One of the more impressive phishing emails, it may be hard to identify that this email is fraudulent, however, there are a few indicators that this email away if one investigates close enough.
The sender address is a dead giveaway that this email may not be as authentic as it claims. While the user may assume they know the sender due to the personal nature of the sender name, the fact that it is from the “premierproteinshake.com” domain indicates that although it appears as Amazon it isn’t. Even if the user knew Laure Everett it is important to remember that email addresses get hacked all the time and the email could still be a phishing email.
The subject line in this email comes across as very authentic, the company name is capitalized and the language used aligns with the traditional Amazon marketing. Even the subject of daily deals is something that Amazon has been pushing both through their site and through emails lately, giving more credibility to the email.
The only issue with the subject line is the fact that it is not in title case and is instead in sentence case. This is unlikely to happen with emails from corporations because they aim to grab the user’s attention and carefully craft email titles.
While this email doesn’t mention the user’s name directly, they do use their email address as a way of personalization. While a bit suspicious, this is a common tactic in company sent emails, and should be taken into consideration but not used as a factor when determining if an email is fraudulent/phishing.
The branding of this email is very authentic looking. It includes company logos, company colors, and even has the very identifiable Amazon buttons they use on their website. The layout of the email is also very similar to the one that the company uses, which is why it could be easily confused with the real thing.
The content of this email is one of the biggest giveaways that something may not be right with it. While both the top and bottom parts of this email appear legitimate, when looked over together an issue appears.
While it may always be nice to receive a $50.00 Amazon gift card, especially when the claim code (which is what Amazon calls it) appears to be legitimate, it is very strange that it is included in this email but not in the subject. Most of the time when a user receives a gift card it will be mentioned in the subject line so a user will know what’s in the email and not delete it, this is not the case with this email.
The second part of the email aligns more with the subject line but doesn’t quite match up with the pervious section. It implies that there are daily deals the user must take advantage of as soon as possible since time is limited (a classic tactic of scammers to get users to click without thinking). This text does not match with the idea that the user received a $50.00 gift card since the company wouldn’t be implying so much urgency on the user.
When hovered over, both the “Redeem now” buttons lead directly to the Premier Protein Shake’s domain, which contradicts what the content and button text are saying.
This should be a big red flag that the email is not all it appears to be.
Signature of this email is another red flag this email may be a phishing email. The fact that the email offers a way to stop emails like this is strange considering it is a gift card and the user didn’t sign up directly to receive it.
The language of the signature is also very informal in tonnage, telling the user if they don’t like the emails they can “stop-them” rather than having the traditional Unsubscribe button. The link when hover over also shows it leads to okk.premierproteinshake.com which is clearly not an unsubscribe link for Amazon.
Finally, the final line of the signature is a whirlwind of unprofessional statements and errors that would not appear in an official email from Amazon. Amazon would never suggest that a user should send an email addresses (“Adr”) to a company called “Pearson Media Coverage”. The address the email gives is formatted weirdly (the zip code has spaces between it) and when google searched does not appear to be the media agency it claims (which is also a giveaway as Amazon would use their Seattle headquarter address and not a media company’s).
Contact us today to teach your users how to detect and defend against phishing.