Not a very creative scam…But it will catch (too) many!!!
Received a spam email today. Let’s go through it…
Message read as follows:
Let’s look at a few things that let you know this message is fake and should be ignored:
- No salutation;
- The sender – email@example.com. Clearly, this is not an Amazon email. Note after the @, gexpro.com, not amazon.com;
- The receiver would know whether they have an Amazon Prime account. It is not surprising that this phishing attack would be sent at this time, as Prime Day just ended. There would be millions who signed up as Prime members to take advantage of the recent deals. For those who do not have a Prime account, they may take a shortcut and click where indicated to check why they have received this message.
- The amount, $12.99 is interesting. Most people would know if they had made a purchase for $12.99, but even if they didn’t, they could be inclined to click on the “Update Payment Information” box just to ensure their payment information is correct.
- There will be many items that are priced at $12.99 on Amazon. For those who made a purchase for this amount, they may be “quick to click” to ensure their payment information is current, so they will receive their item.
- Authentic Amazon emails are not signed as “Amazon Customer Service”. Typically, Amazon would end their emails with signatures similar to this:
We’re Building Earth’s Most Customer-Centric Company
Note: this e-mail was sent from a notification-only e-mail address that cannot accept incoming e-mail. Please do not reply to this message.
Note the end of the message: “Please do not reply to this message”. This is included in most if not all Amazon messages, as they know they are routinely targeted for phishing and spear phishing attacks that request recipients to “click” on some area of the message. Instead, Amazon typically instructs that you sign in to your Amazon account and respond to whatever issue Amazon is bringing to your attention.
There are other indicators this message is a scam. You can also right click on the sender’s name, and there should be a drop-down menu that appears. Typically, near the bottom, there is an option, “Show Original”, and by clicking on that, a significant amount of detail will appear. If you are the techie type, you can learn much from this information – to the average “non-computer” type, the details will not mean much, but are there for those interested in learning more about who actually sent the message (remember, these messages are often spoofed, whereby the sender’s ID may not be from where the message actually originated).
Hope this helps!
Remember – Stay cyber-safe – “Don’t be quick to click”!