Popular with people around the globe, it is no surprise that Amazon gift cards have become standard rewards for corporations and organizations alike. Scammers have caught on and have started designing phishing emails that suggest the user has won a gift card as a way to lure users into clicking on malicious. Below is one of these phishing emails that has been broken down so users will be able to spot the real rewards from the dangerous ones.
The sender address for this email could easy fool users into believing it is a legitimate offer from “Christine” at “teamofsales.com.” However, user’s suspicions should still be raised if they have never interacted with that domain before.
Following with the comment above, the fact that the subject line starts with “Confirmed,” users should be apprehensive to believe the email if they have never interacted with the company before.
There is no personalization in this email, which is common among phishing emails as the scammer won’t have access to the user’s name or other personal information.
A big giveaway that this email is not legitimate is the fact that there is no branding in the email of the team of sales, if a company was going to give away a reward they would want the user to know who it is coming from. The Amazon branding is also off, which should across as suspicious.
The content of this email is very strange as it contains little information and does not align with the subject line. There is also a weird use of hyphens (“some-questions” & “reward-worth”), there is no reason to have the amount “50.00” in parentheses, and the “- Have a great day –“ at the bottom of the email is animated (scrolls across the screen) which is distracting and unprofessional looking,
Both links in the body of the email (the call to action button and the image of the Amazon gift card) link to the same team of sales URL. This URL (pictured above) is not very official looking in terms of path, which is usually an indicator that the link will lead to malicious material.
While the disclaimer is something a genuine email would have, the signature at the bottom of the email is quite bizarre. It is written in broken English, uses strange language, and has a random name and address tacked onto the end, all of which is very common in phishing emails. Also, the two unsubscribe links in the signature lead to very sketchy looking URLS (neither of which include the word unsubscribe in them).
Contact us today to teach your users how to detect and defend against phishing.