Amazon is the world’s largest retailer, which is why so many companies choose to offer Amazon gift cards as prizes and rewards for their various contests and surveys. Scammers have taken note of this trend and have begun to offer Amazon rewards themselves, or at least that’s what they want user’s to think when they receive their phishing emails like the one below. Make sure you know how to identify the fakes from the authentic offers to ensure your information stays private.
If you simply compare the sender name and the email address, it appears that this email may be legitimate as they match, and the sender is not trying to impersonate anyone, however, after a bit of research into the domain, issues start to appear.
The email is coming from an “everbestsale.com” domain, so unless the receiver is aware of the domain they should immediately assume the email is phishing. If the receiver is unsure if they have interacted with the brand before, they can do a search engine search for the domain to see if it is legitimate.
The best way to search for the domain is to add quote marks to the domain name, so that the official site or comments referencing the same URL will appear. (Users should NEVER try and simply go to the domain, in case it contains malware or other dangers)
When “Everbestsale.com” is searched on Google, the only links that appear to be spam and not official, this should be a big red flag that the domain may not be legitimate.
The subject line of this email may appear okay if given just a quick look, but when it is inspected more closely, the mistakes start to become obvious.
The first error the scammer made in the subject, is the reference code that is displayed. This code contains only numbers while most Amazon codes contain a mix of numbers and letters.
The subject line also fails to capitalize the company name, which would not happen in an authentic email and weirdly phrases the final sentence. Instead of using the typical phrasing of before they expire, the subject instead uses “before they end” which is strange language.
There is no personalization of this email, nowhere in the email is the user addressed by name or even by account number. If the user was really receiving a voucher from a company they know, they would be addressed somewhere in the email.
There is no branding on this email at all which is a big indicator that this email is not legitimate and may be phishing. Not only is there no logo for either the Ever Best Sale company or Amazon, the email is very plain, with a very basic template look and color scheme.
As mentioned above, this email is very plain and does not contain much information in it, most legitimate reward emails will explain why the user is getting the reward. There are also grammar mistakes like the Amazon name, which is capitalized in the header and not capitalized in the following sentence.
The fact that the email specifies that the user will need to “participate in a few-questions Thursday” is strange wordage, makes it unlikely that the email is coming from a reputable source.
Overall the email is strange and doesn’t flow the way an official email should do. The top of the email suggests that the user must activate their rewards by answering questions in the allotted time, however, the call to action link at the bottom advises that the user can print their voucher. This is also strange as there should be no need for the user to print a code that they need to enter online.
The link in this email claims to allow the user to print their voucher, however when it is hovered over the actual URL displayed does not appear to be legitimate. It appears to go to the everbestsale.com domain, then has a line of jumbled letters and numbers, and ends strangely with “posers-discontent.”
This email contains no signature at all, which is extremely unusual for emails from legitimate corporations (especially since most countries require them)
Contact us today to teach your users how to detect and defend against phishing.