Amazon phishing scam’s authentic appearance fooling many

By Evan Asher July 27th in Blog

The latest phishing scam to cross our desks is an e-mail that appears to be an order confirmation from Amazon.com.  In order to create a legitimate looking e-mail, the offenders have copied an actual Amazon order confirmation including all the graphics.  It appears to be legitimate, although there are some typos that should raise a red flag.  Most phishing scams are written with poor English, however this one copies the text directly from a legitimate Amazon order confirmation. The only overt clue is the math.  The subtotal of items is $72.99, the total before tax is $44.99, and for some reason even though there is $0.00 tax, the total is $51.99 (and the Grand Total at the top of the e-mail is $55.99!)

If not for the typos, how can you know whether an e-mail is a fake?  One great way to check is to use a program like Outlook to view your e-mail.  When you hover your mouse cursor over any link in an e-mail, it displays a balloon that tells you what the link points to.  Notice in the picture for this example, I’ve placed my cursor over the link for “Click here and see items.”  It does not point to www.amazon.com.  In fact, every link in this e-mail, from Your Account to Help, points to that same nefarious website.

When in doubt, don’t click on the link in the e-mail, but instead open your web browser and visit the website.  Logging into Amazon would reveal no such order, confirming your suspicions.  Phishing scams like this are used to steal your login information, gaining access to personal and payment information, so remember to be cautious even if an e-mail looks legitimate.