If you get this, IGNORE IT.
Sent: Wednesday, May 2, 2012 7:32 AM
Subject: Amazon.com - Your Cancellation (10-1338-8877)
Dear Customer,
Your order has been successfully canceled. For your reference, here's a summary of your order:
You just canceled orderXXXXXXXXXXXXXXXXXXXXXXXX
Status: CANCELED
_____________________________________________________________________
1 "Caucasus"; 2004, Second Edition
By: Adrian Roberts
Sold by: Amazon.com LLC
_____________________________________________________________________
Thank you for visiting Amazon.com!
---------------------------------------------------------------------
Amazon.com
Earth's Biggest Selection
http://creedlanelaw.com/fickleness.html
Fake “Amazon.com – Your Cancellation” e-mail
Subject: Amazon.com – Your Cancellation (822-319531-9278972) MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
March 7th, 2010 at 3:01 pm
Fake “Amazon.com – Your Cancellation” e-mail
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
I received an item of e-mail reporting to be an Amazon order cancellation. It looked fairly authentic: to the untrained eye with some curiosity, you may be fooled into clicking on the ORDER DETAILS link. If you are in the UK, one of the key clues is the fact that this e-mail is reporting itself as originating from amazon.com – in the UK we would expect such e-mail to come from amazon.co.uk. The same could be said for other non-.com editions of the Amazon site.Closer inspection reveals that the ORDER DETAILS link doesn’t goto an Amazon web-page, but to a completely different site…in this case you’ll be taken to a site that offers you tablets for helping make something bigger! However, there’s nothing to tell you how dangerous the destination site is…a single click can cause a lot of damage.
I use MailWasher Pro as my client-side anti-spam filtering tool, it’s kind enough to expand links in e-mails such that the true destination is revealed, as the screenshot below demonstrates:
The learning experience behind this blog post is that you should never trust links on face value. Always hover the mouse over the link and see where it ultimately leads to: if it’s not going where you expect it to be going, resist the temptation to “just click on it”! If hovering the mouse over the link doesn’t help you, see if you can find the message source (In Outlook right clicking on an e-mail, choosing Message Options lets you look at the “Internet Headers” and the raw message).
AMAZON.COM - YOUR CANCELLATION (191-712-61784 begin_of_the_skype_highlighting 191-712-61784 end_of_the_skype_highlighting) Amazon.com Phishing Scam, Email Scam Spoof Fraud at ... with only slightly different content, such as a different subject ...
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 5 replies from November 2010 to April 2011
First of all, I didn't order anything from Amazon. Second, the email said I "just" cancelled the order on at 3:02 AM 11/13/2010, however I received it at 6:02 pm CST on 11/12/2010. (Nine time zones ahead of CST would mean that this email was probably sent right from the middle of ... Scamland.)
What you don't see in this copy is that when you hover your cursor over Order #743-1556239-4894434 details, the actual website is revealed: http://rxchangedirect.net, which is purported to be an "attack" website.
Didn't have to look very far in Google to find that this just is a variation of a phishing scam that has been around for a few years: https://www.viclovan.com/downloads-and- ... %9D-e-mail and http://www.millersmiles.co.uk/report/21019.
According to http://blog.onlymyemail.com/amazon-com- ... aud-email/, "Of course the sender From address is spoofed, this is not a legitimate Amazon communication, and the Reference number is randomly generated in order to evade spam filters that might look for identical subject line contents."
" ... the words “Order Details” are hyperlinked to any number of various attack sites used to download malicious code and/or to capture personal information, passwords and other financial details."
by JamesVincent » Sat Nov 13, 2010 4:51 am
What you don't see in this copy is that when you hover your cursor over Order #743-1556239-4894434 details, the actual website is revealed: http://rxchangedirect.net, which is purported to be an "attack" website.
Didn't have to look very far in Google to find that this just is a variation of a phishing scam that has been around for a few years: https://www.viclovan.com/downloads-and- ... %9D-e-mail and http://www.millersmiles.co.uk/report/21019.
According to http://blog.onlymyemail.com/amazon-com- ... aud-email/, "Of course the sender From address is spoofed, this is not a legitimate Amazon communication, and the Reference number is randomly generated in order to evade spam filters that might look for identical subject line contents."
" ... the words “Order Details” are hyperlinked to any number of various attack sites used to download malicious code and/or to capture personal information, passwords and other financial details."
- Mythbuster
- Swabby
- Posts: 23
- Joined: Sun Oct 10, 2010 1:33 am
Re: Fake "Amazon.com - Your Cancellation" email
by JamesVincent » Sat Nov 13, 2010 4:51 am
I got a few of these from Tower Federal Credit Union, which I am not a member of. Same basic page design, same kind of address and same kind of embedded link to something else.
Amazon.com - Your Cancellation (1091-14128-29204) amazon.com> Phishing Scam, Email ... date with only slightly different content, such as a different subject …
Subject: Amazon.com - Your Cancellation (0046-68878-96071) Date: March 7, 2010 10:17:22 PM MST. Dear Customer, Your order has been successfully canceled.
How many of these emails have you been getting each day from sender "order-update@amazon.com" with the subject line "Amazon.com - Your Cancellation …
Subject: Amazon.com – Your Cancellation (0713-48571-25595) MIME-
