I post at SearchCommander.com now, and this post was published 10 years 11 months 28 days ago. This industry changes FAST, so blindly following the advice here *may not* be a good idea! If you're at all unsure, feel free to hit me up on Twitter and ask.
At this time of year, a lot of people might fall for this Amazon phishing scam, and it could lead to disastrous consequences.
I buy a lot of stuff at Amazon, especially at this time of year. This email ended up in my in-box on the same day as several purchases I made, so at first glance, it looked “legitimate”.
Then I realized that I had bought no ebook, and this certainly wasn’t what I ordered! Another $80.00 charged to my account? I’d better log into Amazon and check that, right?
Wrong. Don’t Click The Link
That link does NOT go to Amazon (or Ebay, Paypal, Bank of America, Barclays, Talk-Talk, Ameritrade, etc.) This is simply called “Phishing“, and it’s not uncommon to get emails like this for any big name services, whether or not you’re a member.
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
No matter how many times I say this, or how many times I’ve heard it said by others, invariably I’ll talk to a friend, relative or client who tells me they did it anyway.
Where Does the Link Really Go?
It goes to another page, almost always on someones hacked website who isn’t even aware of the hack, and the page is an almost exact replica of the actual Amazon page.
If I had gone to the link in the email, and entered my username and password, then the bad guys would have instantly had my Amazon access, along with the ability to order and pay for anything they want, to be shipped wherever they want.
Before making a purchases, the smarter hackers will change the associated email address with the account, and the real account holder won’t even get the receipts from Amazon!
Go Directly To The Company Website
Any time you get an email that you’re not 100% sure about, and you feel compelled t ocheck your account, always go directly to your pbrowser and type in the address.
NEVER just click on the link in the fishy email, and you can even use your mouse to hover over the link to your login, or in this case, “Your Account” to verify that it’s a phony.
Even on a mobile phone, most modern email clients will pop up a little box that will SHOW you where the link is going before you click on it.
To be perfectly clear, if you get these emails, they are *not* an indication that you have been hacked, or that your account was compromised, or that the company where you have the account had their data stolen, etc.
These are almost always completely random, and the fact that your email address happens to have an account at the site in question is just the luck of the phisherman. Don’t bite!