The world’s biggest retailer is constantly being impersonated by phishing scams in order to trick their customers into revealing their personal information or banking information. The following phishing email is by no means the most convincing of the Amazon forgeries out there, however, it is still important to be able to identify the indicators of a phishing email.

Amazon points phishing email

Sender Address:

Amazon Points Sender Address phishing

The first thing that stands out in this email is that the sender name is set as “Amazon Customer Reward” rather than the more typical Amazon.com or Amazon Prime. Taking a closer look at the sender information, it’s clear this email is not from an Amazon domain but is instead from a domain called “azonshoppes.com.” It is likely the scammer is using this domain in hopes that a user will assume the azon is just a shortened version of Amazon.

Subject Line:

Amazon Points Sender Address

Subject lines say a lot about an email and marketers inside large companies like Amazon, carefully craft these lines to increase the amount of people opening the email. This subject line, however, does not appear to have the descriptive or creative aspects that appear in Amazon emails.

One of the biggest identifiers that this email may not be authentic is the fact that the subject line is that the company well-known rewards program is not written. Amazon Prime would always be written with correct capitalization and the program’s title is always written with a space and not with a hyphen as seen here.

Another glaring indicator is in the second half of the subject, not only are Amazon Prime points, not something companies can give away, they are earned by using an Amazon-branded credit card. Points also have no expiration date and would not be labeled with a number like the “#7414” in the subject seems to suggest.

Personalization

Amazon Points Sender Address

There is no real personalization in this email, which is always a big red flag, especially when dealing with emails relating to an account.

Branding:

As one of the world’s best-known brands, it should be a dead giveaway that this email doesn’t contain even the basics of traditional email branding such as a company logo and brand color scheme.

Content:

Amazon Points Sender Address

The content of this email should raise eyebrows for even the most unaware user. There are glaring issues with text such as the missing apostrophe in “don’t”,  the hyphen between “few” & “questions”,  and the missing capitalization of the company name Amazon.

There is also the strange call to action in which its states “Get your amazon points #5024744.” This is strange as not only does it not match the number in the subject line, the numbers make no sense in terms of the Amazon Rewards program.

Link:

Amazon Points Sender Address

The link when hovered over shows that the URL is going to the “azonshoppes.com” domain, which while it would match the sender email, it isn’t an official domain of Amazon.

Signature:

Amazon Points Sender Address

One of the biggest indicators that this email is fraudulent is the strange signature at the bottom of the page. The text is very informal (“info” is used instead of the full word information), the word submitting is spelled incorrectly (“subitting”), and the shortened version of Rhode Island is not capitalized (“Ri” instead of RI).

The use of addresses in Nevada and Rhode Island should also jump out at users as Amazon is based in Seattle and would use their headquarter address if they would put it in at all. There is also the appearance of the name “Logan Nieland” which would not make sense if this email truly came from Amazon.

 

Finally, the two links in the signature, which claim to do the same thing (remove the user from emails), when hovered over instead lead to two different URLs which strange keywords at the end of them (“trivial-whopping” and “Fe-euphoria”).

Amazon Points Sender Address

Amazon Points Sender Address

Contact us today to teach your users how to detect and defend against phishing.

Comments are closed.