FLASH: Amazon phishing email

T’is the season for giving and if you’re family is like ours, you’ll be buying a number of things from Amazon,  or other on-line retail outlets.  I just received this email notice.

amazon-hack

Given the number of email notifications I’ve been receiving from Amazon lately, I was in auto-pilot and almost clicked on the attachment to see what I’d ordered and see if there was a tracking number.   Fortunately, I noticed that the formatting wasn’t quite right (though it was close, including the font and yellow color that Amazon uses).  So, before clicking, I looked more closely and saw the following:

  • The attachment was a .zip file, which likely contained an executable file.  Amazon aways sends links to their website.
  • The “from” address is weird: Orderuqkx@Amazonky.com.  Amazon always uses their URL amazon.com.  In fact, Amazon uses this address for order information: order-update@amazon.com
  • The “to” address (redacted) had several email addresses.  Come on … If Amazon was contacting me about my order, they wouldn’t be sending it to a group of folks.
  • There were some URLs to what looks like the proper amazon website, but I suspect that was to “validate” it was a real amazon email.

The upshot is that you need to stay diligent to insure you don’t fall for attacks like this.  If you’ve clicked on a questionable link or attachment, take your computer down and have it looked at by an expert.

Also, I wrote a post entitled Have a Secure Holiday Season last Christmas season.  Have a look.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: