As the world’s largest retailer, Amazon has users across the globe buying and selling products in their online store, in fact in 2016 Amazon made over $6.4 Billion in retail subscription services alone. The ever-growing popularity and user base of Amazon is one of the reasons scammers love to impersonate the company to send out phishing emails, they can send out mass emails with a high chance of hitting actual Amazon customers.
The below email uses the company branding and format and suggests that the user has received a $50 gift card to Amazon, enticing them to click on the link. While the email appears authentic, there are some glaring inconsistencies that reveal its true fraudulent nature.
The first give away that this email may not be legitimate is the sender address, it is from “GiftsAmazon” which is strange phrasing and spacing for a real sender name from Amazon. The email address is what reveals that this email isn’t from an Amazon domain, but instead from a Rewards USA Today domain.
USA Today is a popular news site so it is unlikely that they would be sending an email with an Amazon Gift Certificate in it.
This subject line is well crafted and uses tonnage that Amazon uses in their own emails, however, the one thing to note is that it suggests that the user must use their gift card by Friday. Amazon gift cards are good for 10 years from their date of issue, so it is very unlikely that the user’s would be expired by the end of the week.
While it may not make sense for Amazon to be saying the gift card is expiring, it does make that a phishing email would, since scammers tend to imply urgency to get users to quickly comply with their requests without thinking too much.
Personalization is something that every user should may attention to when they receive an email, since it is a great way to identify a phishing email. Companies that a user is legitimately connected to and receiving an email from would more than likely have the user’s first name and would address the email to them. This email only references the user by their email address and instead of referencing their account number (which Amazon would have) uses their email again, indicating this email may not be from the company it says it’s from.
Amazon is a well-known brand that users have become very familiar with, however, scammers are also aware of this branding and try to copy it when designing their phishing emails. This is an email that does a good job impersonating the Amazon brand, it contains the Amazon logo, follows their brand colors, and even puts product recommendations at the bottom of the email like they do in authentic Amazon emails.
The content of this email contains a variety of errors and indicators that this is a not an authentic Amazon communication. There is a missing period after “$50.00” and the second sentence states that the user will only have one week to use the gift card, which as mentioned above is not true. There is also the issue of the missing account number, the double in in “Login in Here.”, and the button isn’t the standard call to action that Amazon uses on its website and emails.
Finally, while the recommendations at the bottom of the email may align with the Amazon branding, it can also be a red flag for users who have never viewed a “Macbook Pro i7 2016 15 inch.”
This email appears to contain 8 links overall, at the top of the email, the promo code, the reference number, the login link, the call to action “claim gift card”, the two recommended products, and two in the signature of the email.
None of these links lead to an Amazon domain and instead go to the Rewards USA Today domain instead. There are a few interesting facts about the links in this email that should be seen as a red flag to any user receiving this email.
The first line of the email that appears to be a link to view the email in a browser, does not contain any link at all and instead is just written text in the same blue color as a link. All the links in the email, except for the ones in the signature, link to the same URL, which is a huge indicator that this email is a phishing email.
The signature at the bottom of this email is one of the only parts of this email that goes against Amazon’s branding. Instead of having a simple unsubscribe button, this email has two links that claim to unsubscribe the user from the company’s mailing list. These links use strange language, and neither link to a URL that has the word unsubscribe or similar words in the URL.
The signature also suggests that a user can mail their unsubscribe request to two different offices in New York and one in Nebraska (neither of which are Amazon locations), which is a strange option to unsubscribe from an online email.
Contact us today to teach your users how to detect and defend against phishing.