Known as the store with “Earth’s Biggest Selection”, millions of users have turned to Amazon as their go-to website for everything from laundry detergent to computers. Scammers have taken this into consideration and have begun crafting a variety of emails impersonating the popular company. The email below may appear to be legitimate but with a closer look, the inconsistencies become clear.
The sender name and email address in this email do a great job mimicking real Amazon emails. It is easy to see why users could be tricked when the sender name appears as “Amazon.com” and the email address gives the impression that it is from an Amazon domain. However, when “Amazon-Delivery.com” is searched on Google the results show that it is not associated with Amazon at all but instead is known only for other phishing emails that have been sent out.
Informing the user that their order has shipped, this subject line appears to be very authentic, and could easily convince a user to open the email, whether to check the status of one of their recent orders or if they haven’t recently ordered anything, to investigate what has shipped. With these types of subject lines, the scammer tries to pray on a user’s curiosity and fear that their account may have been hacked in order to get them to open the email and click on their phishing link, so users should always confirm their account on the official Amazon.com and not through any link in the email.
One of the biggest indicators this email is fraudulent is the lack of personalization in this email. As this is supposed to be a shipping confirmation, the email should include the user’s name or their account number, rather than just a generic “Hello.”
The branding on this email is very realistic, they even use the Amazon color scheme and put the estimated shipping date in green as Amazon does. The biggest thing to note about the branding of this email is in the Amazon logo at the top of the page. When this is hovered over, the URL displayed is the official Amazon.com link. Putting real links in a phishing email is a common tactic used by scammers to try and further convince the user the email is authentic in hopes that the user will assume their phishing link is authentic as well.
The content in this email is very authentic looking, uses the Amazon logo as well as their traditional color scheme. The only strange thing about the content of this email is that it lists the price including shipping rather than breaking it down like is usually seen in shipping confirmations. The inclusion of the price (in bold), is a tactic used by scammers to insight the fear that the user’s account has been hacked and that they may be liable for the high price items that are being purchased in their account.
Unlike the link in the Amazon logo at the top of the page, the call to action button “Order details” does not lead to an Amazon domain but instead heads to “bluedot.co.za.” The misdirection of having the official Amazon link in the logo image is why users should always be sure to hover over all links in emails before clicking on any of them.
Contact us today to teach your users how to detect and defend against phishing.