Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Issue 136 - August 2012 (1st Edition) - Page 4

Amazon Account Review Phishing Scam

Issue 136 Start Menu

Previous Article            Next Article

Outline
Emails purporting to be from Amazon.co.uk claim that, due to a recent review, access to the recipient's account has been limited until more account information is supplied via an attached form. Some versions ask users to click a link to access the form rather than open an attached file.



Brief Analysis
The emails are not from Amazon. Instead, they are phishing scams designed to steal sensitive personal and financial information from Amazon account holders. Information entered on the bogus forms will be sent to cybercriminals.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:




Last updated: 26 July 2012
First published: 26th August 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

Subject: Amazon Important Case

Dear Customer,

Your Amazon account including order(#206-520728-332921) has been placed on hold as we require further verification to allow us to process your order in a timely and securemanner.

We are unable to verify your address as your card issuerhas declined your payment, as a result your amazon account has beentemporarily locked until you complete the folowing verification checks.

Please Click Here to confirm your account.

YourAmazon account and order will remain locked until we can verify thisinformation. Failure to verify your account within 7 days will result inyour account being permanently closed.

Kind reg ards,

Sandra Lee
Account Specialist






Detailed Analysis
This message, which purports to be from the UK branch of giant online store Amazon, claims that access to the recipient's Amazon account has been limited. According to the message, the user is required to provide more information due to a recent account review. The message claims that the user can restore account access by filling in a verification form contained in an attached file. A later version claims that the recipient's Amazon account has been placed on hold and will be closed unless he or she clicks a link to "confirm" the account.

However, the emails are not from Amazon. In fact, they are phishing scams designed to trick people into submitting personal and financial information to Internet criminals. Clicking the attachment or clicking the link opens a bogus form in the user's web browser like the one displayed below:

Amazon phishing scam fake form

The bogus form asks for credit card details along with name, address and contact information. The form is designed to resemble a genuine Amazon web page.

If a victim fills in the form and clicks the "Continue" button, all of the requested information can be sent to cybercrimnals. Armed with this stolen information, these criminals can then use the victim's credit card for fraudulent transactions and possibly steal his or her identity. They may also onsell the stolen details to other criminals via online black markets.

Once the bogus form has been submitted, victims are automatically redirected to the genuine Amazon website. Thus, they may remain unaware that they have handed their personal details to criminals until fraudulent transactions and other evidence of identity theft subsequently comes to their attention.

Amazon will never ask customers to provide personal and financial information via an unsolicited email. And the company would certainly never expect customers to provide personal information via an unsecure HTML email attachment.

Any unsolicited email that asks you to provide personal or financial information either by following a link to a website or by opening an email attachment should be treated with due caution. No legitimate company or financial institution is ever likely to request private details from customers using such methods.

Bookmark and Share

References
Phishing Scams - Anti-Phishing Information
Identifying Amazon E-mail

Previous Article            Next Article

Issue 136 Start Menu

Pages in this issue:
  1. Facebook Post - Seven Year Old Shot Saving Mom
  2. Cranky Old Man Poem
  3. Facebook Survey Scam - Free $500 Coles Voucher
  4. Amazon Account Review Phishing Scam
  5. Ellie May Ashley Missing Person Alert (Ellie Has Now Been Found)
  6. 'Private Message' Phishing and Survey Scam Emails
  7. AOL Deactivated Account Phishing Scam
  8. 'Mystery Shopper' Money Laundering Scams
  9. Hotel Booking Confirmation Malware Emails
  10. Chase Online 'Unconfirmed Payment' Phishing Scam
  11. 'Buddha' Shaped Pears
  12. Yacht Launch Mishap
  13. McDonald's 'Mega Promotion Award' Advance Fee Scam
  14. Intuit "Payroll Processing Request" Malware Email
  15. Facebook Survey Scam - Bestbuy Gift Card
  16. FBI Arrest Warning Advance Fee Scam