Anatomy of an Amazon Phishing Scam

It seems as if my SPAM folder contains several phishing e-mails every time I check it.  The SPAM filters are getting pretty good about filtering these out.  However, every once in a while, one makes it past my spam folder and into my inbox.  Usually these are much more sophisticated, and easy for an average user to miss.

Phishing E-mail

This e-mail arrived in my Inbox this afternoon.  (Click on the image to view it larger.)  There are several things that indicate this e-mail is not legit.  First of all, look at the "From" address in the e-mail: amazongifts@bluelinegives.com.  Amazon itself will always e-mail you from an Amazon.com domain, rather than something like bluegives.com.  Next, legitimate Amazon e-mails always use your registered Amazon user name.  A legit e-mail would open "Hello Laurel S. Nevans" (my registered Amazon username,) instead of "Hello laurel" (note the lower case name.)

More importantly, look at the URL of the link: http://giftcards.amazon-today.com/.  If I hover my mouse over that link, I can see that it actually goes to http://www.bluelinegives.com/renal-factory/8dcTP861g8qfv2f-yKWmOyFKmVvnVMmKsVn0Mjhee5.  Now, neither link actually leads to the Amazon domain.  The purported link points to amazon-today.com rather than to Amazon.com, something that should raise alerts.  But if you take the time to check out where the link actually leads, it is obvious that it is in no way, shape, or form related to Amazon.  Even the big "Amazon.com" link at the bottom leads to http://www.bluelinegives.com/renal-factory/8dcTP861g8qfv2f-yKWmOyFKmVvnVMmKsVn0Mjhee5.

Now I do not suggest you do so, but if you WERE to follow that link, chances are you'd reach a perfectly cloned Amazon log-in page, one that uses the correct graphics and is a pretty exact copy of the Amazon log-in page.  If you actually entered your credentials there, well, you've just given all of your Amazon info to a scammer. And if you have a credit card attached to your Amazon account, you've given them that as well.

Once the crooks have your username and password, they can log in to your account and change your password, effectively locking you out of your own Amazon account. They may also change shipping addresses, associated e-mail accounts, etc., so they can place orders without you knowing. And all because you clicked the wrong link.

Now this post uses an actual Amazon Phishing e-mail for an example, but scammers use similar tactics with other companies.  Banks, credit cards, and online store accounts are often used to phish you.  The same principles apply when you receive any official looking e-mail: check the links and the from address to ensure you are not being phished.

And in case you're unsure of what the word "phishing"means, here is the definition:

phish·ing

ˈfiSHiNG/

noun

noun: phishing

1. the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Have you been phished?  Are there red flags you look for when reading your own e-mail?  Let us know in the comment section below.