Date: 21 Aug 2007 11:50:27 -0000Looks like they read Amazon's security warning page and tried to cover their tracks as much as possible, including having the redirect begin with http://www.amazon.com.
From: "Amazon Payments"
To: [my e-mail address]
Subject: Billing Issue regarding your Amazon.com account
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;
Hello [my e-mail address],
Greetings from Amazon Payments.
Your bank has contacted us regarding some attempts of charges from your credit card via the Amazon system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your Amazon account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your Amazon registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of Amazon policy to represent oneself as another Amazon user. Such action may also be in violation of local, national, and/or international law. Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.
To confirm your identity with us click here:
[Actual host: http://www.amazon.com.204147.003p98j1.com/(etc)]
After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.
Thank you for your interest in selling at Amazon.com.
Amazon.com Customer Service
This message and any files or documents attached may contain classified information. It is intended only for the individual or entity named and others authorized to receive it. If you are not the intended recipient or authorized to receive it, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately then delete it from your system. Please also note that transmission cannot be guaranteed to be secure or error-free.
They state that "your account is not suspended" yet because that's too easy to check, but it will be within 48 hours. Also they advise the recipient to not contact Amazon for 72 hours after clicking on the phishing link because it will only "result in delays". Sinister.
A digg user referred to this kind of attack (i.e targeted at a specific user group) as "Spear Phishing". Good term.
Most people with internet businesses should know to never click on an unfamiliar link, even--actually ESPECIALLY--if the source appears legit. You should always search the information independently on the supposed originating site (in this case I just looked on my Amazon seller homepage and saw that there was no such credit issue).