Wednesday, January 31, 2007

Beware of Phishing Scams

I got another phishing scam e-mail today and thought I'd share it with you on the off-chance you aren't already familiar with this crime. This is one example, but there are numerous varieties. I disconnected the actual links for obvious safety reasons. Following the text is a list of some things to look for in identifying scams.

Subject: Amazon request: Please follow the Member Verification Procedure!

Place or Update Credit Card on File

Dear Amazon Customer ,

This is your final warning about the safety of your Amazon account. If you do not update your billing informations your access on Amazon features will be restricted and the user deleted. This might be due to either following reasons:

- A recent change in your personal information (i.e. change of address)
- Submiting invalid information during the initial sign up process.
- An inability to accurately verify your selected option of payment due an internal error within
our processors.

Please update your Amazon profile in order to restore your online access:

If your account information is not updated, your ability to use your Amazon account will become restricted.

Thank you,
Amazon Billing Department

Amazon treats your perxsonal information with the utmost care, and our Privacy Policy is designed to protect you and your information. Amazon will never ask their users for personal information, such as bank account numbers, credit card numbers, pin numbers, passwords, or Social Security numbers in an email. For more information on how to protect your Amazon password and your account, please visit User Account Protection.
This Amazon notice was sent to you based on your Amazon account preferences and in accordance with our click here. If you would like to receive this email in text format, click here.

Copyright © 2007 Amazon Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
Amazon and the Amazon logo are trademarks of Amazon Inc.


Some signs this particular e-mail had of being a scam:

1. The e-mail was sent to multiple addresses (which all showed up on the address line)

2. The links that appear to be legitimate on the surface, if you mouse over them (in the original e-mail - I didn't want to risk including them here), indicate that they lead to some other url entirely than what they claim.

3. Typographical errors, such as: "An inability to accurately verify your selected option of payment due an internal error within our processors."

4. Of course it's also ridiculous that an online store would require you to have an updated credit card on file just to browse their store.

5. I didn't even notice this the first time around, but there's a bizarre spelling error in the fine print - "perxsonal". There are several other spelling errors. This is one sloppy phisher-dude.

Here are some sites on recognizing and avoiding phishing scams and other means of stealing personal information:

Amazon's official Phishing Info Page

Microsoft: Recognizing Phishing Scams

Computer World, Security, Phishing

Spear-Phishing: Highly Targeted Scams

Snopes also has a whole section on Phishing Scams (with examples)

And on a related topic, be sure not to fall for the Nigerian Scam
. (This one's been around for a long time too).

1 comment:

Mary Eileen said...

One other tip-off: The phishing emails will say "Dear Amazon (or Ebay, or Paypal, or Bank, etc.) Customer". Legitimate emails will always use your name just as you entered it when you opened the account (i.e. Dear Love2Learn Mom).

Good idea to post these warnings; those phisher dudes are relentless!