Scam artists are getting so good at creating realistic-looking phishing emails that some are getting past Gmail’s spam filters. Although most of us have been trained to spot suspicious email messages, some (like the one above) look like they could be from companies like Amazon.
Bad actors posing as companies you do business with is nothing new. If you look at your spam folder right now, chances are that you’ll see emails claiming to be from your cellphone carrier (T-Mobile, Verizon, AT&T, etc.) or a large retailer (Amazon, Best Buy, Target, etc.).
In this case, we received an authentic-looking email pretending to be a support ticket from Amazon. The message claims the company is having issues authorizing a purchase and needs us to re-enter our billing information. As this phishing attempt arrived leading up to the holiday shopping season, it’s easy to see why someone might instinctually trust the email’s legitimacy.
Thankfully, if a similar phishing email ends up in your inbox, there are a couple of easy ways to identify it as spam.
But before we dig into this particular phishing attack, know that we DO NOT recommend you open any email that you suspect to be spam or click on links found within the message. Instead, immediately report the email, mark it as spam, and delete the message.
The first thing you should always check before clicking or tapping links in an email is the sender’s email address. Although the address can be spoofed, in our case, it wasn’t. Combined with the sender’s name appearing as “Donna Hughes’s First Site” and odd spacing in the email’s text, it’s easy to tell something isn’t quite right, but only if you slow down and look at the fine details first.
What’s interesting/scary about this phishing attempt is that the bad actor is trying to steal multiple pieces of information in one attack. Once you click through the email to update your payment method, you’re asked to sign in to your Amazon account. Although this site might look like Amazon’s website, it’s not. You will find the completely incorrect URL at the top of the screen.
As you can see from the screenshots, we entered a false email address and password. Whoever created the scam is using this step to steal your Amazon credentials.
We were then taken to a realistic Settings page that claimed we couldn’t access our Amazon account until we updated our billing information. If we actually entered our information, the perpetrator would have our mailing address, phone number, and credit/debit card number.
The cherry on top of this entire scheme is the attempt to steal your login information for your email account. The fake website claims it wants to link your email to your Amazon account, but instead, you’d be giving whoever sent the message the keys to your private emails and possibly also your Google account.
To reiterate, you should never click on a link that you’re suspicious of or think might be spam. And if you do, don’t enter any personal or credit card information. Instead, close any tabs or windows that were opened, mark the message as spam, and permanently delete the email.
Be safe, and don’t click on any links that appear even remotely insecure.