Phishing scams are on the rise again. This time, cybercriminals are turning to user subscriptions to online retail services. The new phishing scheme involves sending out email alerts impersonating Amazon and other trusted delivery vendors to infect computers with phishing malware or to get victims to provide their personal and financial information. If you receive an email that looks like it’s from Amazon or any other trusted delivery vendors but contains a link or request for information, chances are these are malware-infected emails. Find out how you can spot Amazon scam emails and learn how to protect yourself long-term.
What Is Amazon?
Amazon is a multinational technology and e-commerce company based in Seattle, Washington. The Amazon brand has come a long way from its humble beginnings. It is now one of the most recognizable brands on the internet. Currently, the company caters to more than 150 million subscribers from around the globe.
The success of its online retail platform encouraged Amazon to branch out and compete in other sectors. By 2007, they had released a series of e-book readers called Amazon Kindle, one of the best e-readers in the market. The Amazon Kindle brand brought relatively low-cost tablets to the fore. This helped to refresh people’s perception of the book market. By 2011, the company introduced its publishing arm called Amazon Publishing.
Find the best horror movies on Amazon Prime Video now!
Emails Impersonating Retail Giants
A new phishing scheme is on the rise, and this time your Amazon account is the target. Researchers from Bolster Research analyzed millions of web pages to identify the volume of fraudulent sites using the Amazon brand to trick people. The researchers discovered a rapid increase in the number of scamming incidents associated with the Amazon brand. The spikes were noted a few weeks before Prime Day. Prime Day is a two-day mega sale event that Amazon subscribers look forward to each year.
A number of vigilant sellers have also reported the emails to Amazon. But the rest of the recipients of the email didn’t seem to react at all. And of course, there are a select few who may have unwittingly compromised themselves by clicking on the links or following instructions on the email.
The emails look almost perfectly similar to the real thing. They use the exact same logos, colors, and fonts, to make the recipients trust the website or email right off the bat. Fake emails are hard to distinguish from legitimate emails since they look almost exactly the same. But the most frequent distinguishing factor is related to the presence of links. The fake emails ask users to click on a link that opens up on a separate page. That page normally would ask for login information or other information.
The typical email may start off with a fake backstory. That may go along the lines of a security issue or a statement explaining why your account has been locked. In other cases, it’s about a delivery issue regarding items you didn’t buy. The backstories make people panic to get them to act without confirming the truth of the issue.
How Do Phishing Scams Work?
What Is Phishing?
Phishing is a criminal act involving tricking people into giving out their personal information using elaborate traps. As with real fishing, a malicious actor will use virtual bait in email or personal messages on social media programs.
Phishing has been the bane of antivirus companies and businesses for a long time now. There are a wide variety of phishing tactics available to get victims to fall for the bait. But the most common delivery method for a phishing attempt, as we’ve mentioned, is email. When the victims open the fake email, they are faced with a false scenario requesting them to click on a link to fill in some personal information. Most links contain phishing malware that is set to download when you click on the link automatically.
What Is Phishing Malware?
Phishing malware is specifically designed to look for and steal sensitive personal information. That includes everything from login credentials, passwords, credit card numbers, and more. Phishing schemes use social engineering elements to lure their victims in. This makes it one of the most dangerous malware out there. Phishing malware also features big data theft heavily. Scammers use it to bypass security systems to take control of company servers.
What Happens When You’re Phished?
The after-effects of an attack against individuals and companies are potentially ruinous. It often leads to identity theft and financial loss. Most scammers have a financial motivation and have the full intention to use stolen information to commit identity fraud for financial gain. Alternatively, they can introduce multiple forms of malware to take over your files or your computer. A new trend is also emerging regarding the anonymous sale of stolen data on the dark web.
How to Spot Phishing Scams?
Falling prey to phishing scams is a terrible experience, but you don’t have to experience it to learn from it. The hard fact with these scams is that they will probably continue for as long as people out there fall for their schemes. But then again, nobody can really afford to get off emails completely. So the next best thing would be to learn how to distinguish phishing emails from legitimate emails. Here are a few things to help you make the distinction:
Legitimate companies don’t ask you to give sensitive info or click a link
Legitimate organizations, especially banks, avoid sending emails asking for passwords, personal information, or credit scores. Most companies also don’t send emails with embedded links that you need to click on. Amazon specifically will not ask for your bank account information, credit card number, PIN, or credit card security codes.
Chances are if you receive an email from an institution asking you to provide sensitive personal information, it’s a scam. If you’re not sure about the nature of an email, just don’t click on any links or web page addresses.
Legitimate companies address you by your name.
Scammers often target their victims at random, so most fake emails feature generic salutations along the lines of “Dear Account Holder.” If an organization needed information from you, they would call you by name and ask you to call them back.
Amazon, for example, would address you using your full name. They will also typically include other information to identify you, such as your birth city or your favorite pet’s name. Most legitimate organizations already have your personal information, which they got when you signed up. Some scam emails don’t use any salutations at all, which should be a major red flag as to their nature.
Legitimate companies send out emails with unique domain names.
