5th December 2012

At this time of year, a lot of people might fall for this Amazon phishing scam, and it could lead to disastrous consequences.

I buy a lot of stuff at Amazon, especially at this time of year. This email ended up in my in-box on the same day as several purchases I made,  so at first glance, it looked “legitimate”.

Fake Amazon email order confirmation

 

Then I realized that I had bought no ebook, and this certainly wasn’t what I ordered!  Another $80.00 charged to my account? I’d better log into Amazon and check that, right?

Wrong. Don’t Click The Link

That link does NOT go to Amazon (or Ebay, Paypal, Bank of America, Barclays, Talk-Talk, Ameritrade, etc.) This is simply called “Phishing“, and it’s not uncommon  to get emails like this for any big name services, whether or not you’re a member.

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

No matter how many times I say this, or how many times I’ve heard it said by others, invariably I’ll talk to a friend, relative or  client who tells me they did it anyway.

Where Does the Link Really Go?

It goes to another page, almost always on someones hacked website who isn’t even aware of the hack, and the page is an almost exact replica of the actual Amazon page.

This page LOOKS like Amaxon, but don't log in!

 

If I had gone to the link in the email, and entered my username and password, then the bad guys would have instantly had my Amazon access, along with the ability to order and pay for anything they want, to be shipped wherever they want.

Before making a purchases, the smarter hackers will change the associated email address with the account, and the real account holder won’t  even get the receipts from Amazon!

Go Directly To The Company Website

Any time you get an email that you’re not 100% sure about, and you feel compelled t ocheck your account, always go directly to your pbrowser and type in the address.

NEVER just click on the link in the fishy email, and you can even use your mouse to hover over the link to your login, or in this case, “Your Account” to verify that it’s a phony.

Even on a mobile phone, most modern email clients will pop up a little box that will SHOW you where the link is going before you click on it.

Hover your mouse over the My Account link to see where it really goes...

To be perfectly clear, if you get these emails, they are *not* an indication that you have been hacked, or that your account was compromised, or that the company where you have the account had their data stolen, etc.

These are almost always completely random, and the fact that  your email address happens to have an account at the site in question is just the luck of the phisherman.  Don’t bite!

 

If you like what you've seen here, would you please share this?
    PDXTC & Search Commander, Inc.
    11124 NE Halsey St. #481 PortlandOR97220 USA 
     • 503-946-6881
    twitter / shendison

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>