Amazon "Notice: Ticket Number" Phish Seeks Card Details

Amazon “Notice: Ticket Number” Phish Seeks Card Details

We see fake Amazon emails every now and again, and below you can see the most recent addition to our spamtraps.

The email subject line suggests support tickets and urgent action required:

Notice: Ticket Number PIA-9U3C-A1P4-3R2-5R18225A

Things go slightly off the rails after that, because the phish has been sent from an email address claiming to be customer support but not quite getting it right:

Costumer Support.Amazon

Well, that didn’t get off to a great start. On the other hand, anybody recently purchasing novelty clown costumes might be a little more likely to fall for this.

Amazon phish mail

The email reads as follows:

Welcome to Amazon ,

We need to confirm your account information,you must confirm your amazon account before we close it.

Click the link below to confirm your account information using our secure server:

They go on to mention orders, payments, settings and Kindle management to make it all seem a little bit more realistic.

The Sign-In button, marked as “Sign in to your account to start” takes clickers to a couple of sites which appear to have been compromised. We start with


which redirects the potential victim to goodforks(dot)com, a record label website:

login page

After entering email and password, the end-game is in sight as the scammers responsible for the compromises and phishing pages ask for name, address, country, city, ZIP, phone number on the first page…

Fake payment info request

…and payment information on the second.

Fake payment request

Note that HTTPs is absent from the above page, and it also lacks the green “Identity Verified” Padlock in the URL bar. This email is already caught as spam in Outlook, though we can’t say for sure how many other email providers also flag this at time of writing. Ignore any emails you’re unsure of, and if in doubt navigate directly to Amazon by typing it in the browser to avoid these types of underhanded shenanigans.

Christopher Boyd


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.