Fake Amazon Mail Phishes for Login, Payment Information

Spam: “Your $100 Amazon Prime credit will expire”

If you’re an Amazon Prime member, you’ll want to avoid the below spam currently dropping into mailboxes which claims “$100 of Prime Credit” will soon be lost if not made use of:

fake prime credit

Attn:-Your ($100)-AmazonPrime-Credit, Will Expire, on: 5/10/16.

AMAZ0N .com Prime. *****ATTN:(-1-) NEW MSG. RECEIVED: REGARDING YOUR AMAZ0N-REWARDS-POINTS

*****AMAZ0N-PRIME (SHOPPER#5443) - -- DATE: 05/4/16

*****ONE (- 1 -) DAY ONLY!

To show you how much we really do value your years of repeat business, & to celebrate the outstanding success of AMAZ0N Prime, we’ve just awarded you with $100 worth of AMAZ0N bonus-points that can be applied towards any product currently for sale on AMAZ0N's-website!

To use/claim your new store bonus, just simply follow the link that we have provided below here, & use this coupon-card during checkout on AMAZ0N’s website.......That is all there is to it!

Please Go Right Here NOW to Redeem Your New Prime-Reward. (This Reward is Set to Expire on 5/10/16)

*********The Link We'veProvided Above Expires-on 05/10/2016.....So DO NOT Wait!

Note the various ways they write “Amazon”, in what is presumably a crude attempt to get around Bayesian filtering (unfortunately for the spammers, this doesn’t tend to work that well). They also try another tactic to throw off spam filters, which appears to be pasting in chunks of food reviews:

More spam tactics

None of this actually helped them dodge spam filters, and if you’re on Gmail (for example) it’ll already be sitting in the spam box.

The primary Bit.ly link in the email leads to a URL which rotates various adverts determined by geographical region. Here’s a few examples:

The “Expert Reviews” site – which eventually leads to what it claims is a paid anonymity service – is particularly interesting, because it says this at the very bottom of the page:

This is an advertisement. Your privacy is important to us. We do not collect your personal information. Please review our Privacy Policy and Terms. No 3rd party has authored, participated in, or in any way reviewed this advertisement or authorized it. This website receives compensation for purchase of products featured. Products have important terms and conditions, please read all products terms and conditions before ordering any product.

Meanwhile, the “Search whatever you’re looking for” page which asks for an email address in order to proceed doesn’t appear to work at time of testing (“The requested resource was not found on our servers”).

So far, the Bit.ly URL used in this spam campaign has been clicked 4,180 times with the bulk of those coming from the U.S, (3,499), India (156) and the U.K. (82).

Despite the original email being a clear piece of spam, it seems the threat of losing $100 of fake Amazon credit is too much for some to bear and they’re clicking away on those mail supplied URLs. We advise everybody receiving one of these to check for the above clues, and go about their business – whatever Amazon credit you may have is under no threat from this particular missive.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.