You receive an email that seems to be from order-update @amazon.com. It is addressed to my email address, not ‘unknown recipients’ or blank as most phishing emails are usually addressed.
The title is “Amazon.com – Your Cancellation 139-216896-257848336”
This looks genuine.
The email describes the cancellation of an order yesterday and the relevant book title and details.
There is a link to the order to review it and at the bottom of the email there is a link to Amazon.
Both of these links are fake – they go to davidestore.com which is clearly not Amazon.
These phishing emails look very professional – an exact match for Amazon emails and no spelling mistakes or poor grammar.
Many people use a family account for Amazon so may not immediately recognise the email to be fake.
Do not be tempted to click on the links to see what happens or unthinkingly believing it will get you to the relevant Amazon page – because it won’t. The link is to a fake version of an Amazon page and it just wants your Amazon access details so the thieves can plunder your Amazon account.
What about the fact that the email appears to be from Amazon?
The senders have ‘spoofed’ the Amazon address so the email does appear to be from Amazon. This is more difficult to do than the average scammer will bother with but some do use this spoofing technique to make their messages seem more genuine. (http://www.fightbackonline.org/index.php/guidance/12-explanations/63-the-problem-of-fake-emails tells you more about spoofing)
What should you do if you receive one of these phishing emails that seems to be from Amazon?
Amazon say the best approach is to send the phishing email as an attachment to firstname.lastname@example.org and they will be able to establish where the email originated and hopefully stop the perpetrators.
If you have any experiences with scammers, spammers or time-waster do let me know, by email.