Friday, January 06, 2006

[TIPS] - Amazon phishing scam

Thanks to Barry for sharing this. He received the following message in his email. The address appeared to be Amazon.com where he'd made purchases in the past. I'll let you read it, then I'll tell you how to avoid becomming a victim. I've modified the URL so it shouldn't work. Don't try it.
- - -

Greetings from Amazon Payments.

Your bank has contacted us regarding some attempts of charges from your credit card via the Amazon system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your Amazon account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your Amazon registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of Amazon policy to represent oneself as another Amazon user. Such action may also be in violation of local, national, and/or international law. Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.

To confirm your identity with us click here:
https://www.amazon.com/exec/obidois/flex-sign-in/ref=pd_irl_gw_r/103-31707084-75067864?opt=oa&page=recs/sign-in-secure.html

After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.
Thank you for your interest in selling at Amazon.com.

Amazon.com Customer Service
http://www.amazon.com
- - - -
It APPEARS as though the URL is indeed amazon.com. It SOUNDS official. And, if correct, it COULD mean a real hassle with your bank. Right?
 
WRONG! What are the signs that this is a fraud? Read this: http://tinyurl.com/eyv4h (Note the link at the bottom of the page for how you can report such emails so that they can investigate them.)
 
In fact, your banks don't contact you this way, nor does ebay. If anyone DOES then they will NOT send you a link. Why, it's VERY easy to create a link that LOOKS like it's going one place but actually goes somewhere else. So, knowing that, the companies will make YOU type in the address. There are other reasons why this is bogus, but it's important that you know about these phishing schemes.
 
Oh, DO NOT CLICK THE LINKS in those emails, either. You'll be taken to a page where some code could be executed that extracts things from your computer before you have even read the page. Either delete the email or send it along to Amazon so they can try to find the culprit.
 
Let's be safe out there.  :-)

No comments: