The Hang Fire Books Blog

The rantings of a bookdealer in Brooklyn, New York.

Tuesday, August 21, 2007

Convincing Amazon Phishing E-mail

Received a fairly convincing--and shockingly grammatically correct--phishing e-mail targeted at my Amazon account this morning:
Date: 21 Aug 2007 11:50:27 -0000
From: "Amazon Payments"
To: [my e-mail address]
Reply-To: noreply@amazon.com
Subject: Billing Issue regarding your Amazon.com account
X-ELNK-Received-Info: spv=0;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;

Hello [my e-mail address],

Greetings from Amazon Payments.

Your bank has contacted us regarding some attempts of charges from your credit card via the Amazon system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your Amazon account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your Amazon registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of Amazon policy to represent oneself as another Amazon user. Such action may also be in violation of local, national, and/or international law. Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.

To confirm your identity with us click here:
https://www.amazon.com/exec/obidos/flex-sign-in/[...]
[Actual host: http://www.amazon.com.204147.003p98j1.com/(etc)]

After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.

Thank you for your interest in selling at Amazon.com.

Amazon.com Customer Service
http://www.amazon.com

This message and any files or documents attached may contain classified information. It is intended only for the individual or entity named and others authorized to receive it. If you are not the intended recipient or authorized to receive it, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately then delete it from your system. Please also note that transmission cannot be guaranteed to be secure or error-free.
Looks like they read Amazon's security warning page and tried to cover their tracks as much as possible, including having the redirect begin with http://www.amazon.com.

They state that "your account is not suspended" yet because that's too easy to check, but it will be within 48 hours. Also they advise the recipient to not contact Amazon for 72 hours after clicking on the phishing link because it will only "result in delays". Sinister.

A digg user referred to this kind of attack (i.e targeted at a specific user group) as "Spear Phishing". Good term.

Most people with internet businesses should know to never click on an unfamiliar link, even--actually ESPECIALLY--if the source appears legit. You should always search the information independently on the supposed originating site (in this case I just looked on my Amazon seller homepage and saw that there was no such credit issue).

3 comments:

Anonymous said...

I got the same email, and I've learned from others' past mistakes... so I googled the subject line "Billing Issue regarding your Amazon.com account" and your blog was the first site that came up! Thanks for the heads up.

Anonymous said...

Yep, I got it too. Your blog is the first when I "googled" and confirmed my suspicion. I also forwarded the e-mail to Amazon.com. We've got to be smarter than these idiots phishing for our private information.
Thanks.

Anonymous said...

Rule of thumb: all legit e-mails will NEVER link you to any "important" webpages or require any reply.