Amazon buyer spoof email is doing the rounds
Here’s a reminder to keep an eye out for spoof emails doing the rounds with the aim of duping you (and shoppers) out of your personal details. Often called ‘phishing’, the idea is to catch you off guard into providing things like addresses, bank details and passwords. The current one reported relates to Amazon and it tells shoppers to confirm they’ve bought an item online.
Needless to say, no such purchase will have been made. But concerned shoppers could easily be fooled by the realistic looking email that says it comes from firstname.lastname@example.org. The supposed purchases include Bose stereos, iPhones, cameras and expensive watches. Here’s an example of the email.
The ubiquity of Amazon makes it a tempting target for phishers. The fraudsters will gather email addresses by the millions and take a scatter gun approach in the hope someone will fall for it and reveal valuable information.
As Amazon say on their page on identifying spoofs: “If you received an e-mail regarding an order you didn’t place, the e-mail likely wasn’t from Amazon. Please send the e-mail as an attachment to email@example.com.”
These fraudsters don’t rely on your stupidity but your goodwill. If you receive an email about an order you don’t think you made you’ll obviously be keen to resolve that as quickly as possible. Just a moment’s thought and a little caution will alert you to the problem. So just take a moment to reflect and also bone up on some of the giveaway signs of a spoof email.
Just got this today;
Enquiry from Amazon customer Michael
Three weeks ago I have ordered and paid an Amazon item from you and I still have not received it!!!
This is the order/item I am talking about:
What is happening with this order and its delivery? Have you sent it yet? Will I still receive or not?
Please let me know at once or refund my money immediately!
Check my order and give me an answer or else I will report you to Amazon and to the police!
Notice the link is not Amazon.co.uk but a .xyz and no doubt takes you to a site asking you to log in as normal, get loads for ebay and normally just forward to spoof@ yet Amazon want you to send as an attachment
They want you to forward as an attachment as they can read the original headers that way – can help them find the source and prevent / slow the rate down.
I receive Amazon customer emails making INR claims and I do not sell on Amazon. I assume the spam bots grab the contact info from ebay or the website and hey presto!