Let Your Personnel And Family Know About This Phishing Scheme That Spoofs Amazon

When was the last time you warned your family members, friends and/or personnel about the new phishing schemes that are being launched?
There are many phishing scams going on right now, and they are widely reported and talked about. I want to talk about a new one spoofing Amazon, a popularly spoofed company in phishing messages, because I’ve already had a couple of other folks I know who are not in the info sec biz asking me about it today. I also got it in my email box today, so it will make a good example to discuss…

I got the following message today, as probably hundreds of thousands of others did as well:

—– Original Message —–
From: Amazon.com
To: undisclosed-recipients:
Sent: Thursday, May 29, 2008 8:28 AM
Subject: [Anti-Spam] Amazon Marketplace Items Canceled
Dear member,
Per your request,your listings for the following items in the Amazon Marketplace have been canceled. You were assessed no fees.
Your items no longer appear in the Amazon catalog, and cannot be purchased. You can review the details of your cancelled listings, including the price, condition, and seller comments for each individual listing.
Thanks for listing your items with Amazon Marketplace. We wish you the best of luck with your future sales.
Amazon Marketplace — SPAN class=ysh or id=lw_1202315332_0 style=”BACK

This is going to trick many people since many people are Amazon customers.
The people I spoke with this about said basically, “I’m concerned because I’ve ordered a lot of stuff from Amazon,” or “I don’t want them to cancel my products I have listed wtih them!”
Take a look at the message.
If you copy and paste the amazon.co.uk domain URL into your browser and go there, you will see the following words (along with a few others, and much more nicely formatted):

Looking for something?
We’re sorry. The Web address you entered is not a functioning page on our site.
Go to Amazon.co.uk’s Home Page

This is your signal that the message you are reading is bogus!
However, if you just click the link provided within the email, it will resolve to a malicious site; the URL starting with: sellers-amazon-singin.by.ru
The site that pops up will look like the real Amazon site, and, among other things, it will ask you for your email address and Amazon password.
Many people will be tempted to provide this information. Don’t do it! The crooks will then have the information they need to get into the valid Amazon accounts and do any number of assorted bad things, such as spending your money.
Also, don’t just click the URLs that you get within emails. I hesitate to tell you this, because I don’t want you to accidentally click the link, but I also think it is a good thing to know…hover (DO NOT click, just HOVER!) your pointer over the URL in the email and look down at the bottom of the screen. As a general rule of thumb, if the URL you see there does NOT match the URL shown in your email message, it is likely the message is from a crook.
Another tip-off that the message is bogus is if you see misspelled words within the message. Think about it; a legitimate company is not going to have misspelled words in their communications with customers.
In this particular message there are no misspelled words; however, look and you will see that the message contains both “canceled” and “cancelled.” Both of these are acceptable spellings, but a legitimate company would not provide inconsistent spellings for the same word within the same message…at least not if their proofreaders were on the ball. There is also a space missing in the first sentence, “Per your request,your listings…” where there is no space after the comma.
Don’t fall for the bait and get phished! If you do, the crooks may get your personally identifiable informtion (PII) and do bad things to your bank or credit card accounts, or any of many other malicious activities.

Tags: , , , , , , , , , , ,

Leave a Reply