indicating that there is a problem with your account. In order to remedy the problem, you are prompted to click on a link and either provide the requested personal information or just by clicking on the link you may unwittingly download the keystroke logging malware. This type of phishing email is so effective because it looks so legitimate. It also has a higher chance of being effective merely because so many people who receive it will indeed be Amazon customers.
Here is a copy of the email: DO NOT CLICK ON THE LINK.
We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?.
Or contact Amazon Member Services Team. We’re available 24 hours a day, 7 days a week.
f you need further assistance with your order.
This email was sent by an automated system, so if you reply, nobody will see it. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page.
Copyright Å 2014 amzon, Inc. All rights reserved. amzon is located at 2211 N. First St., San Jose, CA 95131.
There are a number of telltale signs that this is a scam. First and foremost, the email address from which it was sent has no relation to Amazon. Also, the salutation does not refer to the person receiving the email by name. Finally, there are some misspellings and typographical errors in the email. However, the quality of this phishing email certainly is good, which is why it is so dangerous. The key to avoiding becoming a victim of this type of social engineering phishing scam is to follow my motto, “trust me, you can’t trust anyone.” Never click on a link or provide personal information unless you have absolutely confirmed that the email or text message received by you is legitimate. In this case, if you had any thought that the email might be legitimate, you should contact Amazon directly at an email address or telephone number that you know is accurate. Don’t respond to phone numbers or email addresses contained in the email itself.