FLASH: Amazon phishing email
T’is the season for giving and if you’re family is like ours, you’ll be buying a number of things from Amazon, or other on-line retail outlets. I just received this email notice.
Given the number of email notifications I’ve been receiving from Amazon lately, I was in auto-pilot and almost clicked on the attachment to see what I’d ordered and see if there was a tracking number. Fortunately, I noticed that the formatting wasn’t quite right (though it was close, including the font and yellow color that Amazon uses). So, before clicking, I looked more closely and saw the following:
- The attachment was a .zip file, which likely contained an executable file. Amazon aways sends links to their website.
- The “from” address is weird: Orderuqkx@Amazonky.com. Amazon always uses their URL amazon.com. In fact, Amazon uses this address for order information: email@example.com
- The “to” address (redacted) had several email addresses. Come on … If Amazon was contacting me about my order, they wouldn’t be sending it to a group of folks.
- There were some URLs to what looks like the proper amazon website, but I suspect that was to “validate” it was a real amazon email.
The upshot is that you need to stay diligent to insure you don’t fall for attacks like this. If you’ve clicked on a questionable link or attachment, take your computer down and have it looked at by an expert.
Also, I wrote a post entitled Have a Secure Holiday Season last Christmas season. Have a look.