We see fake Amazon emails every now and again, and below you can see the most recent addition to our spamtraps.
The email subject line suggests support tickets and urgent action required:
Notice: Ticket Number PIA-9U3C-A1P4-3R2-5R18225A
Things go slightly off the rails after that, because the phish has been sent from an email address claiming to be customer support but not quite getting it right:
Costumer Support.Amazon
Well, that didn’t get off to a great start. On the other hand, anybody recently purchasing novelty clown costumes might be a little more likely to fall for this.
The email reads as follows:
Welcome to Amazon ,We need to confirm your account information,you must confirm your amazon account before we close it.
Click the link below to confirm your account information using our secure server:
They go on to mention orders, payments, settings and Kindle management to make it all seem a little bit more realistic.
The Sign-In button, marked as “Sign in to your account to start” takes clickers to a couple of sites which appear to have been compromised. We start with
nochisaki(dot)com
which redirects the potential victim to goodforks(dot)com, a record label website:
After entering email and password, the end-game is in sight as the scammers responsible for the compromises and phishing pages ask for name, address, country, city, ZIP, phone number on the first page…
…and payment information on the second.
Note that HTTPs is absent from the above page, and it also lacks the green “Identity Verified” Padlock in the URL bar. This email is already caught as spam in Outlook, though we can’t say for sure how many other email providers also flag this at time of writing. Ignore any emails you’re unsure of, and if in doubt navigate directly to Amazon by typing it in the browser to avoid these types of underhanded shenanigans.
Christopher Boyd