Domain emails are unique email addresses legitimate companies use to communicate with their clients. You’ll notice that emails from legitimate sources indicate the company (i.e., email@example.com), which scammers cannot duplicate in full. Domain names are copyrighted and difficult to copy, which is why the best most scammers can do is to come up with a generic domain name that doesn’t match with the company’s original domain name (e.g., firstname.lastname@example.org; email@example.com).
Legitimate organizations don’t send unsolicited emails with attachments
Unsolicited emails that contain attachments, especially those attachments that end with .zip or .exe, are most definitely dangerous. Most legitimate companies would rather direct you to a download link that leads to a legitimate file source from their own website. Nevertheless, this method isn’t foolproof. Some companies that already have your information can and sometimes do send emails with real documents attached. In that case, be on the lookout for high-risk attachments in .exe, .scr, and .zip format.
Legitimate company links match with the URL.
Just because a link tells you that it will send you to a place doesn’t mean it will really lead you there. Hackers often create fake web pages that download malware the moment you enter them. In that case, cross-check the link in the text of the email and the actual URL. If the two don’t match or a hyperlink’s URL seems completely unrelated to the email topic, don’t trust the email.
Also, check whether the website begins with https://. HTTPS is the attestation standard for website security, and it ensures that the data being transferred is well encrypted. When in doubt, go directly to the Amazon or Seller Central website.
How Can You Prevent Amazon Scam Emails?
The sky’s the limit for cybercriminals, and one way or another, they can get a hold of your email. You can’t necessarily prevent them from sending Amazon scam emails, or any phishing email for that matter. However, there are ways you can be vigilant and make their efforts go to waste.
Don’t click on suspicious links.
If there’s one thing to take away from the dialogue about phishing scams, it is that unsolicited links are the ultimate bane in cybersecurity. Users must be vigilant against unsolicited emails and treat links with suspicion. If you receive an email purportedly from Amazon that asks you to click on a link or web page, it’s probably a scam.
Know how to check your delivery status on Amazon.
Some Amazon scam emails usually approach you with a fake issue on your Amazon delivery. If you’re unaware, you might easily fall into this trap. That’s why it’s good to know how you can properly check your delivery status on Amazon
You can check your deliveries through the “Your Orders” tab of the main website of Amazon. But of course, you need to be logged in to your Amazon account beforehand. Orders that include several items from different online stores within Amazon are bound to have different delivery dates and are listed separately on the tracking page. Simply select the order that you want to track and click the Track Package link next to your order.
You should see the delivery status of your package on the same page. Note that international shipments that are handled by third-party delivery services cannot be tracked on the website. Meanwhile, customers who experience problems with deliveries, or find erroneous delivery status on their pages should visit: About Missing Packages That Show as Delivered or About Missing Tracking Information.
Check your online accounts regularly.
Most cybercriminals are fueled by financial gain and would get into your bank account the first chance they get. Checking your accounts on a regular basis is a good habit to have, as this will allow you to catch potential discrepancies in your funds. It’s also a good idea to change your passwords regularly. This is just in case an outsider gets hold of your password. Also, remember to use unique passwords for each of your accounts. Never reuse passwords, especially those that you use for your financial accounts.
Use antivirus software.
One cannot overemphasize the importance of reliable antivirus software. Antivirus software scans every file that comes through over the internet, and that includes your emails. Suppose you ever click on a malicious link by accident. In that case, the software can detect the malware and stop the download from completing. Antivirus software equipped with anti-spyware and firewall is also crucial for preventing phishing attacks. To find the best antivirus for your security needs and budget, check out this list of the best antivirus software.
Never give out personal information.
The internet may be a fun place to be, but it’s not the safest place to share personal information. Some people will dismiss this as a common-sense thing, but you’d be surprised at the numbers of people who have become victims of identity theft. Most of these attacks probably stemmed from oversharing on social media and other platforms. Remember that your personal information, much less your financial information, has no business on Facebook, Twitter, or any other social media website.
Report phishing emails.
Amazon is committed to fighting cybercriminals who impersonate their brand and have previously taken serious legal action against these actors. However, Amazon needs help from both consumers and sellers in reporting these incidents to trigger an investigation.
Individual users can send Amazon the original scam email with the complete header information (i.e., sender, sender IP, date, recipient, OUID). The header details are important as they give Amazon a place to start their investigation. Hopefully, the authorities will be able to catch the culprit, which would mean one less sinister actor to stalk the internet.
Research new scams and phishing methods.
Cybercriminals are highly creative in designing phishing attacks. The methods they use always change depending on their objectives. Keep yourself abreast with the latest trends in cyber-crime so you’ll know how to spot it when you see it. Also, check out this list of helpful tips to prevent identity theft online.
Final Thoughts on Amazon Scam Emails
Cybercriminals are aware that many of us are heavily dependent on emails for most of our communication. Since it would be highly impractical to do away with emails altogether, the next best thing would be to educate ourselves about phishing scams. Then comes taking proactive steps by using the appropriate tools and techniques. Sharing our email addresses is inevitable, and less than trustworthy individuals are bound to come across your email address in one way or another.
Cybercriminals will never stop coming up with new malware and phishing traps. It’s a good thing then that cybersecurity companies keep pace by advancing new methods to track malware. An example would be the STAMINA method using deep learning to track malware. We might not be able to fight fire with fire, but we can extinguish it with knowledge and vigilance.