We’ve probably all seen some ridiculous emails that try to swindle us out of our money or our data, and it might seem like email scammers and their malicious phishing attempts aren’t even trying all that hard anymore. Rest assured, though, that is not the case. A new phishing attempt making the rounds again is so good that it’s pretty hard to tell it’s a fake, mostly due to the fact that this scam looks for all the world like it’s trying to protect you from none other than email scammers!
As a really great comedienne once said, “I’m pretty sure this is how wormholes are made.”
Yes, this phishing attempt—expertly crafted to look like a dire warning from Amazon.com’s UK division—is actually warning consumers that their Amazon accounts were accessed by a third party, and even lists a Romanian IP address as the culprit (knowing that you wouldn’t be able to tell who that person is from the IP address, or even if that IP address is valid). It goes on to explain that the recipient of the email must click the included link in order to update his information, as well as change his password.
These types of emails are almost always full of bad grammar and awkward sentence construction, as many of them originate outside the US and have been written by non-standard or non-native English speakers. Many often start with wording like, “My dearest sir or madam,” or “My precious friend.” Instead, this particular letter addresses the recipient with “Dear Customer,” and is uniquely well-written. The Amazon logo is prominently displayed, and the color scheme of the entire message closely matches the Amazon website.
If the letter is that good, how do we know it’s a scam? Because genuine correspondence from a legitimate company will never ask you to click the link in order to fulfill some sort of process. The customer receiving the message should have been directed to take it upon himself to log into his account through his own browser, not through a mystery link. Any company, perhaps even one that you already do business with, that sends out an email asking you to click on an unrevealed link should be avoided for not having better security protocols in place.
If you ever receive an email of this kind, do not fall for it; delete it immediately and report it to the company it allegedly came from. Most companies have employed an email address specifically for these kinds of problems, and you can simply forward the email address to the scam, spoof, or phishing department of that company. But even if you receive a suspicious email that turns out to be legitimate, you will have not caused any harm by calling or contacting the company to verify it first. Protect your security and your account information by adopting good online safeguarding habits and staying informed about the latest scams and phishing attempts.
If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center's Anyone3 fundraising campaign. For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.