There is irony here, just yesterday I was contacted by a former client regarding an Amazon Account I had set up for them over a year ago – they lost the password, yada yada yada. I forwarded them some information and case closed. This morning however, and quite coincidentally, I noticed an email sitting in my In-Box allegedly from Amazon – now I can see how the timing of such an email may have lured me in, you know? It was present in my mind and I could have easily thought it was residual information in the clients Amazon account associated with my account or some such email confusion. However…
Alleged Email from Amazon
If you read the email carefully and are familiar with how companies like Amazon communicate with their customers, you would immediately identify that this email lacks the “tone” and “etiquette” that Amazon would use in any communication with their customers. The dead giveaway? These two sentences right here:
We are monitoring account activity and we noticed your payment option has expired .
We hereby notify you that your account is liable to be deleted. In order to keep your account active you need to login and update your Amazon registration data.
First of all, they do not monitor your account activity for the currency of your payment option. If you tried to make a purchase at Amazon.com and your credit card on file had expired or something, you would be notified at the time of purchase.
They would not use the word “hereby” and they certainly would not make improper use of the word “liable”. Someone is going to great lengths to sound “professional” and what they have done is exposed themselves as a fraud.
Of course the tone and grammar reveal can be subtle, and if you are not strong in that area, here is a more reliable method to reveal a scam. The real give away is in the “hidden links” within the email itself. The point of a spoofed email is to get you to trust the sender and click the link. It is your responsibility to know how to look at a link and make sure it is not a threat. The easiest way to avoid a scam would be to go directly to www.Amazon.com and log in to your account and check to see if there are any kind of notices in your account. Here is another quick method that you can use to verify the sender. You will simply “mouse over” the embedded link within the email – DO NOT CLICK ON IT!
I have two examples here for web-based mail, I use AOL and will show you one view in Chrome and one in FireFox (FireFox and Internet Explorer look pretty much the same).
Notice how at the bottom of the web browser you can see that the actual link is displayed in what we call the “status bar” ? It clearly shows us that the link does not actually go to Amazon.com but rather to a site called “ttl1.net” – I imagine this domain will be down shortly since I already notified Amazon of the scam…
Taking the time to send spoofed emails like this to authorities is really the key to protecting yourself. If you receive an email such as this spoofing Amazon you can forward the email to Amazon’s security department at:
stop-spoofing@amazon.com
I received this lovely auto-response from Amazon immediately after forwarding the email and it contains some more useful information on the subject.
Thank you for writing to Amazon.com to bring this to our attention.
Your message has been forwarded to our security department, and we will investigate the situation. Please note that you may not receive a personal response.
In all likelihood, the message you received was not sent to you by Amazon.com. We strongly advise that you *not* send any information about yourself back to this individual (especially your credit card number or any personal information).
If you have already submitted any personal information to this person via e-mail or on a potentially fraudulent web site, you may wish to contact Customer Service for assistance. To send an e-mail to Customer Service, please visitwww.amazon.com/contact-us/
In the future, if you are ever uncertain of the validity of an e-mail, even from us, don’t click on any supplied links–instead, type our web site address “www.amazon.com” directly into your browser and follow the regular links to Your Account. Many unscrupulous spoofers mislead consumers by displaying one URL while taking the visitor to another.
By typing in a well-known address you can avoid this trick.
Also, please be assured that Amazon.com is not in the business of selling customer information. Many spammers and spoofers use programs that randomly generate e-mail addresses, in the hope that some percentage of these randomly generated addresses will actually exist.
If you are trying to contact us about something other than a spoofed e-mail message, please contact Customer Service for assistance. To send an e-mail to Customer Service, please visit www.amazon.com/contact-us/
If you encounter any other uses of the Amazon.com name that you think may be fraudulent, please do not hesitate to contact us again.
Thank you again for taking the time to notify us of this situation.
Sincerely,
Amazon.com
My final word of wisdom, don’t click on anything EVEN IF YOU KNOW THE SENDER!! Of course, it can’t really be helped, but go ahead and be cautious.