Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

PHISHING SCAM - Amazon 'Integrity Check' Email


Outline

Email purporting to be from Amazon claims that the company performs regular integrity checks on user accounts and the recipient must therefore click a one-time validation link to avoid account suspension.

Facebook phising
© Depositphotos.com/ EdwardSamuel

Brief Analysis

The email is not from Amazon. It is a phishing scam designed to steal Amazon account login details and credit card data. If you receive this message, do not click any links that it contains.

Example

Dear Customer,

What is this all about? Every six months Amazon makes integrity checks related to his customers accounts, how they use the account and if the account is still used by the customer. If the customer account is not used for a longer period of time (1 months) it will be disabled of by Amazon Team and then removed in the next two months of inactivity.

To validate that still use this Amazon account please click the generated link as follows:.

One time use validation link: [Link Removed]

The procedures to disable and then delete the account according to the term of use specified in the Terms and Conditions will take place after the link expire. - The verification procedure requires a very short time from the customer. - The generated link above is only active for 24 hours. If during this period the customer does not make verification account will be disabled until further notice.

Thank you for your understanding and apologize for any inconvenience that this may create. Amazon Customers Service Team Please note: This e-mail message was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message.

Amazon Integrity Check Scam


Detailed Analysis

According to this email, which purports to be from Amazon, the company performs 'integrity checks' on customer accounts every six months. It claims that, if a customer's account is not used for longer than one month, it will first be disabled and then - after two months - removed completely.

To counter this supposed problem, the message instructs customers to click a 'one time use' validation link. But, warns the message, the link is only active for 24 hours and if customers fail to 'make verification' within that time frame, their accounts will be disabled.

However, the claims in the email are lies. The email is not from Amazon and users certainly do not need to click the link to validate their accounts. The message is a phishing scam designed to trick users into relinquishing their personal and financial data to Internet criminals.

The phishing website used in this particular incarnation of the scam had already been removed at the time of writing. However, new emails with links to active pages will likely be sent out.

The links in these scam messages typically lead to a bogus webpage designed to look like a genuine Amazon page. The bogus page asks users to provide their Amazon account login details, ostensibly as part of the verification process. After 'logging in' on the fake site, users may be taken to a second page that asks for their credit card details and other personal and financial information. If they supply the requested information, users may then receive a message claiming that their validation has been successful.

Meanwhile, the scammers can collect the information submitted on the fake forms and use it to hijack Amazon accounts and commit credit card fraud.

The strange spelling and grammar used in this scam message should be an immediate red flag for recipients. You can report Amazon phishing scams like this one via the reporting address on the company's website. Because it conducts so much of its business online, Amazon is regularly targeted by phishing scammers.



Last updated: April 14, 2014
First published: April 14, 2014
Written by Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams - Anti-Phishing Information
Report a Phishing or Spoofed E-mail
Amazon 'Important Message From Security Center' Phishing Scam