Text of an email I received recently:
Dear Customer,
Your order has been successfully canceled. For your reference, here’s a summary of your order:
You just canceled order 162-427-72682 placed on May 11, 2012.
Status: CANCELED
_____________________________________________________________________
1 “Mounts”; 2003, Second Edition
By: Jamie TurnerSold by: Amazon.com LLC
_____________________________________________________________________
Thank you for visiting Amazon.com!
———————————————————————
Amazon.com
Earth’s Biggest Selection
http://www.amazon.com
Now, someone who wasn’t paying any attention (or is just too stupid to waste oxygen on) could easily have been caught out by this. There were links to a malware installation on both the purported “order number” and on the text referring to Amazon.com at the end of the email.
But… this one was just too, too easy to resist. First, I knew I’d not placed such an order. “But then,” someone might say (though certainly not YOU, gentle reader), “surely that would lead one to click the link to check on that order. After all, someone might be using one’s stolen Amazon ID to make purchases!”
Except, not mine, and I’m not clicking on ANY obscured link in an email without KNOWING where it leads. Not happening.
But, I did look at the email’s source text and see that the links were NOT to Amazon but to a site that would steal my Amazon creds were I to go there and log in. Except that neither my browser nor LastPass would recognize the site and offer to log in for me, were I to be foolish enough to have clicked the links anyway.
Oh, and the email was to an account that is not in any way, shape, fashion or form associated with my Amazon account, nor has it ever been. Sure, all my email accounts are polled and gathered by one account, but I checked which account the email had been sent to, AND the form is not what I’d have received from Amazon, what with a few pertinent details missing.
So, just taking few seconds to do a coupla quick checks averted the possibility, remote though it is given my other simple measures, of having my Amazon account credentials stolen.
It’s not hard and doesn’t take any time at all, but I’ll bet a few mouth-breathing, knuckle-dragging oxygen sinks with fewer active brain cells than a cracked crock of kimchi will fall for it.
I’m glad to have folks like you to keep reminding me not to be taken in. For the past several months I keep getting a reminder that my brand new Dell laptop computer is ready to be shipped and all they need is my address verification. Had I not known about this type of phishing I might have clicked on it. Now I just flush it with the rest of the trash.
I’ve had a huge load of those lately. Purporting to be from Amazon and YouTube.
Yep. And they’re still going out, because they’re getting results for the phishers. Sad, eh?
I have had loads of these fake Amazon ones sent to an alias address I use when I want to be anonymous.
Good on you for the anonymous address.