Now we need to cover emails scams that purport to come from big corporations. The hackers and scammers will make the most money from online purchases over Christmas and the world's biggest online retail site is the number one target.
Although it thinks it's the corporate Santa, to be fair, Amazon has tried hard to prevent its customers from being hacked by implementing tougher login protocols and writing several help pages on how to spot a fake Amazon email.
LINK 1 – Amazon's scam email advice pages
But the company suffered an attack itself in early 2017 and thousands of its customers' details were compromised. Some believe part of the problem here is because Amazon also provide server packages for anyone who wants them. They are potentially supplying servers to the same hackers who try to bring them down using inside knowledge of Amazon's systems. I don't know how true this is but, while there may be a case for a conflict of interests, we must only be concerned with protecting our data, our devices and our lives. Obviously, if we've never used Amazon (congrats) then all the following emails should be deleted, but for Amazon users let's flag up some of the common scams:
1. The verification scam
Obviously, if we've read the last few chapters of this guide properly we aren't supposed to open an email like this. Chapter 4 showed us how to view the email's source without opening it but let's say we're having an off day.
Oops! This image does not follow our content guidelines. To continue publishing, please remove it or upload a different image.
Looks legitimate doesn't it.
This one fools a lot of people. Let's examine it closely.
a) The subject line itself is highly suspicious. "We could not confirm the address associated with your email account." Amazon insists it would never send an email asking for ANY personal information. If they want to question any of our credentials, they'll ask us to do it through the official Amazon website.
b) The return email address is clearly not going to Amazon but to an external account. Yes, it has the word Amazon in the link (although not part of the address) but we could all create an email address that has that.
c) It isn't addressed to us by name but to the generic 'Amazon Customer' – a dead giveaway.
All the links go to a third party website designed to look like Amazon's and set up by the attacker. There, we are encouraged to fill in our full name, address and credit card details. Expect a sum of money to disappear from our bank account. Alternatively, we will have to change all our credit cards and other private details we gave away.
2. The 'wrong order' scam
This one is clever because it's subtle. It's saying we ordered goods and they will arrive shortly. Trouble is, we never ordered them! That's the catch, if we get an email saying we ordered something we didn't, DON'T CLICK ANYTHING on this email. The links will again lead to a spoof website, cloned from Amazon pages, which will require login and bank details. We can always contact Amazon (using an external safe browser page well away from our email) to check if there's a genuine mistake. There usually isn't. Again, checking the source and return address before opening will save a lot of grief.
3. The order may be late or delayed scam
Very common scam, whicha friend of mine recently fell for. I mentioned this scam in the Secret of Safe Surfing Layer # 8 ~ Don't get a PUP for Christmas(LINK 2). It uses the 'Amazon Customer' as an addressee, meaning it is guessing who we are. It works superbly if we are actually waiting for an Amazon order. The email will say our order is delayed or will have to be cancelled if we don't verify our account. It may say our credit card has been declined, or that we need to re-register because Amazon are 'improving' their customer service. This is of course ALL LIES. We click the link in the email and it takes us to a fake Amazon site, blah, blah, blah...
4. The Gift card scam
Here, the attacker encourages us to pay using our Amazon gift card if we have one. They will usually ask us to do this via an external website to pay through a gift card when in reality we can only use Amazon Gift cards through the Amazon website. What is happening here is by giving out our gift card details we're allowing the attacker to drain it of any credit. The hook for these scams is a very cheap product, sometimes a third or even half as cheaper than the market price where the seller is moving and wants a 'quick sale'. Many people have fallen for this one when looking for cars online and have found one for sale on Amazon. If only they realised that Amazon doesn't actually sell cars.
5. The review scam
This one thanks us for buying a product through Amazon and asks us to click a link and review the item and we'll get paid $50-$100. If we bite, expect the usual data theft and bank account-emptying procedures.
All these scams are avoidable. If we don't open the email and view source instead, check if the sender's email address actually returns to Amazon and check our Amazon account to see if they sent an email.
