Shopping on Amazon is extremely popular both with consumers and scammers seeking to exploit Amazon’s popularity. I have warned you many times over the years about scammers who send various types of phishing emails which purport to be from Amazon attempting to lure you into either clicking on links which can download malware, such as ransomware or keystroke logging malware or providing personal information that can be used to make you a victim of identity theft.
This latest Amazon phishing scam was forwarded to me by a Scamicide subscriber. It starts with an email that appears to come from Amazon informing you that there is a problem with your account and that it has been used by criminals to purchase gift cards You are then directed to an Amazon log-in page where you are instructed to verify your information and enter your user name and password. The log-in page looks legitimate, but it is not. It is a scam and if you provide this information, you will quickly find that your account will be used by the cybercriminals to make fraudulent purchases charged to your account.
Here is a copy of the phishing email presently circulating.
“Amazon Order Confirmation
Your Amazon account was used to buy a 250$ Gift Card on a computer or device that had not been previously associated with that Amazon account on Mon, 24 Dec 2018 03:37:52
If you did not make these Purchase or you believe an unauthorized person has accessed your account, you should Verify Your Information as soon as possible account page at :
Cancel The Order
Email delivery: Mon, 24 Dec 2018 03:37:52
Send gift card(s) to: ********@hotmail.com
Total Before Tax: $250.00
Order Total: $250.00
We hope to see you again soon.
There are a number of indications that phishing emails are not legitimate emails from Amazon, but instead is a phishing email. Legitimate emails from Amazon would be directed to you by name rather than being addressed to “Dear Customer” or as is the case with this email “hello.” It also is sent from an address that has no relation to Amazon, but is most likely sent by a hijacked computer made a part of a botnet to send out these types of phishing emails. The grammar and spelling in phishing emails is often faulty or stilted which is often an indication that the particular phishing email was sent by someone whose primary language is not English. The placement of the “$” after the digits “250” is an indication that this is a scam. This particular email came with an Amazon logo, but the logo is easy to counterfeit.
As with all phishing emails, two things can happen if you click on the links provided. Either you will be sent to a legitimate looking, but phony webpage where you will be prompted to input personal information that will be used to make you a victim of identity theft or, even worse, merely by clicking on the link, you may download keystroke logging malware that will steal all of your personal information from your computer or smartphone and use it to make you a victim of identity theft. However, some scammers manage to send emails directed specifically to you by name and appear to be sent from Amazon so you can never be too careful. Trust me, you can’t trust anyone.
If you receive and email like this and think it may possibly be legitimate, merely call the customer service number for Amazon where you can confirm that it is a scam.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”