I’ve just received quite an ingenious phishing email… well it’s slightly more intelligently conceived and implemented than the usual type
Yesterday I made an order on Amazon and today I get an email, pertaining to be from Amazon, telling me that my order has been cancelled!
Firstly, even though I’m sure that me receiving an Amazon order cancellation the day after making an order with them is purely coincidence, for me, as for many other people, Amazon account for the majority of everything I personally spend online so the chances of me having made a recent purchase are pretty high. Anyway, even if I hadn’t, my first reaction would have been ‘has my account been hacked?’ so I would have wanted to find out.
Secondly, it’s perfectly within the realms of possibilities that an order may have been cancelled –cards get stopped, vendors run out of stock… there are numerous reasons for this so you’d have no reason to, on first glance, assume that the email was legitimate.
Thirdly, the spelling and grammar was correct. On the one hand it amazes me have many grammatical mistakes there are in the average phishing email. I’m sure some of these are to avoid detection by spam filters but many other are simple mistakes that even pasting the text into Google or Word would fix. On the other hand, anyone stupid or foolhardy enough to think that to conduct a phishing campaign is a good idea can’t be the sharpest of twigs!
There are some massive tell-tale signs, though, that this email is not from who it says it’s from!
The one that first alerted me was that Amazon don’t send account and order notifications in that format using that font. If you’re on their mailing list, you’ll no doubt get your ‘deals of the week’ in rich text but everything else pertaining to your account is in a pretty standard format – order confirmations, despatch notes, etc. – will be standard format. I wouldn’t be surprised if the person who sent this email had never ordered anything from Amazon!
The other this I always do is check the domain within the links. This one wasn’t Amazon so I wasn’t clicking it
You can also use your common sense and examine the email a bit more closely. I have 8 email account sI use through Outlook and many of these are catch-all addresses. I only, however, have one email address registered with Amazon. If I get an email pertaining to be from Amazon to an email address I haven’t got registered with them, I know it’s probably not legitimate.
The advice is as always; if you get an email asking you to click on a link to go to a site; don’t do it. If you’re not sure, open your browser and go directly to the website. Log in there and then check your messages or account status directly.